Investigate: Automated package imports (Artifactory)
Topic to Evaluate
Importing packages from Artifactory to GitLab. We often hear from customers that they would like an easy migration path and Artifactory comes up more often than Sonatype.
Outcome expected
The outcome of this investigation could be empowering professional services with a methodology or plan to help customers migrate. Then, once they've done that for 5+ customers, we can start to think about integrating it into the product.
Tasks to Evaluate
-
Determine feasibility of the feature -
Create issue for implementation or update existing implementation issue description with implementation proposal -
Set weight on implementation issue -
If weight is greater than 5, break issue into smaller issues -
Add task -
Add task
Risks and Implementation Considerations
To import a registry, we would optimally leverage APIs available in the other registry systems:
From the user perspective, we would have a user:
- Go to an import page in the UI
- Find the 3rd party registry on a list of registries we support import from.
- Once selected, they would provide credentials for logging into the private registry.
- Once logged in there may be a variety of options:
- Import all packages to project
- Select packages to import to project
- Note: It might be best to wait until we have virtual repositories for this type of import feature because importing to a virtual repository may be what users want rather than being forced to import to specific projects.
- Once selected, the import would run and the user would begin to see packages populated
- It would be nice if there was some sort of progress indicator
From the tech perspective:
- We need to authenticate via API somehow
- We need an API endpoint to fetch a list of packages available for import
- We need to take a list of those packages, fetch each, and for each package map a set of attributes to the corresponding tables in GitLab, creating each record as the package is stored.
- We need to optionally kick off background jobs to fill in any metadata.
Other ideas
We could set an option up where once connected to the registry, GitLab could "sync" with the registry, essentially creating a mirror, by a user setting a time period (sync daily/weekly/monthly).
Team
-
Add workflowplanning breakdown feature and the corresponding ~devops::<stage>
and~group::<group>
labels. -
Ping the PM and EM.