2018.3.0b7 added following:
We already got informative post about how to use git from package manager here:
Any chance to we could also get some brief introduction on how to setup scoped registries (private registries)?
2018.3.0b7 added following:
We already got informative post about how to use git from package manager here:
Any chance to we could also get some brief introduction on how to setup scoped registries (private registries)?
Hello @rz_0lento ,
Sure. Here it is!
Introduction
The concept of scopes is borrowed from npm (https://docs.npmjs.com/misc/scope), it allows a subset of packages to be hosted on a registry other than the default.
Configuration (manifest.json)
Project manifests (manifest.json) can now contain any number of scoped registry configurations in the scopedRegistries attribute.
The scopes attribute of each configuration is an array of strings that can be mapped to a package name in two ways:
When deciding in which registry a given package should be searched, Package Manager will settle on the scope that is the closest match to the requested package name.
The snippet below demonstrates how scope selection works:
{
"scopedRegistries": [
{
"name": "Main",
"url": "https://my.company.com/registry",
"scopes": [
"com.my-company", "com.my-company.tools.packageX"
]
},
{
"name": "Tools",
"url": "https://my.company.com/tools-registry",
"scopes": [
"com.my-company.tools"
]
}
],
"dependencies": {
"com.unity.cinemachine": "1.0.0",
"com.unity.2d.common": "1.0.0",
"com.unity.2d.animation": "1.0.0",
"com.my-company.package1": "1.0.0"
}
}
With the above configuration:
com.my-company.packageA
. will be fetched from Main because it is in the com.my-company.* namespace.com.other-namespace.packageX
will be fetched from Main because its name is an exact match. It also matches com.my-company.tools.* (Tools) but that is less specific.com.my-company.tools.animation
will be fetched from Tools because it is in the com.my-company.tools.* namespace. It also matches com.my-company.* (Main) but that is less specific.com.other-company.packageA
will be fetched from the default registry because it matches none of the configured scopes.Why āscopedā registries?
Itās to ensure determinism when deciding from which registry a package should be fetched. By using scopes, a package will always be mapped to one and only one registry, guaranteeing a consistent result regardless of network conditions.
Supported Registries type
Unity Package Manager supports npm protocol based registries. You can use any off the shelves npm registries server and it should work.
These are the registries that we know should work
Search all package limitation
Some npm registry server does not support the /all
route to search all packages (e.g. Artifactory). Displaying scoped registry packages as part of the āAll packagesā list relies on scoped registries to support the old npm API protocol, which has an HTTP endpoint that returns the metadata of all published packages (eg: https://registry.my-company.com/-/all). When a registry does not support the old protocol, packages from that registry will simply not be displayed in the UI. However, this limitation does not apply to package resolution, so packages from scoped registries can still be manually added to the project manifest.
Limitations
Thanks for trying out this feature. Let us know if you have any issues. Look for a production quality release in 2019.1.
Regards,
Pascal
Hi,
how does it work with registries/packages that requires auth? it picks up whatever npm login
you do in the terminal? or requires env variables / cli startup?
also do you plan to integrate with the unity account management (so it picks the credentials I am logged in unity with)?
Hi @M_R ,
The Package Manager does not support authentication for now. Your repository needs to be public. One thing you can do is limit access to people inside your LAN.
If you have a use case that is common, we could look into adding this feature. Can you expand a little bit more on why you would need auth on a local/private registry?
Regards,
Pascal
to prevent unwanted access to the packages, the same way we have auth required on bitbucket (ssh, it works btw).
also we need access at least from:
the best pattern would be to link it with our organization for Unity account, so anyone (plus cloud build) can have access without modifying either env or manifest.json.
for the main registry, I can access private stuff by modifying the manifest, but it feels hacky (and doesnāt support multiple users without gitignoring it):
{
"registry":"https://blablablabla",
"always-auth":true,
"email":"hardcoded@email.com"
"_auth":"<hardcoded basic auth>"
"dependencies":{...}
}
Thank you @M_R for the feedback! Will transfer your request to our product manager to validate priority.
Regards,
Pascal
Easiest would be if Unity supported the standard npm authentication.
i.e. a user would log in with npm adduser REGISTRY, which updates the .npmrc file in the userās home directory and Unity would pick up those credentials.
This would mean existing private npm registry setups could be used with Unity without having a separate authentication process.
as @Adrian says, plus the ability for npm adduser ...
in the cloud build
@M_R I just wanted to give you a follow-up on this feature request. We analyzed it, and it will require a bit of work to provide a good user experience (persist credentials, env vars, login window, etc.). The complexity is a bit greater than I would have anticipated. I hope we can implement this feature sometime in 2019. We have a couple of higher priority issues to address in our backlog before attacking this one. As for your request to support Unity auth on scoped registries, it is not something we have in our roadmap. Sorry.
@Adrian Even though Package Manager is compatible with npm web API, it is not the same technology underneath (e.g. we donāt share the same configuration scheme for scoped registries)
Regards,
Pascal
Hi @okcompute_unity ,
I was wondering if you could ask about another way to do auth with packages. The idea would be to have a callback everytime the package manager try to access scoped registries. That callback would be called for each scoped registry and should return a boolean saying if it has access or not to it.
Something like this:
bool HasAccessToRegistry(string registryUrl)
{
var authToken = FetchToken();
if (registryUrl == "someurl" && authToken.IsValid())
return true;
return false;
}
The FetchToken would be something the user will develop.
Now I know the management of the registry isnāt done at the package level but somewhere in the engine (if Iām not wrong) so having that callback may not be that easy based on your architecture but that would be perfect for us to do what we want about these registries.
Auth is the main reason why we canāt have public registries since we canāt share our code but having LAN only packages is preventing us from remote working (well not absolute prevention but still itās very painful to grab each package manually from their git repo when you are at home).
Anyway if you could ask about the feasibility of this solution, that would be great, thanks!
Hi @dzamani ,
Thank you for your suggestion. We have a well-defined plan to implement this feature. This is only a matter of prioritization. If you have an enterprise support account, you can contact your assigned account manager to express the value for your company to make this feature available sooner.
Regards,
Pascal
Will there\could there be support for just a git repository representing a registry? I do this method with my custom package manager and it makes it really easy for anyone to make one.
@nhold Can you expand a bit more on your setup? Do you have examples? Or a public repository that you can share?
Thank you!
Pascal
Obviously my setup will be a lot simpler but you can see the repo for the package manager itself here:
https://github.com/nhold/ubPackageManager
Essentially the idea is a āregistryā is just a git repo with lots of Package Definition Files
which is defined as:
{
"name": "ubGridArray",
"versions": [{
"version": "1",
"branch": "version-1"
}],
"description": "1D array as 2D array.",
"location": "https://someurl/ubgridarray.git",
"parentDir": "Bifrost",
"childDir": "ubgridarray/Assets/Plugins/ubGridArray"
"dependencies": [
"ubConfig"
]
}
So to read from the registry you just pull\clone it and read the json files to populate the data.
Interesting. We have no plan to support such a feature. I just donāt want to give you false hope. But will see. If hosting out of the shelve npm registries turns out to be too hard/complex for people, we could consider this alternative approach.
Btw, were you aware that the Unity Package Manager supports Git URLs project dependencies? Git support on Package Manager
Thanks a lot for sharing. This gives me another perspective
Regards,
Pascal
What are the rules about version matching within scoped registries?
Traditionally we would base rules on the NPM protocol found here: https://docs.npmjs.com/files/package.json
Suppose you have the following packages:
Is this something we can expect the package manager to be able to handle and correctly isolate? As far as my testing illustrates the package manager will default to the highest versioned dependency.
Finally, the dependency on package A seems to be a hidden package within the Library/PackageCache
along with the remaining packages. But said dependency will not be illustrated within unity.
Hi @dtaTrifork ,
The package manager conflict resolution algorithm will always choose the highest version number requested unless the package is a root dependency (i.e. you explicitly added the package to your project). We are working on documenting the conflict resolution algorithm. Coming soon.
The Package Manager UI does not show transitive dependencies. This is something we have on our roadmap.
Regards,
Pascal
Hi,
I am setting up Unity Package Manager to work with a private npm registry.
I am getting an error:
An error occurred while resolving packages:
Project has invalid dependencies:
mypackage: self signed certificate in certificate chain
I can pull the package from the registry using NPM fine, how can I specify the cafile for the Unity package manager?
Hi @giacomohomunculus ,
Iām sorry. The answer is not yet. This feature was recently requested HTTPS Communications Options - Unity Engine - Unity Discussions . We set the priority for this feature very high.
Regards,
Pascal