DEV Community

What do you use for private package hosting?

Kyle Galbraith on August 28, 2020

I have been looking into the universe of options for hosting private code packages. There are things like GitHub Packages, NPM, Azure, AWS CodeArti...
Collapse
 
gargakshit profile image
Akshit Garg

GitHub packages or azure container registry depending on the project

Collapse
 
kylegalbraith profile image
Kyle Galbraith

Which languages are you using GitHub packages for? I imagine Azure container registry is for your Docker images.

Collapse
 
gargakshit profile image
Akshit Garg

Yes, azure is for Docker images. I use GitHub packages for NPM packages and Docker images

Thread Thread
 
warns profile image
Mert Alnuaimi • Edited

It might be a better practice to distribute packages and docker images itself on different platforms, in this case the packages on GH and images on ACR specially if a partner with Microsoft where ACR will become the cheaper option

Thread Thread
 
gargakshit profile image
Akshit Garg

No idea about the best practices. But imo, GitHub is cheaper, and provides 500mb for free, but as we have GitHub pro, we get 2gb or storage for containers and packages

Thread Thread
 
warns profile image
Mert Alnuaimi • Edited

We will be using GitHub pro as well. Also, technical wise there doesn't seem to be any complication in using GitHub's container registry with actions to deploy to Azure K8s using Terraform. It even makes it one less step to deal with the resource group and Azure's permissions to publish on ACR, but it still stands as a more reliant option.

Collapse
 
andrewbrown profile image
Andrew Brown πŸ‡¨πŸ‡¦
Collapse
 
kylegalbraith profile image
Kyle Galbraith

Hmm this seems mostly focused on more OS level packages which isn't quite what I was thinking of. Thinking more in terms of actual code (i.e. Python packages, NPM packages, etc).

Collapse
 
andrewbrown profile image
Andrew Brown πŸ‡¨πŸ‡¦ • Edited

SSM Distributor manages NPM packages. lol

Oh I guess you did write it in here, sorry my bad:

Others are focused on single package types like Ruby Gems or Python.

For Ruby you can just specify a git or github private repo:

gem 'my-private-gem',  github: 'omenking/my-privaterepo'
gem 'my-private-gem',  git: 'git@'
Collapse
 
marceloandrade profile image
Marcelo Andrade R.

a monorepo counts for your definition of private packages?

Collapse
 
kylegalbraith profile image
Kyle Galbraith

Hmm it could? I'm not sure what that looks like, mind sharing some details?

Collapse
 
marceloandrade profile image
Marcelo Andrade R.

for example in a node app, you will have a structure like this in the same git repo:

app1
app2
package1
package2

in the package.json from app1 you can reference the dependency with "package1": "../package1" and "package2": "../package2". And app2 can reference or not some common package in its package.json

that way your package is private because is part of your own repo, and you can have multiple apps sharing the packages you create.

Thread Thread
 
kylegalbraith profile image
Kyle Galbraith

Cool idea and totally viable! Thanks for sharing.

Collapse
 
danitfk profile image
Daniel

I really satisfied with JFrog Artifactory.

Collapse
 
pscully profile image
Patrick Scully

We use a system called Release Belt hosted on a simple Amazon web server. Works great.