You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Azure Artifacts upstream sources enable developers to conveniently store packages from various sources in a single feed, including those you publish and those installed from external feeds or public registries like NuGet.org, npmjs.com. Once upstream sources are enabled, any package installed from an upstream source is automatically saved to your feed.
16
+
Azure Artifacts upstream sources allow developers to store packages from various origins in a single feed, including packages published to the feed and those installed from public registries like *NuGet.org* or *npmjs.com*. Once upstream sources are enabled, any package installed from an upstream source is automatically saved to your feed
Enabling upstream sources provides several benefits for managing your product’s dependencies within a single feed:
22
+
Enabling upstream sources offers several advantages for managing your product’s dependencies within a single feed:
23
23
24
-
-**Simplicity**: Storing all your packages in a single feed simplifies your configuration files like NuGet.config, npmrc, or settings.xml. With just one feed in your config file, you reduce the chances of errors and streamline your setup.
24
+
-**Simplicity**: Storing all your packages in a single feed simplifies your configuration files like *NuGet.config*, *npmrc*, or *settings.xml*. With just one feed in your config file, you reduce setup complexity and minimize errors.
25
25
26
-
-**Consistent Builds**: Your feed resolves package requests in a defined order, ensuring more predictable and reliable builds.
26
+
-**Consistent Builds**: Your feed resolves package requests in a defined order, helping ensure predictable and reliable builds across environments.
27
27
28
28
-**Package Integrity**: Your feed retains metadata about packages saved from upstream sources, allowing you to verify their authenticity and ensure you're using the original versions, not copies or potentially malicious versions.
29
29
30
-
-**Reliability**: Packages installed from upstream sources are automatically saved to your feed. This ensures continued access even if the upstream source becomes unavailable due to maintenance or other issues so you can continue developing and building with confidence.
30
+
-**Reliability**: Packages installed from upstream sources are automatically saved to your feed. This ensures continued access even if the upstream source becomes temporarily unavailable due to maintenance or other issues so you can continue developing and building with confidence.
31
31
32
32
## Best practices for package consumers
33
33
34
34
To take full advantage of the benefits of upstream sources as a package consumer, follow these best practices:
35
35
36
-
#### 1. Use a single feed in your config file
36
+
#### 1. Use a single feed in your configuration file
37
37
38
-
In order for your feed to provide a [deterministic restore](#search-order), make sure that your configuration file (such as nuget.config or npmrc) references only one feed with upstream sources enabled.
38
+
In order for your feed to provide a [deterministic restore](#search-order), make sure that your configuration file (such as *nuget.config* or *npmrc*) references **only one feed** with upstream sources enabled.
39
39
40
40
-**Examples**:
41
41
@@ -56,20 +56,23 @@ In order for your feed to provide a [deterministic restore](#search-order), make
56
56
57
57
#### 2. Order your upstream sources intentionally
58
58
59
-
If you’re only using public registries like NuGet.org or npmjs.com, the order of your upstream sources doesn’t matter. Requests to the feed follow the sequence outlined in the [search order](#search-order) section.
59
+
If you're using only public registries like *NuGet.org* or *npmjs.com*, the order of upstream sources doesn’t affect behavior. Requests to the feed follow the sequence outlined in the [search order](#search-order) section.
60
60
61
-
However, when you're managing multiple sources, such as a combination of feeds and public registries, each upstream source is searched in the order defined in the feed’s configuration settings. In this case, we recommend placing the public registries first in the list of upstream sources.
61
+
However, when managing multiple sources, such as a combination of feeds and public registries, each upstream source is searched in the order defined in the feed’s configuration settings. In these cases, we recommend placing the public registries first in the list of upstream sources.
62
62
63
-
In some unique scenarios, some organizations modify open-source software (OSS) packages to address security concerns, enhance functionality, or meet specific internal requirements that require rebuilding the package internally rather than obtaining it directly from a public repository.
64
-
If your organization follows this practice, place the upstream source containing these customized OSS packages before other public registries. This ensures your customized versions are used instead of public ones.
63
+
In some unique scenarios, some organizations modify open-source software (OSS) packages to address security concerns, enhance functionality, or meet specific internal requirements that require rebuilding the package internally rather than obtaining it directly from a public repository.
64
+
If your organization follows this practice, place the upstream source containing these customized OSS packages before other public registries. This ensures your customized versions are used instead of the public ones.
65
65
66
66
## Best practices for feed owners and package publishers
67
67
68
68
To ensure your feed can be easily configured as an upstream source, follow these best practices:
69
69
70
70
#### 1. Use the default view
71
71
72
-
The default view for all newly created feeds is `@Local`, which contains all the packages published to your feed as well as packages saved from upstream sources.
72
+
All newly created feeds use the `@Local` view by default. This view includes:
73
+
74
+
- Packages published directly to the feed.
75
+
- Packages saved from upstream sources.
73
76
74
77
If you want to use other views such as a view for newly released package versions, you can promote your packages to the `@Release` view and then make that view available to your target consumers. See [Feed views](views.md) for more details.
75
78
@@ -81,7 +84,7 @@ To construct a package graph, simply connect to the feed's default view and inst
81
84
82
85
For public package managers that support multiple feeds, such as NuGet and Maven, the order in which feeds are queried can sometimes be unclear or nondeterministic. For example, NuGet sends parallel queries to all the feeds in the configuration file and processes responses in a first-in, first-out (FIFO) manner, which can lead to inconsistent results.
83
86
84
-
Upstream sources eliminate this uncertainty by enforcing a structured search order, by searching the feed and its upstream sources in the following order:
87
+
Azure Artifacts upstream sources eliminate this uncertainty by enforcing a structured search order, by searching the feed and its upstream sources in the following order:
85
88
86
89
1. Packages that have been published directly to the feed.
87
90
@@ -90,15 +93,15 @@ Upstream sources eliminate this uncertainty by enforcing a structured search ord
90
93
1. Packages available from upstream sources. Each upstream source is searched in the order it's listed in the feed's configuration.
91
94
92
95
> [!NOTE]
93
-
> Azure Artifacts does not support searching for packages in upstream sources using the NuGet Package Explorer in Visual Studio.
96
+
> Azure Artifacts does not support searching for packages in upstream sources using the **NuGet Package Explorer** in Visual Studio.
94
97
95
98
## Save packages from upstream sources
96
99
97
-
When an upstream source is enabled on your feed, Azure Artifacts will automatically save a copy of any package installed by a collaborator or higher from upstream.
100
+
When an upstream source is enabled on your feed, Azure Artifacts automatically saves a copy of any package installed by a collaborator or higher from that upstream source.
98
101
99
-
For instance, you can install packages directly from the upstream source using a command like *npm install express*. Alternatively, packages might be installed as part of a dependency resolution process. In this case, installing *express* would also save its dependencies, such as *accepts*.
102
+
For example, you can install packages directly from the upstream source using a command like *npm install express*. Alternatively, packages might be installed as part of dependency resolution, so installing *express* would also save its dependencies, such as *accepts*.
100
103
101
-
Upstream sources provide an important safeguard for your consumers and infrastructure, protecting them from unexpected outages. If the upstream source experiences downtime, maintenance, or becomes temporarily unavailable, you can still retrieve the necessary packages from your feed and continue your development.
104
+
Upstream sources offer a critical safeguard for your consumers and infrastructure. If the public registry experiences downtime, maintenance, or becomes temporarily unavailable, you can still retrieve the necessary packages from your feed and continue your development.
0 commit comments