Use metadata to understand how your NuGet packages are built

backend-weight2

Problem to solve

When a NuGet Package is uploaded to GitLab, a job is run on it to open the archive and read the .nuspec file. Right now, the package name and version are extracted but several other fields are available and could be useful to extract in order to have them available on the NuGet Metadata endpoint.

In addition, these fields could be displayed on the package details page of GitLab.

Intended users

• Delaney (Development Team Lead)
• Sasha (Software Developer)
• Devon (DevOps Engineer)
• Sidney (Systems Administrator)
• Sam (Security Analyst)

Further details

Examples

• 
• Here is an example of a .nupsec file: AWSSDK.Core.nuspec

Technical notes

Here are some technical notes on the following fields of the metadata section:

• dependencies
  • We can reuse Packages::Dependencies
  • The tricky part is the targetFramework of the dependencies group
  • This could be implemented as an additional field option in Packages::DependencyLink
• licenseUrl and projectUrl could be useful to have them displayed as links
• tags
  • We can reuse the Packages::Tag model
• iconUrl supporting this url would allow Visual Studio to display an icon

Proposal

Help .NET/C# developers to understand more details about a specific package, by storing and displaying NuGet metadata for packages pushed to the GitLab NuGet Repository.

Permissions and Security

• There are no permissions changes required for this change

Documentation

• There are no documentation changes required for this change

Availability & Testing

What does success look like, and how can we measure that?

Success looks like developers are able to view and share their package's metadata using the GitLab UI. We can measure success by tracking the overall adoption of the NuGet repository and by seeing a decrease in the number of metadata related issues.

Links / references

/label feature