[Feature flag] Enable "forward_npm_package_registry_requests"
What
The feature flag forward_npm_package_registry_requests
controls how GitLab reacts when npm
or yarn
for an npm package that is not present in the NPM repository.
When the feature flag is toggled on, the request will be redirect to registry.npmjs.org
.
When the feature flag is toggled off, the request will fail with a 403 Forbidden
.
Note that a new CI/CD Setting has been added to control this feature.
See the related issue: #55344 (closed)
Owners
- Team: Package Team
- Most appropriate slack channel to reach out to:
#s_package
- Best individual to reach out to: @10io
Expectations
### What are we expecting to happen?
The NPM grape endpoint giving package metadata will stop replying 403 Forbidden
when an npm package is not found in the GitLab NPM repository. It will reply 301 Moved Permanently
with the redirection url being https://registry.npmjs.org/XXXXX
.
What might happen if this goes wrong?
- The endpoint could reply in error instead of replying the redirect.
What can we monitor to detect problems with this?
Beta groups/projects
The grape endpoint being global for the whole instance, we can't use beta groups or projects.
Roll Out Steps
-
Enable on staging -
Test on staging -
Ensure that documentation has been updated (!26888 (merged)) - [-] Enable on GitLab.com for individual groups/projects listed above and verify behaviour
-
Coordinate a time to enable the flag with #production
and#g_delivery
on slack. -
Announce on the issue an estimated time this will be enabled on GitLab.com -
Enable on GitLab.com by running chatops command in #production
-
Cross post chatops slack command to #support_gitlab-com
and in your team channel -
Announce on the issue that the flag has been enabled -
Remove feature flag and add changelog entry -
After the flag removal is deployed, clean up the feature flag by running chatops command in #production
channel