MyGet Blog

Package management made easier!

NAVIGATION - SEARCH

Building and packaging NuGet and Npm from BitBucket

A few weeks back, BitBucket launched a new version of their API and web hooks. It comes with a number of changes, but one change we like very much is support for OAuth tokens for pretty much anything, including cloning repositories.

MyGet has had support for building and packaging code from BitBucket for a long time. However up until now we had to ask for credentials in order to be able to clone and build a repository. With the changes introduced in this new API, this is no longer needed! Let's see how we can build a NuGet or npm package from BitBucket without handing our credentials to MyGet.

From an existing (or new) MyGet feed, navigate to Build Services and add a new build source. MyGet supports various sources that provide Git, Mercurial and Subversion repositories. Let's add one from BitBucket.

Before we can see our repositories, we'll have to tell BitBucket that MyGet can access our profile information and a few other things.

Once we have done that, we can pick the repository we want to clone and build. Note that by default MyGet registers a webhook with BitBucket, so that whenever we make a code change and push it to BitBucket, a build is triggered on MyGet. Automatically.

Whether your repository contains a C#, VB.NET or an npm project doesn't matter. The standard conventions will produce a build for many project types. If customization is needed or to have full control over your build, add a build script to do so.

Once a build finishes, we can see the packages it produced. We can test our NuGet, npm or VSIX packages from our MyGet feed. And once we are happy with them we can push them through to NuGet.org or Npmjs.org.

Happy packaging!


Introducing MyGet Vsix support–Visual Studio Extensions and Roslyn

Last month, we introduced a limited preview for Visual Studio extensions (Vsix) on MyGet. Today, we’re proud to announce Vsix support has been enabled for all MyGet customers! In this blog post, we’ll see how we can use MyGet to build and distribute a Roslyn analyzer and code fix, as a NuGet package and a Visual Studio extension.

The full feature set we already have for NuGet, Bower and NPM is now also available for Vsix. You're able to manage extensions, add them from upstream feeds (ATOM only), granular permissions and user management, support for community feeds... If you need a staging feed or just a private VSIX gallery, this is the easiest way to get one. Using the VSO integration? We'll pick up the VSIX artifacts from your VSO build and automatically add them to your MyGet VSIX feed. Here’s an example.

(we also open sourced the example at https://github.com/myget/sample-roslyn-with-vsix)

Developing a Roslyn analyzer and code fix

Roslyn analyzers and code fixes allow development teams and individuals to enforce certain rules within a code base. Using code fixes, it’s also possible to provide automated “fixes” for issues found in code. When writing code that utilizes DateTime, it’s often best to use DateTime.UtcNow instead of DateTime.Now. The first uses UTC timezone, while the latter uses the local time zone of the computer the code runs on, often introducing nasty time-related bugs. Let’s write an analyzer that detects usage of DateTime.Now!

You will need Visual Studio 2015 RC and the Visual Studio 2015 RC SDK installed. You’ll also need the SDK Templates VSIX package to get the Visual Studio project templates. Once you have those, we can create a new Analyzer with Code Fix.

New Roslyn analyzer

A solution with 3 projects will be created: the analyzer and code fix, unit tests and a Vsix project. Let’s start with the first: detecting DateTime.Now in code an showing a diagnostic for it. It’s actually quite easy to do: we tell Roslyn we want to analyze IdentifierName nodes and it will pass them to our code. We can then see if the identifier is “Now” and the parent node is “DateTime”. If that’s the case, return a diagnostic:

public override void Initialize(AnalysisContext context) { context.RegisterSyntaxNodeAction(AnalyzeIdentifierName, SyntaxKind.IdentifierName); } private void AnalyzeIdentifierName(SyntaxNodeAnalysisContext context) { var identifierName = context.Node as IdentifierNameSyntax; if (identifierName != null) { // Find usages of "DateTime.Now" if (identifierName.Identifier.ValueText == "Now" && ((IdentifierNameSyntax)((MemberAccessExpressionSyntax)identifierName.Parent).Expression).Identifier.ValueText == "DateTime") { // Produce a diagnostic. var diagnostic = Diagnostic.Create(Rule, identifierName.Identifier.GetLocation(), identifierName); context.ReportDiagnostic(diagnostic); } } }

If we compile our solution and add the generated NuGet package to another project, DateTime.Now code will be flagged. But let’s implement the code fix first as well. We want to provide a code fix for the syntax node we just detected. And when we invoke it, we want to replace the “Now” node with “UtcNow”. A bit of Roslyn syntax tree fiddling:

public sealed override async Task RegisterCodeFixesAsync(CodeFixContext context) { var root = await context.Document.GetSyntaxRootAsync(context.CancellationToken).ConfigureAwait(false); var diagnostic = context.Diagnostics.First(); var diagnosticSpan = diagnostic.Location.SourceSpan; // Find "Now" var identifierNode = root.FindNode(diagnosticSpan); // Register a code action that will invoke the fix. context.RegisterCodeFix( CodeAction.Create("Replace with DateTime.UtcNow", c => ReplaceWithDateTimeUtcNow(context.Document, identifierNode, c)), diagnostic); } private async Task<Document> ReplaceWithDateTimeUtcNow(Document document, SyntaxNode identifierNode, CancellationToken cancellationToken) { var root = await document.GetSyntaxRootAsync(cancellationToken); var newRoot = root.ReplaceNode(identifierNode, SyntaxFactory.IdentifierName("UtcNow")); return document.WithSyntaxRoot(newRoot); }

That’s it. We now have an analyzer and a code fix. If we try it (again, by adding the generated NuGet package to another project), we can see both in action:

MyGet Roslyn analyzer VSIX and NuGet

Now let’s distribute it to our team!

Distributing a Roslyn analyzer and code fix using MyGet

Roslyn analyzers can be distributed in two formats: as NuGet packages, so they can be enabled for individual project, and as a Visual Studio extension so that all projects we work with have the analyzer and code fix enabled. You can build on a developer machine, a CI server or using MyGet Build Services. Let’s pick the latter as it’s the easiest way to achieve our goal: compile and distribute.

Create a new feed on www.myget.org. Next, from the Build Services tab, we can add a GitHub repository as the source. We’ve open-sourced our example at https://github.com/myget/sample-roslyn-with-vsix so feel free to add it to your feed as a test. Once added, you can start a build. Just like that. MyGet will figure out it’s a Roslyn analyzer and build both the NuGet package as well as the Visual Studio extension.

MyGet automated build of visual studio extension

Sweet! You can now add the Roslyn analyzer and code fix per-project, by installing the NuGet package from the feed (https://www.myget.org/F/datetime-analyzer/api/v2). ANd when registering it in Visual Studio (https://www.myget.org/F/datetime-analyzer/vsix/) by opening the Tools | Options... menu and the Environment | Extensions and Updates pane, you can also install the full extension.

Private VSIX feed with MyGet

Give it a try! More info is available from the Visual Studio extension landing page or the documentation on using MyGet’s Vsix features.

Happy packaging!

Working with scoped npm packages and MyGet private registry

When we introduced npm support on MyGet last month, we did not yet have support for scoped packages. Today, we’re pleased to announce full support for them!

Scoped packages are packages that are "scoped" to a specific registry. E.g. all packages scoped @acmecorp may be retrieved from a MyGet npm registry feed, while other scopes and non-scoped packages flow in from the default npm registry.

Creating a scoped package

A scoped package can be created by setting the name property in package.json file correctly, for example:

{
  "name": "@acmecorp/awesomeapplication",
  "version": "1.0.0"
}

Dependencies can be scoped as well:

{
  "name": "@acmecorp/awesomeapplication",
  "version": "1.0.0",
  "dependencies": {
    "@acmecorp/awesomepackage": "1.0.0"
  }
}

More information on scoped packages is available from the npm docs.

Publishing a scoped package

Scopes can be associated with a specific registry. This allows for seamless mixing of packages from various npm registries.

Let's associate the scope @acmecorp with the https://www.myget.org/F/your-feed-name/npm/ npm registry feed. We can do this manually, by adding the following to our .npmrc file:

@acmecorp:registry=https://www.myget.org/F/your-feed-name/npm/
//www.myget.org/F/your-feed-name/npm/:_password="base64encodedpassword"
//www.myget.org/F/your-feed-name/npm/:username=someuser
//www.myget.org/F/your-feed-name/npm/:email=someuser@example.com
//www.myget.org/F/your-feed-name/npm/:always-auth=true

It's probably easier to generate these entries from the command line by running:

npm config set @acmecorp:registry=https://www.myget.org/F/your-feed-name/npm/
npm login --registry https://www.myget.org/F/your-feed-name/npm/ --scope=@acmecorp
npm config set always-auth true --registry https://www.myget.org/F/your-feed-name/npm/

From now on, we can publish and consume any package that has the @acmecorp scope. Npm will automatically direct requests to the correct registry.

Happy packaging!

P.S.: We have VSIX support coming as well. Let us know if you want to enroll in the preview.

Limited preview - VSIX support

MyGet has a rich feature set for NuGet, and we just recently added support for Bower and NPM registries. Now we'd like to give our users the opportunity to bring those rich MyGet features to VSIX as well!

What VSIX support will you get in this preview?

We currently have the full feature set we already have for NuGet, Bower and NPM. You'll be able to manage extensions, add them from upstream feeds (ATOM only), granular permissions and user management, support for community feeds... If you need a staging feed or just a private VSIX gallery, this is the easiest way to get one. Using the VSO integration? We'll pick up the VSIX artifacts from your VSO build and automatically add them to your MyGet VSIX feed.

I want to join the preview!

If you are interested in joining the private preview and eager to provide some early feedback, then just ping us with your username and we'll flip the feature toggle for your account.

MyGet now offers NuGet, Npm and Bower registries

pmsWith our latest MyGet release, we’ve added support for npm and bower registries. We’ve always been very focused on building a great story around NuGet and decided it was time for Npm and Bower enthusiasts to get a similar experience.

Adding npm and Bower support was high on our wish list and that of our users. Many developers are doing only front-end development and need a public or private npm registry. Others are working with DNX (the new name for ASP.NET 5 or ASP.NET vNext) and combine NuGet, npm and Bower. It feels good to be able to support them all!

To help you get started, we’ve prepared a few short tutorials that help you get started on MyGet with these package managers:

Oh and build services now also packages node modules! Just point MyGet to your GitHub repository and we’ll package your npm packages, too.

We really look forward to hearing your feedback on this!

Happy packaging!

MyGet 2.0 Release Notes

MyGet 2.0 was released on March 12, 2015.

Highlights

This 2.0 release of MyGet adds brand new functionality to the service. With this release, we bring all the functionality we already had for NuGet also to Bower and NPM!

This means, from now on, you can use MyGet to host and build your own NuGet, NPM or Bower feeds, whether public or secured.

Features

MyGet (all plans)

The following applies to all MyGet plans:

MyGet (paid plans)

Obviously all paid plans also get the enhancements made available on the free plan. The following applies to the MyGet Starter and Professional plans:

MyGet Enterprise

The enterprise plan has all functionality from the paid subscription plans, and more! The following applies only to the MyGet Enterprise plan:

MyGet Build Services

Bug Fixes

  • Improved detection of hanging builds
  • Build now properly fails when compilation fails and no packages have been produced or pushed to your feed
  • Upstream package source proxying enhancements
  • No longer prompt the user that a package update is available upstream if the package source is set to auto-update

Keep that feedback coming! MyGet is built for you!

Happy packaging!


Introducing MyGet Feed Sync

How can you keep multiple local NuGet servers synchronized? How can developers consume the same packages when each office branch has its own local NuGet server? How can two servers be synchronized when bandwidth is insufficient for a cloud-only solution?

We’re happy to introduce Feed Sync. Jointly developed by MyGet and Inedo ProGet, allows you to synchronize packages on multiple package servers with MyGet.

Note: During preview, Feed Sync is available for all MyGet plans and Inedo ProGet free users. After release, Feed Sync will be available for all paid MyGet plans and users of ProGet Enterprise 3.5 and up.

Synchronize local NuGet server with MyGet

Packages added on a linked ProGet instance will be replicated to MyGet and any other linked instance. When using MyGet Build Services to build packages from GitHub, BitBucket or Visual Studio Online, packages that are created will be replicated as well.

Read up on how to configure Feed Sync in our documentation.

Happy packaging!

Modify NuGet package description and release notes before pushing upstream

Ever enjoyed watching your builds go green to find out that the packages created had a typo in the description? Or you simply forgot to add release notes? Very annoying if you simply want to push your packages out there!

This annoyance triggered one of our dear customers to send us a feature request: "What if I could modify these fields before I hit the Push button?" Well, we thought that was indeed a great idea, so we implemented it, whilst we also gave the UI a little more love :-)


If you click the Edit button next to each package, you'll now have the ability to modify the pre-release tag, the package description, and the package release notes. With a click of a button, you can also apply the release notes to all packages listed in the dialog. 


And to finish it off, we support markdown in the release notes. Packages that have release notes which contain markdown will be rendered nicely on the package details page.

Happy Packaging!

IP whitelisting for MyGet Enterprise customers

Many enterprises access the Internet using one or more static IP addresses and prefer limiting access to their applications to those IP addresses. Good news: MyGet Enterprise customers can now whitelist IP addresses (or IP ranges) so only clients can only access MyGet if they are coming from the configured address. The whitelist will be applied for accessing the website, as well as for consuming hosted NuGet feeds.

IP whitelisting for MyGet Enterprise customers

Enterprise administrators can navigate to the administration dashboard, and create an IP whitelist under the Accounts tab. IP addresses can be entered on separate lines. If an entire subnet has to have access, the IP address can be suffixed with a CIDR suffix (e.g. /24) or a subnet mask (e.g. /255.255.255.0).

Happy packaging!

Black Friday Sales - 30% discount on MyGet Starter and Professional

Thank you! Black Friday dealsWhile in Europe we don’t have holidays this week, we do want to share the tradition of Thanksgiving. MyGet could have never grown into what it is today without you. We'd like to thank you by having a sale on our Starter and Professional plans!

Starter and Professional Subscriptions of 6 months get a 15% discount. If you decide to stay with us for a full year, we’ll give you 30% off!

Interested? Sign in to your MyGet account and create a new subscription or extend your existing one.

Since today is “Black Friday” and right after the weekend is “Cyber Monday”, we’re keeping this sale available until Tuesday December 2nd, 2014. This gives ample opportunity to purchase a MyGet subscription at a discounted rate.

Happy packaging!

PS: Give our new features a try, too. We have service messages support, more web hooks and a load of other things!