Hello; I've updated the documentation to clarify this, but it's available starting in ProGet 5.2.9. So, you'll need to upgrade to enable it :)
![](/assets/uploads/profile/4-profileavatar.png)
atripp
@atripp
C# developer by trade, but writing less and less code and more and more specs.
Best posts made by atripp
-
RE: Service Health API call returning 404
-
RE: NPM Connector returns plus "+" in versions
Thanks for the update! I've noted this in the docs, and linked to this discussion :)
https://github.com/Inedo/inedo-docs/commit/d24087911584bbda833314084a58c2ae1ff41c39
-
RE: [ProGet] [NativeApi] NpmPackages_DeletePackage not working.
Hello,
That API will only delete package metadata from the database, not from disk. It's mostly intended for internal use only, and probably shouldn't be exposed to the API. In any case, we don't store the
@
with internally, so if you change@myscope
tomyscope
it should work.Note that the NPM doesn't provide a way to delete packages, and we never implemented it. There hasn't been any demand for it to date, as people don't really delete packages programmatically - but you're definitely welcome to submit a feature request and help us understand why it'd be a value (like, the workflow you use that requires deleting packages, etc).
Alana
-
RE: Creating PowerShell repository, protecting pull/download by API key
Hello, for sure!
It's pretty easy; just don't give the
Anonymous
user any access to your feeds, and then authentication will always be required, either when browsing the ProGet application or using the API (such asInstall-Module
).When you use the Register-PSRepository command, you can the
Credential
option to specify a credential.This credential can be the name/password of a user inside of ProGet (let's say,
Admin:Admin
), or it can be username ofapi
with a password of an api key you've configured (so,api:my-secret-key
). -
RE: Restricting API access to View/Download
Hello;
The Native API is for low, system-level functions, and it's "all or nothing". If you give someone access to Native API, you are effectively making them an administrator, as they can also change permissions and grant admin privileges. So, I don't think you want this. Instead, you'll want to use the Debian API endpoint that we implement.
It's a third-party API format
In order to support third-party package formats types like NuGet, npm, etc., ProGet implements a variety of third-party APIs. We only provide minimal documentation for these APIs, as they are generally either already documented elsewhere. However, you can generally find the basics by searching for specific things you'd like to do with the API, such as "how to search for packages using the NuGet API" or "how to publish an npm package using the API".
So in this case, I recommend to search "how to view and download apt packages".
-
RE: PyPI package not shown in search results accessible via url
I'm not very familiar with PyPi packages, but I know there are some oddities with
-
and_
, and that they are sometimes supposed to be treated the same, and sometimes not. We don't totally understand all the rules, to be honest (even after reading PEP503 specifications).In this case, the package is actually
websocket_client
, notwebsocket-client
.See: https://pypi.org/project/websocket_client/
When you search for
websocket_client
in ProGet, it shows up, as expected. -
RE: How to find out package disk space?
In ProGet 5.3, we plan to have a couple tabs on each
Tag
(i.e. container image) that would provide this info: Metadata (will be a key/value pair of a bunch of stuff), andLayers
will show details about each of these layers.That might help, but otherwise, we have retention policies which are designed to clean up old and unused images.We'll also have a way to detect which images are actually being used :)
-
RE: [BUG - ProGet] Not able to remove container description
As @apxltd mentioned, we've got a whole bunch planned for ProGet 5.3.
I've logged this to our internal project document, and if it's easy to implement in ProGet 5.2 (I can't imagine it wouldn't be), we'll log it as a bug and ship in a maintence release.
Do note, this is not an IMAGE description, it's a REPOSITORY (i.e. a collection of images with the same name, like
MyCoolContainerApp
) description; so this means the description will be there on all images/tags in the repository. -
RE: [Question - ProGet] Are versions amount wrong ?
You're right, I guess that's showing the "layers" instead of the "tags"; I think it should be showing container registries separately (they're not really feeds), but that's how it's represented behind the scenes now.
Anyways we are working on ProGet 5.3 now; there's a whole bunch of container improvements coming, so I've noted this on our internal project document, to make sure we get a better display for container registries.
-
RE: Anonymous user can see list of packages and containers
@Stephen-Schaff thanks for the bug report, I verified that this may happen depending on permission of user, and which feeds they can/can't use --- but it seems an easy enough fix that we can do via PG-1894 (targeted to next release) - the packages can't be viewed upon clicking, but it's a sub-optimal experience for showing packages they can't see
Latest posts made by atripp
-
RE: pgutils and Maven
Hi @matt-wood_5559,
Our solution for Maven builds is to leverage CycloneDX to generate the SBOM, and then upload that SBOM to ProGet: https://docs.inedo.com/docs/proget-sca-java
We had considered reproducing the functionality, but the only way to get dependency information from a Maven project is to create a Maven plugin and "watch" the build as it happens --- and that's already what CycloneDX does very effectively.
If you can think of ways to make it easier to work with pgutil we're very open to that :)
Thanks,
Alana -
RE: Connecting feeds
Hi @matt-wood_5559,
I think I understand what you're asking - basically you'd like to create a feed when some users see one set of packages, but other users see a different set?
This is definitely not possible, and it's simply not something ProGet does from a design standpoint: i.e. "file-system type" granular permissions.
While it might seem convenient or nice to give users "just a single URL" to access, it ends up makes things much more complicated to configure/use/maintain. Basically some users will get random "package not found" errors while others will build fine. It'd be very confusing and big headache.
Instead, it's best to educate on different feeds/repositories, and help them use and request access as needed.
Hope that helps,
Alana
-
RE: Assigning package versions
Hi @matt-wood_5559,
I might need a little more information / screenshots with what you're looking at here....
There could be a bug/oversight, etc. Perhps you could walk through steps / show screenshots of what you're seeing? If it's on maven central, we can then repro and take a look
Thanks,
Alana -
RE: License discovery for Maven packages
Hi @matt-wood_5559,
A Maven package's license is determined by the
license
field in the POM:
https://maven.apache.org/pom.html#LicensesThere are unfortunately no real standards here, and the author can put in anything from a SPDX Code (which is recommended, by the way) to a string like "Apache license" (which probably means apache 2.0, but who knows?).
We would rather not guess what the author might have intended, so ProGet only detects licenses with SPDX codes and then lets you decide how assign which codes to other license types as you come across packages that don't follow SPDX.
However, once you start associating those strings with licenses, it will work for future packages.
Thanks,
Alana -
RE: Maven additional artifacts
Hi @matt-wood_5559 ,
You should be able to upload any file type. There is a drop down on the upload page, but that's for the popular types and is kind of an example. Typically the fies are uploaded via Maven/CLI anyway, and not the UI.
Thanks,
Alana -
RE: ProGet Proxy Authentication
@forbzie22_0253 setting the proxy programmatically is not something we currently support or document at this time, but if you're dedicated you could use native API to the newly-developer settings API:
https://github.com/Inedo/pgutil/blob/thousand/pgutil/Settings/ListCommand.csIt's configured via values in the
Configuration
table. -
RE: Unable to use the API
@francesco-campanella_3733 thanks for continuing to research this - we just haven't had a chance to look further. Did you try editing the feed settings (especially the Feed Features, which would save a new Feed Config), and then re-saving again? We will fix the bug, I would just like to be able to reproduce it so we know for sure what's causing it :)
-
RE: Linux Performance & SQL Server Issues
@apxltd heard this from a user on the support forums today...
We also came across this issue: https://github.com/dotnet/SqlClient/issues/2378 which suggests it might have started with the recent 5.2.x versions of Microsoft.Data.SqlClient (I did confirm that this is the version Proget is using).
Maybe we can downgrade to 5.1 and see if it helps at all
-
RE: ProGet SCA - License URLs are modified when saved to DB
Hi @jw ,
It's unlikely we will want to add/change this; what you're describing isn't a supported use case, and adding a "second URL" type field that would be empty on nearly every license would be confusing.
Our general recommendation for dealing with non-OSS licenses has been to create a code like DEVEXPRESS or ASPOSE, and treat them as all the others.
If there's more user demand for the particular use case we'll definitely reconsider. For now the licenses are confusing enough :)
Thanks,
Alana -
RE: ProGet SCA - License URLs are modified when saved to DB
Hi @jw ,
This is not possible; ProGet only stores this portion of the URL and uses that URL fragment for license detection. This is important, because then users won't have to specify every variation of a license URL that packages will present.
Thanks,
Alana