I’m trying to restrict the default nuget.org-proxy to list only a specific version of a group of packages.
We have a couple of packages which must be used with specific versions.
Is it possible to have access to all packages from nuget.org but restrict specific packages to their specific versions?
I tried Routing rules and Content selectors and neither does work like I want it to.
Even if I use Routing and prepare a regex that blocks all but the specific version, the most recent version is also listed (although it can’t be downloaded)
I think routing rules are going to be the closest you’re going to get. You could also accomplish the same thing with Nexus Firewall (paid offering) I believe, but it would behave the same as the routing rules in terms of not preventing the latest from being listed. An alternative approach would be to not block any versions but instead use Nexus Lifecycle (paid offering) to warn developers who try to use the components you don’t want them to use during development or CI builds and block production CI builds from succeeding.
Oh, I thought of one other approach you could take (though I wouldn’t recommend it). You could have all your developers use a hosted repository to download dependencies and upload only the approved version of the dependency to that repository. Of course that would mean devs would be slowed down every time they wanted a version that isn’t in the hosted repository and you would have to consider who should have access to upload specific versions.
Ah, I though so. I was tinkering with it all day and came to the conclusion it won’t work out of the box. The paid offerings seem to be an option, I have to look into that. I also wanted to try the hosted repo idea but the dependency hell would be unbearable. Thanks for the confirmation though!