Use `providers-api` when publishing Composer dependencies
Problem to solve
V2 of Composer offers performance and usability improvements. This includes a new API endpoint, the providers-api
.
When given a package name, it returns a list of other packages that list as a provider
in the provide
section of the composer.json
file. For example, the package phalcon/cphalcon, lists psr/log in its composer.json. If we request the providers-api for psr/log
, we will see phalcon/cphalcon
listed in the response.
The problem is that the GitLab Package Registry does not currently support using this field.
Proposal
Add support for providers-api
so that the GitLab registry supports all of the functionality in v2 of Composer.
Further details
This is a non-trivial update. Currently, we store the entire composer.json
file as jsonb in the packages_composer_metadata
table. So at the group-level, we would need to query the composer_json
value of every package in the group to find matches in the provide
section. This would not be scalable to large groups. The solution is to store the providers in a separate table of metadata. Possible implementation:
MR Plan
- Create
composer_providers
, which simply contains apackage_id
and aprovider_id
, where the provider_id points to another package in the group. - Update existing package creation code to insert values into the providers table.
- Background migration to backfill providers table for existing packages.
- Add providers-api route:
/api/v4/groups/:id/-/packages/composer/providers/*package_name
to display the providers of a given package.
Designs
- Show closed items
- Issue#324228BacklogCategory:SAST GitLab Core GitLab Premium GitLab Ultimate [deprecated] Accepting merge requests backend devops application security testing group static analysis section sec type feature
- Epicgitlab-org#130501219Feb 10 – Sep 13, 2024Category:SAST devops application security testing feature consolidation group static analysis section sec type feature
- Issue#439046BacklogCategory:SAST backend customer devops application security testing group static analysis section sec
- Issue#425084BacklogCategory:SAST devops application security testing group static analysis section sec type feature workflow planning breakdown
- Issue#373117515.9Category:SAST Deliverable Track Health Status [DEPRECATED] devops application security testing feature enhancement group static analysis section sec type feature workflow complete
- Issue#36295816.0Category:SAST Deliverable GitLab Free GitLab Premium GitLab Ultimate backend customer devops application security testing documentation group static analysis missed-deliverable missed:15.7 missed:15.8 section sec type feature workflow complete
- Issue#36284915.10Category:SAST Deliverable [deprecated] Accepting merge requests devops application security testing feature consolidation group static analysis section sec type feature workflow complete
- Issue#35266615.4Category:SAST GitLab Free GitLab Premium GitLab Ultimate backend devops application security testing documentation group static analysis missed:15.2 missed:15.3 section sec type feature
- Issue#34725815.4Category:SAST backend customer devops application security testing feature enhancement group static analysis section sec type feature workflow production
- Issue#335221BacklogCategory:SAST [deprecated] Accepting merge requests devops application security testing group static analysis maintenance workflow section sec type maintenance
- Issue#33406514.02Category:SAST backend devops application security testing group static analysis section sec type maintenance workflow in dev
- Epicgitlab-org#544064Feb 18 – Apr 17, 2021Category:SAST devops application security testing group static analysis section sec type feature
- EpicClosedgitlab-org#56881013Jan 18 – Jun 17, 2021Category:SAST backend devops application security testing group static analysis section sec
- Issue#331801BacklogCategory:SAST [deprecated] Accepting merge requests backend devops application security testing feature enhancement group static analysis section sec type feature
- Issue#330578BacklogCategory:SAST Product Feedback SAST: New Scanner [deprecated] Accepting merge requests customer devops application security testing group static analysis section sec
- Epicgitlab-org#57971015Apr 18 – May 17, 2021Category:SAST [deprecated] Accepting merge requests backend devops application security testing feature enhancement group static analysis section sec type feature
- Issue#327236BacklogCategory:SAST [deprecated] Accepting merge requests backend devops application security testing feature enhancement group static analysis section sec type feature
- Issue#321204BacklogCategory:SAST [deprecated] Accepting merge requests backend devops application security testing group static analysis section sec type feature
- Issue#118496BacklogCategory:SAST SAST: Integrate customer devops application security testing group static analysis section sec type feature workflow start
- Issue#26206813.11Category:SAST Deliverable Discovery SAST: Integrate [deprecated] Accepting merge requests backend devops application security testing group static analysis missed-deliverable missed:13.10 missed:13.9 section sec type feature workflow planning breakdown
- IssueClosed#300486BacklogCategory:SAST [deprecated] Accepting merge requests auto updated backend devops application security testing group static analysis section sec type feature
Relates to
Activity
-
Newest first Oldest first
-
Show all activity Show comments only Show history only
- Tim Rizzi removed Package:P1 label
removed Package:P1 label
- Tim Rizzi removed workflowin dev label
removed workflowin dev label
- Tim Rizzi removed quad-planningcomplete-action label
removed quad-planningcomplete-action label
- Tim Rizzi removed package:scaling label
removed package:scaling label
- Tim Rizzi set weight to 3
set weight to 3
- Tim Rizzi marked this issue as related to #259840 (closed)
marked this issue as related to #259840 (closed)
- Tim Rizzi mentioned in issue #259840 (closed)
mentioned in issue #259840 (closed)
- Steve Abrams changed the description
Compare with previous version changed the description
- 🤖 GitLab Bot 🤖 added [deprecated] Accepting merge requests label
added [deprecated] Accepting merge requests label
- Tim Rizzi changed milestone to %Awaiting further demand
changed milestone to %Awaiting further demand
- Tim Rizzi closed
closed