Beta

AZ-400: Designing and Implementing Microsoft DevOps Solutions

Design and Implement a Package Management Strategy

Discovering Package Management Tools

Design and Implementation of a Package Management Strategy

Introduction

In this lesson, we explore package management in Azure DevOps and GitHub—critical components of modern software development and CI/CD pipelines. We’ll start by defining package management, then highlight why it matters. Finally, we’ll dive into four main tools:

  • Azure Artifacts
  • GitHub Packages
  • NuGet
  • npm

The image is an introduction slide for "Package Management in Azure DevOps and GitHub," highlighting three sections: definition of package management, its importance in software development and CI/CD, and an overview of tools like Azure Artifacts and GitHub Packages.

Key Package Management Tools at a Glance

ToolPlatformSupported PackagesHighlights
Azure ArtifactsAzure DevOpsNuGet, npm, Maven, Python, universal feedsUpstream sources, seamless CI/CD integration
GitHub PackagesGitHubnpm, NuGet, Maven, RubyGems, Docker imagesNative auth, GitHub Actions workflows
NuGet.NET.NET libraries and toolsVisual Studio & dotnet CLI integration
npmNode.jsJavaScript modulesVast registry, script support, dependency audit

Why Package Management Matters

Consistent versioning, faster builds, and secure dependency control are essential for scalable CI/CD. A unified registry reduces “works on my machine” issues and simplifies audits.

Azure Artifacts

Azure Artifacts is a universal package management solution built into Azure DevOps. It allows teams to:

  • Store and version packages in one central location
  • Proxy public registries using upstream sources
  • Integrate directly with Azure Pipelines for seamless CI/CD
# Example: Publish a NuGet package in Azure Pipelines
steps:
  - task: NuGetCommand@2
    inputs:
      command: 'push'
      packagesToPush: '**/*.nupkg'
      publishVstsFeed: 'your-feed-name'

Upstream Sources

Use upstream sources to cache npm, Maven, or PyPI packages—reducing build times and improving reliability.

GitHub Packages

GitHub Packages is GitHub’s integrated registry, working with GitHub Actions and repository permissions.

  • Authentication: Uses your GitHub account credentials
  • Supported Formats: npm, NuGet, Maven, RubyGems, Docker, and more
  • Access Control: Repository-level permissions and fine-grained scopes
# Example: Publish npm package with GitHub Actions
name: Publish npm Package
on:
  push:
    tags:
      - 'v*.*.*'
jobs:
  publish:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

NuGet

NuGet is the de facto package manager for the .NET ecosystem, providing:

  • Distribution of libraries and CLI tools
  • Integration with Visual Studio and the .NET CLI
  • Automatic dependency resolution and semantic versioning
# Install a package
dotnet add package Newtonsoft.Json --version 13.0.1

# Restore dependencies
dotnet restore

npm

npm is the largest registry for JavaScript and Node.js packages, featuring:

  • Over a million modules and growing
  • Simple commands: npm install, npm update
  • Scripts, semantic versioning, and built-in security audits

The image is an informational graphic about npm, highlighting it as the largest software registry and part of the JavaScript ecosystem. It features two sections: "What is npm?" and "Key Features."

# Install dependencies
npm install

# Run a project script
npm run build

# Audit for vulnerabilities
npm audit fix

Security Tip

Regularly run npm audit and review advisories. Use lockfiles (package-lock.json) to ensure reproducible builds.

Further Reading

Watch Video

Watch video content

Previous
Summary
Next
Exploring Azure Artifacts