GitLab Rails Plan for "Allowing renaming projects with container repositories" on GitLab.com
Context
Following the work done in both #894 (closed) and pending in #895 (closed), we are now in a good position to hash out a plan for tackling the potential upddates to the rails backend to use the new "rename repository" API exposed by the registry to facilitate renaming a project from Gitlab rails.
Notes:
- This feature is only applicable to
.com
(as it relies on both the metadata database and redis being available) - The registry endpoint will only allow requests of JWTs with pull scopes:
{{repository-path}}/*
,{{repository-path}}
AND push scope:{{repository-path}}
.
Consideration
-
Only GitLab rails is issued JWT pull scopes with both {{repository-path}}/*
and{{repository-path}}
(see https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/services/auth/container_registry_authentication_service.rb#L53) today. We will need to extend that codebase so GitLab rails will also be able to gain the push scope on{{repository-path}}
in order to use the new rename endpoint. -
Once the token has been provisioned by the container_registry_authentication_service
we would then use it to call the new endpoint, following the flows highlighted in https://gitlab.com/gitlab-org/container-registry/-/blob/master/docs-gitlab/rename-base-repository-request-flow.md-
The rename API has the option to non-stick dry_run
option, allowing rails to check if a rename is even possible before attempting to start the rename
-
-
GitLab rails should only call the rename API on a project rename and should reference only the project path. This makes it impossible for a potential race condition when applying repository rename operations in the case where a prior lease has modified the name of a repository that a later lease was granted for as discussed here !1268 (comment 1338885850) -
We will need a feature flag to toggle this feature off in production (if need be). But we should be confident enough after observing the feature in staging before proceeding to production. -
UX frontend When a project rename is triggered by a user, the user should be notified first about the implications associated with doing a rename operation on a project's container repositories (see #427 (comment 1255525779) :
if you're renaming/moving a repository, keep in mind that during that process new uploads are forbidden and ongoing uploads may fail and need to be retried.
Edited by Suleimi Ahmed