In this post, I will tell you how to use GitHub Packages to store NuGet packages in the GitHub repository. You'll notice that many of the steps are the same as those listed in my previous Npm tutorial (so if you’ve mastered that, you’ll fly through this). Let’s get started
What is a GitHub Package?
A GitHub package is a software package hosting service that will allow you to host packages privately or publicly and use packages as dependencies in your projects!
NuGet Package Configuration.
First, create two access tokens:
- Read and write access token (for storing all versions of the package).
- Read access token (to gain access to this package from another project).
Now for the set-up:
1. Log in to your GitHub organization or your profile account.
2. Go to "developer settings" and then personal access tokens.
3. In the “note” field, enter the description of your personal token, then select checkboxes: **write:packages**, **read:packages** and **delete:packages**.
4. Repeat steps from point three just for the read-only token **read:packages**
Then some values need to be provided in nuget.config:
<?xml version="1.0" encoding="utf-8"?><configuration><packageSources><clear /><add key="github" value="https://nuget.pkg.github.com/yourOrganizationOrAccount/index.json" /></packageSources><packageSourceCredentials><github><add key="Username" value="yourOrganizationOrAccountUserName" /><add key="ClearTextPassword" value="readWriteToken" /></github></packageSourceCredentials></configuration>
It’s a good idea to keep nuget.config just for local development purposes. To automate your CI/CD build you'll need to use a dedicated step or task combined with secret value depending on CI/CD platform.
Top tip: Set in your package nuspec file, the repository URL as it’s required by publishing to GitHub Packages.
<repository url="https://github.com/yourOrganizationOrAccount/yourPackageName" /><repository url="https://github.com/yourOrganizationOrAccount/yourPackageName" />
After everything is configured, publish your package using commands
$ dotnet pack --configuration Release
$ dotnet nuget push "bin/Release/YourPackageName.1.0.0.nupkg" --source "github"
$ dotnet nuget push "bin/Release/YourPackageName.1.0.0.nupkg" --source "github"
You should now see this package in your repository, package and package details:
Repository
Package
Package Details
To view your package in another project you will need to do one of the following solutions:
1. nuget.config in your project with read token and then install it from the command line
$ nuget install YourPackageName
or
add [<Project>] package [<YourPackageName>
2. Visual studio NuGet source configuration
Go to “Tools” -> “Options” -> “NuGet Package Manager” -> “Package Sources”.
Add new source in form of:
https://nuget.pkg.github.com/yourOrganizationOrAccount/index.json.
You will be prompted to add credentials for the package store. Add your organization username as the username information and your generated read access token as the password.
Note: GitHub, for now, doesn’t support NuGet feed URL with a feed authorization token like NuGet.
Removing packages from GitHub for private repositories.
GitHub states
"You can only delete a specified version of a private package on GitHub or with the GraphQL API. To remove an entire private package from appearing on GitHub, you must delete every version of the package first.
[For public repositories.]
To avoid breaking projects that may depend on your packages, you cannot delete an entire public package or specific versions of a public package.
Under special circumstances, such as for legal reasons or to conform with GDPR standards, you can ask GitHub Support to delete a public package for you, using our contact form."
Deleting via browser.
1. Go to your package repository, go to “packages” and click the name of your package.
2. On the right, use the “edit package” drop-down and select "manage versions".
3. To the right of the version you want to delete, click “delete”.
Deleting via GraphQL.
"Use the deletePackageVersion mutation in the GraphQL API. You must use a token with the read:packages, delete:packages, and repo scopes. ...
curl -X POST \
-H "Accept: application/vnd.github.package-deletes-preview+json" \
-H "Authorization: bearer TOKEN" \
-d '{"query":"mutation { deletePackageVersion(input:{packageVersionId:\"216072\"}) { success }}"}' \
https://api.github.com/graphql//api.github.com/graphql
...You cannot delete an entire package, but if you delete every version of a package, the package will no longer show on GitHub." - (GitHub)
Take it a step further.
You can see how easy it is to set-up and use NuGet in existing GitHub repositories.
Why not combine this tutorial with our Azure DevOps pipelines process and tips for publishing Npm packages? Merging these tutorials together can help to manage your organization's private packages, publish open source projects and packages, simplify tools by storing projects and tools in one place on GitHub and standardize your build and tools processes!
If you have any comments or questions, why not send us a message on the form below or get involved on Twitter...