Skip to content

Inverse logic on "Reject packages with the same name and version"

Summary

The toggle for 'Reject packages with the same name and version' has inverted logic for both Maven and Generic package registries. When set to 'true' then duplicate packages are permitted which appears to be inline with the code duplicatesAllowed.

Steps to reproduce

  1. Enable 'Reject packages with the same name and version' under group Settings > Packages & Registries > Duplicate Packages > Settings for Generic packages

  2. Script:

PAT=glpat-xxxxx
[[ -s file.txt ]] || echo "This is a file" > file.txt
curl --header "PRIVATE-TOKEN: $PAT" \
     --upload-file ./file.txt \
     "https://gitlab.com/api/v4/projects/37376344/packages/generic/my_package/0.0.1/file.txt"

# Replace glpat-xxxxx with your Personal Access Token
  1. Run the script twice and observe the output:
➜  bash Package_Duplicate_Test.sh
{"message":"201 Created"}%                                                                                                                                                                                          
➜  bash Package_Duplicate_Test.sh
{"message":"201 Created"}%

  1. Disable 'Reject packages with the same name and version' under group Settings > Packages & Registries > Duplicate Packages > Settings for Generic packages

  2. Run the script once more:

➜  Packages bash Package_Duplicate_Test.sh
{"message":"400 Bad request - Duplicate package is not allowed"}%

Example Project

https://gitlab.com/groups/gitlab-gold/chriss/-/settings/packages_and_registries

What is the current bug behavior?

  • When the 'Reject packages with the same name and version' is enabled then duplicate packages are NOT rejected.
  • When the 'Reject packages with the same name and version' is disabled then duplicate packages ARE rejected.

What is the expected correct behavior?

  • When the 'Reject packages with the same name and version' is enabled then duplicate packages ARE rejected.
  • When the 'Reject packages with the same name and version' is disabled then duplicate packages are NOT rejected.

Relevant logs and/or screenshots

Screenshot_2022-07-13_at_12.49.45

Output of checks

GraphQL query:

{
  group(fullPath: "gitlab-gold/chriss") {
    id
    packageSettings {
      mavenDuplicatesAllowed
      genericDuplicatesAllowed
    }
  }
}

Result:

{
  "data": {
    "group": {
      "id": "gid://gitlab/Group/53292801",
      "packageSettings": {
        "mavenDuplicatesAllowed": true,
        "genericDuplicatesAllowed": false,
      }
    }
  }
}

Results of GitLab environment info

N/A

Results of GitLab application Check

N/A

Possible fixes

Option 1 - Correct the DUPLICATES_TOGGLE_LABEL text

The label could be updated to reflect the action, e.g. Allow packages with the same name and version

Option 2 - Code change

The code logic could be inverted to accurately reflect the current description of the DUPLICATES_TOGGLE_LABEL. Something I'd be happy to do as a code contribution.

Edited by Chris Stone