Deploy packages

This topic provides guidelines, configurations, and common use cases for deploying packages, and explains how to manually upload packages to specific vaults.

Package deployment guidelines

These are the common use cases for storing binaries in a vault:

Internal

Binaries built from your software. When you publish these package types, they typically do not need to be approved and can be consumed by developers.

External

Components downloaded from third-party vendors, such as Maven or Python PIP. After a package of this type is added to a vault, it can be reviewed, approved, and then consumed by developers.

You can use external packages in build and deployment processes only after the packages have been approved. For details, see Review and approve packages.

Guidelines for deploying packages:

PulseUno supports Maven, npm, Docker, PyPI, and NuGet package types.
PulseUno supports generic vaults that can store files of any format. Generic vaults maintain only one version of each file. For details on how to upload files to a generic vault, see Upload files to generic vaults.
You can deploy artifacts to both local and remote vaults.
NuGet: Before you can deploy NuGet packages, add your PulseUno vault as a package source and enable the V3 protocol. For details, see Configure NuGet to use vaults.
Maven and npm: You can upload Maven and npm packages through the user interface. For details, see Upload Maven and npm artifacts.

Caution: Make sure your Vault and PulseUno servers are configured to use the same protocol type. For example, if the PulseUno server is configured for HTTPS, the Vault server must also use HTTPS. This ensures that no errors occur when uploading or downloading artifacts through the user interface.
To deliver to a remote vault, make sure the vault is not set to read-only. For details, see Create and manage vaults.
Only the chains that run from trusted products can deliver to a vault. For details, see Define trusted products for vault.
To deploy or manually upload packages to vaults, you need the developer, owner, or administrator permissions. For details, see Manage members and teams.

When building software, you need to specify the URL for the vault you are deploying to or pulling from. For details on how to copy your vault's URL, see Copy vault URL.

For details about the URL configuration required for your package type, build system, or IDE, see your package manager's user help.
When a package is deployed, PulseUno detects the licenses used by the package, and the dependency vulnerabilities the package has. Additionally, you can enable continuous vulnerability detection. For details, see Detect dependency vulnerabilities.

After you deliver packages to a vault, publish them so that they can be reviewed by approvers. For details, see Publish packages.

Configure NuGet to use vaults

To work with PulseUno NuGet vaults, use the NuGet CLI or Visual Studio Package Manager.

Because PulseUno uses the NuGet V3 API, it doesn't support the nuget list NuGet CLI command. To deploy packages, run the nuget install command.

Before you can deploy packages, add your PulseUno vault as a package source and enable the V3 protocol in the NuGet configuration.

To configure NuGet for a PulseUno vault:

Add your PulseUno vault as a package source. Run this command, replacing the URL, username, and password with your own:
Copy code
```
nuget sources Add -Name Vault -Source http(s)://<pulseuno-server>:<port>/vault-server/nuget/<space>/<nuget-vault>/v3 -username <username> -password <password>
```
For details on where to find your vault's URL, see Copy vault URL.

To ensure that NuGet uses the V3 API, manually edit the NuGet.Config file in your user directory, for example:

Windows	%AppData%\NuGet\NuGet.Config
Linux	~/.nuget/NuGet/NuGet.Config ~/.config/NuGet/NuGet.Config

Add the protocolVersion="3" attribute to the Vault package source, for example:

Copy code

<packageSources>
    <add key="Vault" value="http(s)://<pulseuno-server>:<port>/vault-server/nuget/<space>/<nuget-vault>/v3" protocolVersion="3" />
</packageSources>

Copy vault URL

Copy your vault's URL so that you can specify it in your build and deployment processes to point to the vault location and deliver packages to the vault.

Vault URL format

The following URL format specifies the vault location in PulseUno:

Maven, npm, PyPI, NuGet, generic	http(s)://<hostname>:<port>/vault-server/<vault-type>/<space-name>/<vault-name>
Docker	<hostname>:<port>/<space-name>/<vault-name>

where:

Parameter	Description
<hostname>:<port>	Specifies the machine name and port number where the PulseUno vault is located, for example, dev:8080.
vault-server	All package types except Docker: Identifies the Vault server component.
<vault-type>	Specifies the vault type: maven, npm, docker, pypi, nuget, or generic.
<space-name>	Specifies the PulseUno space where the vault is located, for example, app.
<vault-name>	Specifies the vault to be populated with package contents, for example, dev-cache.

Example: Maven vault URL: http://01dev.net:8080/vault-server/maven/app/dev-cache

To copy a vault's URL:

On the top navigation bar, select a space from the spaces list.
On the sidebar, select Vaults.
On the Vaults page, click a vault to open it. On the vault details page, the vault's URL is displayed in the Repository section in the right pane.
To copy the URL, click Copy to clipboard .

You can now paste the link into your IDE or build scripts.

Upload Maven and npm artifacts

Upload Maven .jar or .war files and npm .tgz files directly from the user interface. Each upload creates a new package version.

To upload a Maven on npm package:

On the top navigation bar, select a space from the spaces list.
On the sidebar, select Vaults.
On the Vaults page, click the relevant vault to open it.
Click Upload on the toolbar.
In the Upload Artifact dialog box, click the upload area and select a package to upload.
Enter the Artifact ID, Group ID (optional for npm), and Version coordinates to identify the file. If the coordinates are included in the file, PulseUno detects them and prefills the fields.

npm: The prefilled coordinates are read-only and cannot be changed.
Click Upload Artifact.

For details on how to review package contents, see Review and approve packages.

Upload files to generic vaults

Upload files to a generic vault directly in the user interface or with a command-line tool such as cURL.

Generic vaults support files of any format but do not support file versioning. When you upload a version of the same file, the new version overwrites the existing file.

Caution: PulseUno does not detect licenses and dependency vulnerabilities for files in generic vaults. Make sure that you check the files for vulnerabilities before uploading them.

After uploading the files, you can publish them for approval. For details, see Publish packages.

To upload files from the user interface:

On the top navigation bar, select a space from the spaces list.
On the sidebar, select Vaults.
On the Vaults page, click a generic vault to open it.
Click Upload on the toolbar.
In the Upload dialog box, click the upload area and select one or more files to upload.
(Optional) In the Directory field, enter the name of the directory where to place the files. If the directory doesn't exist, PulseUno creates it.
Click Upload.

To upload a file using cURL:

Obtain the vault's URL. For details, see Copy vault URL.

Run the following curl command:

Copy code

curl -u <username>:<password> -T file.zip http(s)://<vault-URL>/<directory>/file.zip

where:

<username>:<password>

Specifies your credentials to log in to PulseUno. For example, a username and password or a username and personal access token.

To upload to a vault, you need developer permissions or higher.

file.zip

Specifies the name of the file to upload. You can upload one file per command.

http(s)://<vault-URL>/<directory>/file.zip

Specifies the path to the file upload location inside the vault.