Packages registry allows pushing same version nuget packages
Summary
It is possible to push identical nuget files into a registry multiple times.
The package is not overwritten, but each file stored in the registry.
The -SkipDuplicate
option for nuget push
has no influence on this bahaviour.
Steps to reproduce
- have a project with some
nupkg
in a directory - have a
.gitlab-ci.yml
like this:
stages:
- push
push nuget:
stage: push
image: mcr.microsoft.com/dotnet/framework/sdk:4.8
script:
- nuget source Add -Name gitlab -Source <repo-api> -UserName <uname> -Password <pass>
- $files = Get-ChildItem ".\packages\" -Recurse -File -Name
- for ($num = 0; $num -lt $files.Count; $num++)
{
$name = $files[$num];
$name = "packages\$name";
echo "file $name";
nuget push $name -Source gitlab -NonInteractive -SkipDuplicate
}
- run pipeline multiple times
What is the current bug behavior?
- Files are pushed even if already existing.
- this results in multiple of the same file added to the registry
-
nuget push -SkipDuplicate
does not prevent this
What is the expected correct behavior?
-
pushing a package that already exists should return a 409 error code
-
-SkipDuplicate
should .. skip duplicates
Versions
Gitlab: Self-hosted CE 14.0.5
Runner: V:14.0.1 Rev:c1edb478
~bug
Edited by David Fernandez