Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Functional differences between different "Feed Usage" options



  • The documentation is fairly light on what actually happens when you select one of the "Feed Usage" options when creating a new feed.

    For me, I see two options when making a Helm Chart feed:

    • Private/Internal packages
    • Validated/promoted packages

    The documentation lists two others (maybe they are not available in my ProGet build of 5.3.18):

    • Free/Open Source packages
    • Mixed packages

    The docs say to not used Mixed Packages, so I am not really interested in that one.

    But I would like to know what selecting the other ones causes to change in the application.

    For example: The Package Promotion page indicates that you should choose "Validated/promoted packages" for package promotion, but it does not indicate if it is for the source or target feed. Nor does it indicate what features will be available as a result of this setting.

    What functionality depends on this selection? What will change when I select one vs the other?


  • inedo-engineer

    Hello, great question!

    I hope that I can answer your question by showing you what I changed in the documentation

    Feed usage controls which tabs and messages are displayed in the user interface. For example, "Private/Internal packages" won't display the license filtering options, as you wouldn't create license usage restrictions for your own packages.

    Note that not all feeds have all of these Feed Usage options. Generally speaking, we don't recommend using mixed packages, as it will present all of the user interface options; most of them won't be relevant for packages you create (like license filtering or vulnerability scanning).



  • Thank you for your response.

    I would suggest adding even more details. I would suggest adding at least one example in each bullet point of what kind of actual functionality is altered by choosing that value.

    After posting this I found through testing that when the feed is set to "Validated/promoted packages", that the option to upload a package via the UI is removed. This assists in preventing direct additions to a feed that should only contain packages from a promotion pipeline. (Though this can be bypassed via an curl command for Helm charts. I don't know if other feed types allow a similar bypassing of the UI restriction.)

    Adding a similar entry for "Free/Open Source packages", along with the one you indicated about "Private/Internal packages", would improve the documentation with more clarity.


  • inedo-engineer

    Hi @Stephen-Schaff_8186,

    Thanks for the clarifications! In fact, I wanted to learn some of the behavior, and here's what I discovered.

    I'm sharing the details, because I think we should take the opportunity to clarify not only the docs, but the UI, since it seems like this can be improved. It's a new concept in ProGet 5.3, and it was primarily intended to guide set-up of new feeds, so we haven't looked at it closely since first adding the feature.

    Feed Type Sets

    There are two sets of feed type options, and which ones are displayed is dependent upon whether the feed type is denoted as having a private gallery (HasPublicGallery).

    HasPublicGallery == true

    • "free/open source packages"
    • "private/internal packages"
    • "validated/promoted packages"
    • "mixed public/private packages"

    HasPublicGallery == false

    • "private/internal packages"
    • "validated/promoted packages"

    These all map to an enum: Mixed = 0, PrivateOnly = 1, PublicOnly = 2, Promoted = 3.

    HasPublicGallery

    The following feed types are denoted (internally) as having an official, public gallery: Chocolatey, Cran, Maven, Npm, NuGet, PowerShell, Pypi, RubyGems.

    • Helm and Docker are not on this list, perhaps because there's no official gallery? I'm not sure.
    • Debian and RPM are not on this list, because I don't think they support connectors

    Feed Type Behavior

    Almost all of the behavioral changes occur in the "out of box tutorial", to guide users through the setup. Aside from that, here's the UI impact I found:

    FeedType == PublicOnly

    • On the list packages page (e.g. /feed/MyFeed):

      • the "package filter info" is displayed as "Unfiltered", even if no package filters are configured to bring visibility to the importance of package filters
      • the "vulnerability status" is displayed as "Not Scanned", even if vulnerability scanning is not configured
    • On the Package Versions page (e.g. /feed/MyFeed/MyPackage/versions):

      • the "vulnerability status" is displayed as "Not Scanned", even if no vulnerabilities are detected

    FeedType == PrivateOnly

    • Feed allows AllowUnknownLicenseDownloads, regardless of global setting; this feels like a big behavioral change, but it makes sense, since why would you license your own packages, etc.
    • The Manage License Filter page displays an error.
    • On the Package Overview page (/feed/MyFeed/MyPackage/1.2.3), the license information box is not displayed
    • On the List Package Versions page (/feed/MyFeed/MyPackage/versions), the license information box is not displayed

    FeedType == Promoted

    • On the List packages page (/feed/MyFeed), the add Package Button is disabled

    FeedType == Mixed

    No UI changes.

    Next Steps?

    Well, that's everything. Any opinions / suggestions?

    I'm not sure why the Add Package button is disabled. Of course you can still use API, or even navigate directly to the page. Perhaps a warning on the Add Package Page would be better?

    Cheers,
    Alana


Log in to reply
 

Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation