AZ-400: Designing and Implementing Microsoft DevOps Solutions

Design and Implement a Package Management Strategy

Exploring Azure Artifacts

In this lesson, we dive into Azure Artifacts, a core component of Azure DevOps that enables enterprise-scale package management. Mastering Azure Artifacts is essential for the AZ-400 exam and for streamlining your CI/CD pipelines with reliable, repeatable package deployments.

The image is a slide titled "Introduction" with three bullet points: "Exploring Azure Artifacts," "Importance of package management in software development," and "Overview of Azure Artifacts as an extension of Azure DevOps."

Why Choose Azure Artifacts?

Azure Artifacts augments your DevOps workflow with:

BenefitDescription
Tight Azure DevOps IntegrationAutomate package restore and publishing in Pipelines and Boards.
Multi-format SupportHost and manage NuGet, npm, Maven, Python, and more.
Fine-grained Access ControlAssign permissions at feed and individual package levels.

Note

Azure Artifacts scales from small teams to large enterprises, offering performance and security.

Package Management Workflow

Follow these three core steps to onboard packages:

  1. Set up a feed
  2. Push your packages
  3. Consume packages

The image outlines a three-step process for creating and sharing packages: setting up a feed, pushing packages to the feed, and consuming packages from the feed.


1. Creating a Feed

In Azure DevOps:

  1. Navigate to Artifacts.
  2. Click Create Feed.

The image shows a screenshot of the Azure DevOps interface, specifically the "Create new feed" configuration window, where users can set permissions and visibility for package feeds.

Configure these settings:

SettingOptionsDescription
VisibilityPrivate, Organization, PublicControls who can view and install your packages.
Upstream SourcesNuGet.org, npmjs.com, Maven Central, other feedsAutomatically proxy or cache packages from external registries.
ScopeEntire organization or specific projectsLimits feed access to select projects or makes it organization-wide.

Warning

Public feeds expose your packages to the internet. Ensure no sensitive artifacts are published inadvertently.


2. Consuming a Feed

After feed creation, select Connect to Feed for authentication snippets, or Search Stream Sources to browse upstream packages:

The image shows a screenshot of an Azure DevOps interface with options to connect to a feed or search upstream sources, under the title "Consuming the Feed."

  • Connect to Feed: Copy configuration for NuGet.config, .npmrc, settings.xml, or pip.conf.
  • Search Stream Sources: Filter by package name, version, license, or dependencies.

3. CI/CD Integration

Use Azure Pipelines to restore, version, and publish packages automatically:

The image illustrates integrating with CI/CD pipelines, highlighting automated package versioning, restoring packages during builds, and continuous integration with Azure Pipelines, alongside a screenshot of Azure DevOps.

Pipeline Steps

trigger:
  branches:
    include:
      - main
  paths:
    include:
      - '**/*.csproj'

steps:
- task: NuGetToolInstaller@1

- task: NuGetCommand@2
  inputs:
    command: 'restore'
    restoreSolution: '**/*.sln'
    feedsToUse: 'select'
    vstsFeed: '<YOUR_FEED_ID>'

- task: DotNetCoreCLI@2
  inputs:
    command: 'publish'
    projects: '**/*.csproj'
    arguments: '--configuration Release --output $(Build.ArtifactStagingDirectory)'

- task: PublishBuildArtifacts@1
  inputs:
    PathtoPublish: '$(Build.ArtifactStagingDirectory)'
    ArtifactName: 'drop'
    publishLocation: 'Container'

- task: AzureWebApp@1
  inputs:
    azureSubscription: '<Your Azure Subscription>'
    appType: 'webApp'
    appName: '<Your App Name>'
    package: '$(Build.ArtifactStagingDirectory)/**/*.zip'

Automate version bumps using tools like Dependabot or GitHub’s native versioning bot.


Best Practices

The image outlines three best practices for using Azure Artifacts: using semantic versioning, organizing packages with scopes and views, and implementing retention policies for artifact management.

  • Adopt semantic versioning to signal breaking changes, features, and fixes.
  • Leverage scopes and views to partition packages by team, environment, or lifecycle.
  • Implement automated retention policies to purge stale artifacts and optimize storage costs.

Watch Video

Watch video content

Previous
Discovering Package Management Tools