Deep dive into Azure Artifacts
Azure Artifacts manages the dependencies used in your codebase and provides easy tools to ensure the immutability and performance of those components. Released as one of the new services available for developers in Azure DevOps, the current features in Artifacts will help you and your users produce and consume artifacts. For teams that use or produces binary packages, Azure Artifacts provides a secure, highly performant store and easy feed.
Getting started with Artifacts: Package feeds
Azure Artifacts groups packages in to feeds, which are containers for packages that help you consume and publish.
We’ve optimized default settings to be most useful to feed users, such as making your feed account visible to easily share a single source of packages across your entire team. However, if you’d like to customize your settings, simply access the settings tab to refresh your preferences.
New feature: Universal Packages
Azure Artifacts is a universal store for all the artifacts you use as part of development and deployment. In addition to NuGet, npm, and Maven packages, feeds now support Universal Packages, which can store any file or set of files. You create and consume Universal Packages via the Visual Studio Team Services (VSTS) CLI. Consider using them to store deployment inputs like installers, large datasets or binary files that you need during development, or as a versioned container for your pipeline outputs. To try them out, look for the Universal Packages toggle in your preview features panel by clicking your profile image in the upper right, followed by clicking on “Preview features”. You can also learn more in the Universal Packages announcement post.
Next up, enabling Views
The views in Azure Artifacts enable you to share subsets of the NuGet and npm package-versions in your feed with consumers. A common use for views is to share package-versions that have been tested, validated, or deployed but hold back packages still under development and not ready for public consumption.
Views and upstream sources are designed to work together to make it easy to produce and consume packages at enterprise scale.
Control your dependencies with Upstream Sources
Upstream sources enable you to use a single feed to store both the packages you produce and the packages you consume from "remote feeds". This includes both public feeds, such as npmjs.com and nuget.org, and authenticated feeds, such as other Azure DevOps feeds in your organization. Once you've enabled an upstream source, any user connected to your feed can install a package from the remote feed, and your feed will save a copy.
Note: For each component served from the upstream, a copy will be always available to consume, even if the original source is down or, for TFS users, your internet connection isn’t available.
In short, enabling upstream sources to public sources makes it easy to use your favorite or most used dependencies, and can also give you additional protection against outages and corrupted or compromised packages.
Easy to use Symbols and the Symbol Server
To debug compiled executables, especially executables compiled from native code languages like C++, you need symbol files that contain debugging information. Artifacts makes Symbol support and publishing quick and simple.
The updated “Index Sources and Publish Symbols” task now publishes symbols to the Azure DevOps Symbol Server with a single checkbox. No advanced configuration or file share setup is required.
We also have made it simple to consume symbols from Visual Studio:
- With VS2017 Update 4.1 (version 15.4.1) or later, type “debugging symbols” in Quick Launch and press Enter.
- Click the “New Azure DevOps Symbol Server Location…” button (marked in red below). In the dialog that appears, select your Azure DevOps account and click “Connect”.
When you are done, it should look like this:
If you prefer debugging with the new UWP version of WinDbg, these docs will help you configure your Azure DevOps account on the WinDbg sympath.
Credential Provider authentication for NuGet in Azure Artifacts
Azure Artifacts secures all the artifacts you publish. However, historically it’s been a challenge to get through security to use your NuGet packages, especially on Mac and Linux. Today, that changes with the new Azure Artifacts Credential Provider. We’ve automated the acquisition of credentials needed to restore NuGet packages as part of your .NET development workflow, whether you’re using MSBuild, dotnet, or NuGet(.exe) on Windows, Mac, or Linux. Any time you want to use packages from an Azure Artifacts feed, the Credential Provider will automatically acquire and store a token on behalf of the NuGet client you're using. To learn more and get the new Credential Provider, see the readme on GitHub.
Supported protocols versions and compatibility
Some package management services are only compatible with specific versions of TFS. The table below provides the information needed to understand version compatibility.
Feature | Azure DevOps Services | TFS |
NuGet | Yes | TFS 2017 |
npm | Yes | TFS 2017 Update 1 and newer |
NuGet.org upstream source | Yes | TFS 2018 Update 2 and newer |
Maven | Yes | TFS 2018 |
Further info
Want to learn more? See our documented best practices, videos, and other learning materials for Azure Artifacts.
We also maintain a list of requested features through our UserVoice, and love to complete requests for our passionate users! Always feel free to message us on twitter (@had_msft or @VSTS) with questions or issues!
Source: Azure Blog Feed