Generate NuGet package dependency matrix directly from TFS source control

2 minute read

I've played with this idea for a while now, and I've finally forked the NuGet sources to add this functionality to the Commandline tool. This is work in progress, so please bear with me on this one. If you find defects or have suggestions for improvement, feel free to drop me a mail or comment on this post ;-)

Something any decent software factory wants to know at any time is the answer to the following questions:

  • Who is using version X of component Y?
  • Which versions of component Z are in use (and which not)?
  • What dependencies does application A have, and to which versions?

Answering these questions typically requires someone to maintain a spreadsheet with dependency matrixes. My goal is to get rid of this work and automate this. I've used TFS Source Control for my implementation as I can probably find immediate use for it. Also, it was a good exercise to play with the Team Foundation Server 2010 SDK.

Here's a screenshot of what I committed into my NuGet fork:

Why did I add the tfs action to the command? Because I'd love to see this command work for other version control systems as well, such as SVN, Git, Mercurial...

I've obviously still got some work to do on the authentication part as well as you might notice, although I use UICredentialsProvider from the SDK, which should prompt you with a dialog when the system cannot automatically authenticate you, as shown below.

As you can see in the first screenshot of this post, I currently enumerate the entire server for all Team Project Collections and all Team Projects within them. The command will of course respect source control permissions for your account and only return those you have access to. Within each Team Project, a lookup is done for any repositories.config and packages.config files, their XML is analysed and a dependency matrix is generated for each Team Project.

Possible improvements I can think off are:

  • add a -Repository option to the command to limit the scope of the analysis on the server to a specific path (and everything underneath)
  • add some cmdline authentication options
  • fine tune the analysis on the branch and/or solution level instead of on the team project level
  • making this a commandline extension command (instead of built-in) to avoid dependencies to TFS SDK in NuGet cmdline?

I'm sure you might have other great ideas as well, so don't hesitate to post them here, or provide me with a patch :-)

This is a first implementation and needs further testing, so you've been warned! Hold on to your neutrinos if things go horribly wrong!


Leave a Comment