Tutorial: How to use upstream sources

TFS 2018

Using upstream sources in your feed enables you to manage your application dependencies from a single feed. Using upstream sources makes it easy to consume packages from public registries while having protection against outages or compromised packages. You can also publish your own packages to the same feed and manage all your dependencies in one location.

This tutorial will walk you through how to enable upstream sources on your feed and consume packages from public registries such as NuGet.org or npmjs.com.

In this tutorial, you will:

• Create a new feed and enable upstream sources.
• Set up your configuration file.
• Run an initial package restore to populate your feed.
• Check your feed to view the saved copy of the packages you consumed from the public registry.

Create a feed and enable upstream sources

1. Select Build & Release, and then select Packages.

   

2. Select New Feed to create a new feed.

   

3. Give your feed a Name and a Description, and set up who can read and who can contribute. Make sure you check the Include external packages checkbox, and then select Create when you're done.

   

Set up the configuration file

Now that we created our feed, we need to update the config file to point to our feed. To do this we must:

1. Get the source's URL
2. Update the configuration file

npm

1. Select Build & Release > Packages, and then select Connect to Feed.

   

2. Copy the highlighted snippet to add it to your config file.

   

If you don't have a .npmrc file already, create a new one in the root of your project (in the same folder as your package.json). Open your new .npmrc file and paste the snippet you just copied in the previous step.

NuGet

1. Select Artifacts, and then select your feed.

2. Select Connect to feed, and then choose NuGet.exe.

   

3. Copy the XML snippet in the Project Setup section.

4. Create a new file named nuget.config in the root of your project.

5. Paste the XML snippet in your config file.

Pip

1. Select Artifacts, and then select your feed from the dropdown list.

2. Select Connect to feed, and then select pip under the Python section.

   

3. Create a virtual environment if you haven't done so already.

4. Add a pip.ini (Windows) or pip.conf (Mac/Linux) file to your virtualenv and paste the following snippet:

   [global]
   index-url=https://pkgs.dev.azure.com/ORGANIZATION-NAME/_packaging/FEED-NAME/pypi/simple/
   

Maven

1. Select Artifacts, and then select your feed from the dropdown list.

2. Select Connect to feed, and then select Maven.

3. Add the following snippet to the <repositories> and <distributionManagement> sections in your pom.xml:

   <repository>
     <id>[FEED-NAME]</id>
     <url>https://pkgs.dev.azure.com/[ORGANIZATION-NAME]/_packaging/[FEED-NAME]/maven/v1</url>
     <releases>
       <enabled>true</enabled>
     </releases>
     <snapshots>
       <enabled>true</enabled>
     </snapshots>
   </repository>
   

4. Add a <server> to your settings.xml file:

   <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
                                 https://maven.apache.org/xsd/settings-1.0.0.xsd">
     <servers>
       <server>
         <id>[FEED-NAME]</id>
         <username>[ORGANIZATION-NAME]</username>
         <password>[PERSONAL_ACCESS_TOKEN]</password>
       </server>
     </servers>
   </settings>
   

5. Create a personal access token with Packaging > Read & write scopes and paste your personal access token into the <password> tag in your settings.xml file.

Gradle

1. Select Artifacts, and then select your feed from the dropdown list.

2. Select Connect to feed, and then select Gradle.

3. Add the following snippet to the repositories and publishing sections in your build.gradle file:

   maven {
       url 'https://pkgs.dev.azure.com/[ORGANIZATION-NAME]/_packaging/[FEED-NAME]/maven/v1'
       name '[FEED-NAME]'
       authentication {
           basic(BasicAuthentication)
       }
   }
   

4. Add a <server> to your settings.xml file:

   <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
                                 https://maven.apache.org/xsd/settings-1.0.0.xsd">
     <servers>
       <server>
         <id>[FEED-NAME]</id>
         <username>[ORGANIZATION-NAME]</username>
         <password>[PERSONAL_ACCESS_TOKEN]</password>
       </server>
     </servers>
   </settings>
   

5. Create a personal access token with Packaging > Read & write scopes. Paste your personal access token into the <password> tag in your settings.xml file.

Restore packages

Now that you enabled upstream sources and set up your configuration file, we can run the package restore command to query the upstream source and retrieve the upstream packages.

npm

Remove the node_modules folder from your project and run the following command in an elevated command prompt window:

npm install --force

Note

The --force argument will force pull remotes even if a local copy exists.

Your feed now should have a saved copy of any packages you installed from upstream.

NuGet

1. Clear your local cache:

   nuget locals -clear all
   

2. Restore your NuGet packages:

   nuget.exe restore
   

Your feed now should have a saved copy of any packages you installed from upstream.

Pip

Run this command in your project directory:

pip install

Your feed now should have a saved copy of any packages you installed from upstream.

Maven

Run this command in your project directory:

mvn install

Your feed now should have a saved copy of any packages you installed from upstream.

Gradle

Run this command in your project directory:

gradle build

Your feed now should have a saved copy of any packages you installed from upstream.

Related articles

• Set up upstream sources
• Universal Packages upstream sources
• Feed permissions
• Publish packages to NuGet.org