Best practices for using Azure Artifacts

This article contains some general guidance and best practices when it comes to producing and consuming packages in Azure DevOps Services or Team Foundation Server (TFS).

Creating packages as part of a build

Each repository should only reference one feed

A feed is a container for packages. You can have multiple feeds for different projects but a particular project should only reference one feed. If you want to use packages from multiple feeds, use upstream sources to bring packages from multiple feeds together into a single feed.

On package creation, automatically publish packages back to the feed.

This will populate the @local view of your feed. For more information on views, check out the views concept page.

Enable retention policies to automatically cleanup old package versions

Deleting old package versions improves client performance and releases storage space. You can choose how many versions of a package to retain when setting up your retention policy.

Promote your package to the correct view

When a package is ready for early adopters, select that package and its dependency graph and promote it to the @prerelease view.

When the package is deemed of sufficient quality to be released, promote that package and its dependency graph into the @release view.

Promoting package versions to a view ensures they won't be deleted by retention policies. For more information on views, check out the views concept page.

If external teams are consuming your package, ensure that your @release view and @prerelease view are visible across the organization and/or organization

If these views aren't visible, teams won't have access to your packages.

Consuming packages from public and internal sources as part of a build

Each repository should have a unique feed

A feed is a container for packages, the only package source should be that single unique feed for each repository.

Configure upstream sources for public and internal sources

Add any public sources as a public upstream.

Add any internal sources as an Azure DevOps Services upstream.

Find out more information about upstream sources and how to configure upstream sources.

Sources not in your organization but in the same AAD tenant should be added using the feed locator

The feed locator uses the following syntax:

azure-feed://<organization>/<feed>@<view>

Ensure that the order of the sources matches your desired package resolution order

The feed will check each upstream in order, returning the package from the first source that can provide it.

To avoid confusion, we recommend placing any public upstreams FIRST in your resolution order

This prevents other sources from overriding well-known packages with altered or incompatible versions.