Implement delayed deletion for projects
Problem to solve
When someone deletes a project, it's very hard to restore it again if the deletion was accidental. The database can only be restored from a backup previously done. For the repository, it's usually removed from disk with a delay, which increases the chance of restoring it, but that is also not a guarantee.
Further details
Deleting something as big as a project should have safe-guards in place. One important one is an intermediate state where it can be moved to, in which it's not available anymore to regular users, but it can still be restored if it was removed by mistake.
This is also useful as a removal can even happen from an API request.
Proposal
-
Implement the concept of delayed deletion, in which projects can be "removed" but not yet deleted. So any removal operation will put the project in that place (state), and that will flag the project for removal in X days ( 307 by default, but can be configured for compliance reasons). Note: Implemented as "soft delete" under #32935 (closed) -
When it is "removed" it will appear for the regular user as if it has been deleted completely. But it can still be restored by a system administrator. There should be an Admin UI screen that can list "removed" projects, when it was "removed" and when it will be deleted completely, with a button to "restore". Note: Implemented in !33502 (closed) -
#344013 (closed) | A removed repository is removed from any indexing routine and is excluded from any relevant query (you shouldn't search for anything that is related to a removed project, as we do for archived ones. -
#344016 (closed) | There should be the option to "delete all removed projects now" as well, which should be useful when you want to free space from disk. -
#344014 (closed) | In the past this proposal was not easily possible as the repositories were named the same as their namespace/project_slug
. With Hashed Storage, this is no longer an issue and we can safely delay the removal while still allowing a new project to be created with the exact same name as the previous one. -
#33233 | Disable the option to archive/delete a project if there are active environments associated to it (this may not need to be implemented, but we should confirm that projects are not being scheduled for deletion without considering this).
(Incomplete items will be followed up on in subsequent issues #24866 (comment 716312501))
What does success look like, and how can we measure that?
User should be able to "remove" a project without deleting it, and system administrator should be able to restore it in within 30 days.
Links / references
This is how GitHub implements it:
BitBucket doesn't do that yet: