Fetch npm packages from the GitLab cache
Problem to solve
In #241243, we started caching packages fetched from npm's public registry. However, when fetching packages, we are not currently resolving them from the cache.
In order to increase the reliability of pipelines, we should deliver packages from the cache when not found in the npm public registry.
Intended users
User experience goal
The user should have confidence that their dependencies are available even if the npm public registry isn't.
Proposal
A request for an npm package will go to GitLab -> npmjs.com -> Dependency Prox cache. Only if a package is not found in the first two options should we pull it from the cache.
Further details
Benefits
By only looking for the package in the cache after it has not been found in either GitLab or npmjs.com, we can deliver an MVC that will increase the reliability of builds without worrying about auto-updating the cache or delivering the wrong versions of a given package.
Permissions and Security
- There are no permissions changes required for this issue.
Documentation
Availability & Testing
What does success look like, and how can we measure that?
Success looks like we can begin to dogfood this feature and avoid any issues due to outages of mpmjs.com.
Metrics
- how often is the cache hit
- how often was a package searched for and found on npmjs.com
- how often could it have been pulled from the cache
What is the type of buyer?
- This feature will be focused on mid to large size enterprises.