Promotion Pipelines in ProGet
by Lauren Camacci, on Jun 24, 2020 11:11:00 AM
"Promotion" has many different meanings. To non-engineers, "promotion" might mean gaining a higher position at one's company. But even among engineers, promotion means different things in different technological contexts. In the ProGet context, "package promotion" means copying a package from one feed into another (and saving a record of that). Pretty simple, and promotion pipelines make it even simpler.
Why Promote Packages
Bugs and unknown licenses are just some of the risks of going straight from package download to production use in one go. Most organizations instead prefer to play it safe by keeping production-ready and pre-production packages separate.
In many package repository tools, there's no simple way (or no way at all) to move packages between feeds. But ProGet not only supports package promotion, but it also now features package promotion pipelines.
Creating a Package Promotion Pipeline
Even if your organization is small and filled only with the most cautious and trustworthy people, limiting the options of promote-to feeds can add security and peace-of-mind. Creating a package promotion pipeline in ProGet allows you to quickly set a single option for the promote-to feed from another ProGet feed.
For example, let's say you have three feeds: NuGetTest, NuGetVerified, and NuGetProd.
The NuGetTest feed's packages come straight from NuGet.org into ProGet via a connector. But your organization may need to restrict what packages are appropriate to use in production use, so the NuGetVerified feed is where approved ("verified") packages are sent.
The NuGetVerified is where actual testing occurs, and from there, packages are promoted to the NuGetProd feed. This is the only feed used when grabbing packages for production-quality software builds.
NuGetTest NuGetVerified NuGetProd
But how to prevent someone from promoting a NuGetTest package straight to NuGetProd, and bypassing this workflow?
You can restrict which feed another feed may promote packages to in three steps:
- In ProGet, go to the NuGetTest feed's "Manage Feed" page.
- Click "change" next to "Promote To Feed."
- Select "NuGetVerified" as the target feed.
After changing that, anyone with permission to promote from NuGetTest can only promote to NuGetVerified, keeping the NuGetTest packages away from the NuGetProd feed.
Promotion Pipelines Enforce Workflow:
NuGetTest ==> NuGetVerified ==> NuGetProd
This ensures that only those authorized to promote packages for production use may do so. Ultimately, this can help organizations maintain developer autonomy by simplifying choices and making sure everyone knows to the appropriate "flow" of packages to get to production use. This way, everyone can easily learn package promotion at your organization without needing lots of extra training to understand promoting to the correct feeds.