Technical Investigation: Export the package registry as a zip
Context
Customers in highly regulated industries need the ability to move data between trusted and untrusted networks. For example, imagine an organization with two instances of GitLab, one in the cloud and one in an air-gapped environment. The customer would like to keep the data sync'd between their instances.
The Package Registry is an example of the type of data that customers would like to be regularly sync'd from one environment to another.
Problem to solve
There is no easy way to export the contents of your GitLab Package Registry from one location to another. This means that customers that operate between air-gapped and non air-gapped environments can't easily sync data. A registry with stale data introduces risk of using an incorrect, outdated, or vulnerable dependency into the development cycle. The exact thing these customers would prefer to avoid.
Proposal
Provide an easy one-way sync tool that allows Admin of an instance to export the GitLab Package Registry and it's correlated metadata GitLab to a server. The Admin needs to be able to select the source repository and enter a target directory. A source repository can be any project, group, or instance-level package registry.
The Admin needs the ability to name, schedule, and be notified about this job.
Other ideas
- It would be nice to have the ability to add filters, such as don't export packages that haven't been downloaded in
n
days. - The other side of this coin could be a way to import packages and metadata from a server into a GitLab project, group, or instance-level registry.
Helpful Links
- Nexus 3 offers a tool similar to the above proposal
- Related to the Artifactory integration
- Force Point is a one way data transfer tool
- NIPR vs SIPR