I am responsable to implement Octopus deploy in my company and first I look at the tool if it matches own requirements. My profile is a Front-End supervisor and I work with a System-Engineer (SE) on this project.
I am busy since some days to configure and deploy some projects and for now the tool works good. Unfortunately I still blocked on a security point asked by the S-E and I need your support to know if an issue exists.
Actually all deploys is done by hand and look like this from the UAT to PROD:
SE: take a copy of the package from public NuGet repository and copy to a private repository (only accessible by SE)
SE: deploy package, follow our procedure, blablabla
SE: deploy the package from their private repository, follow our procedure, blablabla
SE requires to copy the package from the public repository to their repository to avoid that a developer alters the package (bad experiences) but I can’t reproduce this behavior with Octopus.
I tried a custom variable without sucess.
I tried also to create a specific step to deploy the package from another repository for UAT and PROD but it creates duplicated process and it looses some advantage of Octopus.
Do you see other solutions to this problem?
In Octopus 2.4 it will be possible to use fine-grained permissions to control who can push packages to the Octopus Server’s own built-in NuGet feed. Does this sound like it would meet your requirements? It is possible in that model to allow only one version of a package to be pushed, but never overwritten.
Thank you for your answer.Yes it meets our requirements. I always used repository instead of NuGet feed and then I explored this way.
As you said, actually Octopus allows to overwrite packages in the built-in feed and it doesn’t exist a way to configure it unlike a custom NuGet server feed.
Then I tried with a custom NuGet server feed (don’t allow overwrite configuration) and it works hand in hand with Octopus. I am saved!
In addition to that I can push package in two ways: via NuGet.exe and the PackageExplorer. It’s important for us to have the possibility to use PackageExplorer.
I remarked that it doesn’t work to push a package in the built-in feed from the publish menu of NuGet PackageExplorer. Do you know the reason?
I’ve heard of problems publishing from earlier NuGet client versions (1.x) - we’ve made some changes to the server to fix it, I believe its also part of the 2.4 release.
Glad you’re up and running!