Getting Started with ProGet: Package Promotion 

As you develop software, not every package you encounter is acceptable for production use. Separating production-ready and production-unready packages without interrupting your workflow is as easy as five clicks with package promotion in ProGet. 

In ProGet, “promotion” means copying a package from one feed into another. ProGet does NOT automatically delete the package from its promote-from feed when it promotes to the promote-to feed. (You can configure retention rules to save space.)

Use package promotion to keep packages with potential vulnerabilities and unacceptable licenses far away from Production. By creating separate feeds for unapproved and “validated” packages, you add extra protection for Production. With package promotion, moving packages between these feeds is extremely simple — or even simpler with promotion pipelines.

See just how easy package promotion is in ProGet (2 minutes):

Promote a Package

This tutorial starts with the following already set up in ProGet: 

  • a NuGet “Validated” feed  
  • a NuGet.org public feed with a connector and a package pulled to ProGet 

You can get step-by-step instructions for setting these up in our “Getting Started with ProGet” tutorial

Navigate to the Package Overview screen for the desired package (in this case, Newtonsoft.Json). 

From the right-hand drop-down, select “Promote Package.” 

Select the desired “Promote To” feed from the dropdown, and optionally add comments. Then click “Promote.” 

Success! 

You can also view this tutorial as a video.

Create a Package Promotion Pipeline 

A package promotion pipeline is an optional practice to limit the feeds to which a given feed may promote. This ensures that packages promoted to, for example, your Production feed are coming only from approved source feeds in ProGet. 

To set up a package promotion pipeline, select “Manage Feed” for the desired promote from feed. 

On the feed Properties page, select “Change” next to “Promote To Feed.” 

By default, “any FEEDNAME feed” will be selected. To create a promotion pipeline, however, select the desired promote to feed from the dropdown and click “Save.” 

You can confirm these settings by promoting another package from (in our case) NuGetPublicTest to NuGetValidatedTest. Instead of the “Promote To” dropdown, there will be a single option hard selected for promotion. 

Success! Package promotion and package promotion pipelines are simple with ProGet. 

You can also view this tutorial as a video.

What’s Next?

Configure License Detection

When using third-party, open-source packages in your application, you agree to whatever licensing terms the packages’ authors specify. For example, if you were to use a GPL-3.0-licensed package, you would be required to open-source your application and then license it under GPL-3.0. If your organization failed to do that, it could face a lawsuit from the package authors or other legal liabilities. ProGet allows you to filter by license type.

Configure Retention Rules

As you download and cache more and more public packages, your disk space will quickly fill up with old and unused packages. You can configure retention rules to automatically reclaim disk space by deleting old or unused packages that meet criteria you define, such as unused or old versions.

Download ProGet

Give package promotion and other ProGet features a try by downloading ProGet, available in a free-forever version.

EXPLORE DOWNLOAD OPTIONS