Determine which projects use my Nuget package on Github? - c#

I've got a few Nuget packages that are SDKs for third-party APIs. Now, their download count is in the low thousands, but I know a large proportion of that is going to be from my CI/CD pipelines and me doing nuget restores whilst developing and whatnot.
So, I'd like to know if anyone is actually using my projects. It's not the end of the world if not, because I made them because I needed them, but it'd be good to know if I've helped someone.
Is there any way to reliably establish if any projects are consuming my nuget package, assuming that these are published publicly on Github? The best I can think of is just googling the name of my package but that's not proving very fruitful.

Using Github itself might work. Maybe there is a good method around, but this is the best I could find get in my three minutes test.
https://github.com/search?l=XML&q=RestSharp.105&type=Code
https://github.com/search?l=XML&q=Hypermedia.Core&type=Code
https://github.com/search?l=XML&q=DiscosWebSdk&type=code
Is way less than perfect, but better than Google for the matter at hand.

Is there any way to reliably establish if any projects are consuming my nuget package?
The closest would be, in nuget.org/packages, the Used By section which lists:
NuGet packages that depend on xxx,
GitHub repositories that depend on xxx.

Related

Download latest NuGet during run-time

During runtime, I want to download the latest DLL from the NuGet library using .NET Core and load it into the container.
I am looking at a scenario when a set of dependencies has been changed and new package versions are released to nuget.org, after which I will have to download the latest packages and run some tests. Each time the application will verify if it has the latest package version and, if necessary, download and dynamically load the new assembly without the application stopping.
I'll start off saying that this doesn't sound like a good idea. You didn't explain the scenario about why you want to do this, so we have no way of suggesting better approaches. If it's a web application that you don't want to have downtime for, a better approach might be to have a load balancer and when you release a new version of your web app, to configure the load balancer to send all new requests to the new contains/version while the existing connections on the old version drain.
If your app is a queue listener, you don't need hot-loading at all. Just have an app which creates a pull request on your source code to update nuget package version numbers when they're available, have the CI automatically build the change and if tests pass you can automate approving/merging the PR then your CD can automatically deploy and decommission the previous version. This would be less risky than automatically loading new versions since you risk the new version having bugs or not being binary compatible and now your app is going to crash.
Anyway, if you really do have a good reason to hot-reload assemblies, on .NET Core you'll need to use AssemblyLoadContext. However, it's such an unusual case to need this, that I can't find any realistic examples on how to use it. All the "examples" I've seen use AssemblyLoadContext.Default which I assume is equivilent to using a single context and therefore won't let you load different versions of the same assembly. So, if you want to go down this path, you're probably going to have to figure it out yourself. Lots of trial and error, debugging and possibly reading the coreclr source code. As some commenters to your question mentioned, you'll also need to handle the case that an assembly was compiled against one version of a dependency, but you're now going to load a different version. In the .NET Framework is uses something called Assembly Binding Redirect. The way most people use this is with an app.config or web.config file, but that won't work for you since it will change at runtime. I'm sure there's an API to deal with it programatically, which you'll also need to figure out. I'm not sure how/if binding redirects are different in .NET Core compared to the .NET Framework, so that's yet another thing you'll need to figure out, but I'm sure a couple of good searches on google will give you an answer to that.
Once you get assembly hot reloading working, you can either read the NuGet server API and implement your own client, or you can use the NuGet client SDK. But the NuGet Client team's primary focus are the tools (Visual Studio integration, dotnet cli, nuget.exe), they just publish the packages for convenience (plus as a way to share the libraries with dotnet cli and mono), so there are no docs on using the SDK. Also note that while the NuGet client team tries not to break the packages binary API, it's a secondary concern when needing to implement features and bug fixes for the tools. The NuGet client SDK track Visual Studio version number, it doesn't use semantic versioning, so when you try to update to newer NuGet client packages, you might find you need to change your code when you otherwise might not expect. It's pretty rare, but I generally recommend the "ports and adapters" pattern, and this is an excellent example of when it's particularly useful. At least with the NuGet client packages, there are blog posts from people who figured it out and shared how they did whatever they needed. Otherwise since NuGet itself is opensource, you can look though NuGet's code to see how it uses the packages internally, and use that as a guide to help you figure out what you want to do. If you go down this path you'll need to do most of what the nuget tools do:
Query a NuGet feed to find what versions of a package are available, then choose which version you want to use and check if that version is already downloaded.
Download and extract the package.
Asset selection. Particularly when a package has libraries for multiple TFMs, you need to know which one to use based on your project's TFM
The NuGet client at this stage would either write the project.assets.json file, used by the .NET SDK, or edit the packages.config and csproj files, depending if the project uses PackageReference or packages.config. In your case this is where you integrate with assembly hot-reload.
Note that in the general case, the process above, or depending on how you implement it a single step, could be recursive because a package can have dependencies. So, the dependencies also need to be retrieved, but a package can have different dependencies depending on which TFM is selected, so you need to figure out do you want to download all dependencies, even ones that will never be used after asset selection, or do you want to do asset selection first to minimise the packages that you download. Also when multiple packages have a dependency on different versions of a single package, you need to make a decision about which version of the package you want to use.
So, that's the high level algorithm you'll need to implement. As I mentioned, most of this doesn't have API docs with examples on exactly how to implement it, and very few, if any, examples exist on the internet. Like I wrote in the first paragraph, I don't think this is a good idea. It's probably easier to automate your CI/CD pipelines, and if necessary automate changes to a load balancer's configuration, rather than making such a complex app. Sometimes orchestrating a bunch of simple apps is easier than making a complex app.

Best practice for sharing packages between 2 projects?

I know that many people use the patern of having two projects, AppName and AppName.API. What happens when both of them projects require a class from the same package.
In my mind I have two options, create another project (AppName.Common) and reference that project on both AppName and AppName.API, or just add the package to both projects via Nuget.
Which is the best practice for this? Have I even got this right, is there an option I've missed? I'm a beginner to programming and just looking for some guidance towards advanced topics.
Many thanks.
NuGet was created for package management and Visual Studio handles package management for you. "Best Practice" for this question is subjective, in my opinion. What I recommend is that you add both projects to a solution. Then, right-click on your solution in the solution explorer and choose the Manage NuGet Packages for Solution menu option.
Then, from the package manager, install your package into both projects of your solution. When you move this solution from machine to machine, or someone else works on it, they can simply restore packages to install the dependencies. Your packages will be stored in a common folder at the solution level.
Just add the package to both projects via Nuget. The transitive reference approach (depend on Common just for dependencies) has pains the second you have 3 projects where two need a dependency but the third doesn't, at which point you've introduced a pointless dependency.
Don't overcomplicate package management or project layouts; always keep things simple or they (as a rule of thumb) will get in your way as you scale.
Edit: You mentioned you were new to programming. You don't always need X.Impl and X.Api (nor is that better than simply having X), and until you know WHY you might need them, it's going to be best to keep things simple. Your goal as a new programmer is likely to learn programming. If you overcomplicate your project structure & application architecture, you're going to waste time wrangling that vs learning, well, programming. Focus on writing as little code as possible, as few abstractions as possible, and creating as few csprojs as possible (ideally 1).
I agree Nuget is best for package management. But IMO it’s not best to use it if it’s not a generic package and not used by many teams and projects.
For your purpose I feel using a common class library and referencing it in both projects works very well and sorts out the debugging problems with remote packages.

What to do when NuGet doesn't have the latest updates?

My project has a dependency on a certain NuGet package (Jint, to be specific). A bugfix was committed to the trunk of that project a couple of months ago that I need to have in my project, but an update hasn't been pushed to NuGet.org yet.
What are some best practices in dealing with this situation?
Things I've considered:
Pull down the source and put it directly into my project. I don't really want to do this because it's going to pollute my repo with the source of some other project.
Build the source and hard link the .dll into my project, maybe putting the .dll in the repo. Seems sort of okay, but I don't typically like to check binaries into my source control.
Build the source, package into a NuGet package and post it to a private NuGet feed. This seems like the least-worst solution, but a big pain.
If anyone has successfully dealt with this scenario before, I'd love to hear what your approach was.

How do you go about using 'lib' folders in .Net projects for building in dependencies?

I need to get my external dll dependencies (automap, others ...) into a situation where I can build them on my build server. I would also like to get then them into subversion, so the build server can pick them up.
So I'm new to the whole 'lib' folder thing. I've searched Google, but it seems it's kind of assumed, there are no basics of what to do here. The books I own don't go into it. It's been a long time since I had a mentor at work, or even someone I could ask questions of ... and I'd really love to understand the fundamentals of what I should be doing here.
I write in .Net, use Jenkins as my CI server (new to that) and msbuild (new to that too). I'm hearing svn:externals (don't compute), NuGet ....
Please help!
Suppose my solution is called MySolution and is stored in C:\MySolution, then I have have three directories for binaries, all managed by source control.
vendor the source code of third party frameworks. If needed they are built and signed (with my key) and treated as if the code was my own. This is sometimes necessary to "fix" defects in the framework or debug their source to understand why it fails.
src\packages modules managed by nuget (I wished to combine this with my "lib" folder, but that isn't yet supported)
lib compiled libraries for which I don't have the source and that are not managed by nuget.
(I have omitted folders like "src", "sample", "setup", "documentation" and "scripts" to keep the answer specific to the OP).
The recent months I started to create my own nuget packages for "packages" in the lib folder so I can migrate all of them to "packages". Its published to a private nuget server. It also simplify managing the binaries across solutions.
I use to use externs, but they pose a branching nightmare after a while because you have to branch and pin the external dependencies to. With nuget this is no longer needed.
I would definitely avoid putting binaries in source control. You'd be far better off creating your own nuget repository containing your preferred versions of packages and either using nuget restore or some other way of "rehydrating" your dependencies for building. I use a simple batch file called nuget-update.bat which just looks at all packages.config files and gets any dependencies it finds.
It seems that you posted a sequence of questions on the same topic. I recommend NuGet, as it becomes critical and promoted hard by Microsoft. However, many old libraries are not available there, and you may still need to keep a lib folder. My open source project #SNMP is a good example,
I tried to use as many NuGet packages as possible, and even stepped up to maintain some of the dependencies, such as DockPanel Suite.

Looking for an msbuild and xbuild task to fetch referenced libraries (without nuget.exe)

I have an issue with creating an easy solution for my build system, based on mono.
Current situation is that I keep my referenced libraries inside the git repository, which is not good, for many obvious reasons.
What I want to achieve is something like what NuGet provides - automatically download dlls from the Web, put them in some directory and forget about them.
I want to do this at build time, so it would not require any additional actions with downloading libraries etc. The best option would be an msbuild (xbuild on mono) task, but I want it to be system independent, so the popular one, executing NuGet.exe, is out of question (consider parallel mono installations, etc.).
I've tried Pepita project, but it's... wrong. No, really, it is, it has too many design mistakes to be easy to use or repair. To make a proper configuration would require a serious rewrite of the whole project.
What I would love is a library, that would employ NuGet.Core library and be available as a task. If such a lib is not there, I could use any solution, that would download a nuget package and unpack it to a directory specified in .csproj.
Even better, it would be nice if such a library could resolve dependencies without specifying them explicitly in packages.config (or similar) file, e.g. if I want to include Castle.Windsor I don't want to include Castle.Core in my config file.
I know about the OpenWrap project (with NuGet Gallery), it looks promising, but I can't find the solution where I would just put a constant set of libraries in my repo once, modify csproj files, some configs and have it done.
I can tell you that OpenWrap at the core has everything built-in to do what you want. Everything you can do with the openwrap-shell is also available to be called from msbuild. So, it seems to me that you would just need to add a before build hook to call out to openwrap to perform an "update-wrap". Several months back I actually looked into doing something similar. AFAIR I actually wrote an msbuild script to call openwrap tasks, but didn't really hook them into the normal build process.
I don't know exactly what you mean with "put a constant set of libraries in your repo once"? For OpenWrap, all you need to do is maintain the "openwrap descriptor" for your project. That file contains all direct dependencies of your project (with or without restrictions on version numbers). (Indirect dependencies are pulled in automatically) Are you wondering about how you get started when you have a bunch of binary dlls to start with? I can tell you what I did. Basically, I do not use any NuGet packages, I created OpenWrap packages for everything. I also created OpenWrap packages for all our binary dependencies (some of which are open-source). This is really super simple: you fill in correct dependencies in the OpenWrap descriptor and specify that the package must only contain the given dlls. We had a bunch of binary dependencies, but once you start packaging them, it's definitely not that much work.
If you want to see an example, you can check this one:
http://code.google.com/p/ppwcode/source/browse/dotnet/External/Apache.Log4Net/trunk/Apache.Log4Net.wrapdesc
That is all you have to do to package your binary dependencies. This is a package I created and we currently use it in the company where I work. I know Log4Net is probably available as a NuGet package, and I could probably use that. The advantage of creating those binary packages myself, is that I have full control over the packages, over the version numbering of the packages, over how a big project is split over several smaller packages and so on.
As an OpenWrap repo, you can use a folder on your local filesystem, or a folder on a network share. What we use, is actually a webdav repository that we mount locally on a drive (using Windows 7). This works fine for us and also allows us to specify who has read and write access to the repository.
You mention mono.... well, that might be a problem: the currently released version of OpenWrap (2.0.2) does not run on mono AFAIK. But the good news is that Sebastien Lambla has been working hard to get OpenWrap to run on mono+xbuild for the new version that is going to be released very soon: 2.0.3. No alpha/beta builds available yet, but you can build from git. (In that case you would need to build both openwrap-shell and openwrap). Sebastien Lambla, who created OpenWrap, normally keeps an eye on questions on StackOverflow and will probably be able to give you a more complete answer on the mono status.
Btw, where I work, we are using OpenWrap already for over a year. Back then we compared both NuGet and OpenWrap, and at that moment OpenWrap was way way way ahead of NuGet. Basically, to me, NuGet was not a tool for dependency management, but a tool to assist you in Visual Studio to pull in binary dependencies from a remote server (meaning: copy dll from remote server to local folder and add reference to local dll in project file). In the mean time, NuGet has been playing catch-up with OpenWrap and has added functionality that already existed in OpenWrap. There are in my opinion only 2 things that NuGet has over OpenWrap and that is integration in Visual Studio (aka overview of remotely available packages and click-click-click adding of packages) and the fact that it is maintained by Microsoft people (AFAIK). Both things are just political: it's easier to convince people with a pretty interface and microsoft support. Personally, however, I think that OpenWrap is technically superior and I think it's really a pity that it doesn't get the attention that it deserves.

Categories

Resources