Milestone 16.1 review and discussion (Package stage)

Milestone 16.1 🚀 (MAY 18 to JUNE 17)

Goals 🎯

1. Resolve open security vulnerabilities to ensure we meet our SLOs.
2. Improve the developer experience for the NuGet repository by adding two frequently requested features.
3. Resolve 2 key SUSImpacting issues with the container and package registry UI.
4. Make progress on a very frequently requested bug, renaming projects with container repositories.
5. Tackle the first issue for the maven dependency proxy.

P1 (Deliverable) Issues 🦊

Please remember to make time in each milestone for learning and personal projects in addition to the below list.

Security Issues

By prioritizing security-related issues, we can help reduce GitLab's threat landscape by reducing the likelihood of a breach, the exposure, and severity of vulnerabilities, and the cost associated with service vulnerabilities.

1. Confidential Category:Container Registry
2. Confidential Category:Container Registry

FCL follow-up items

• Corrective Action: Improve debug logging around... (container-registry#1015 - closed)
• Consider Returning NAME_UNKNOWN errors for Blob... (container-registry#1016 - closed)
• Add a "Pull a known Good Image" Smoke Test to S... (container-registry#1017 - closed)
• Enable Debug Logging for Registry in Pre and St... (container-registry#1018 - closed)
• Deploy to Production Canary as a Seperate Step ... (container-registry#1019 - closed)
• Ensure SREs Can Determine if Deployed Registrie... (container-registry#1020 - closed)
• Add Request Info to Error Logs (container-registry#1021 - closed)

Container Registry

This milestone, we'll continue to make progress on our main projects. I'm particularly excited about unblocking and the addition of deploy token data to GMAU.

1. Log message when requested/granted permissions don't match on container registry auth tokens Observability
2. "rename lease" on existing repositories that are in the process of a rename operation typefeature
3. API: Handle Blob Media Types Consistently Container Registry Self-Managed Rollout::BlocksBeta
4. Investigate weekly and aggregate container registry GMAU instrumentation
5. Add ability to sort and paginate repository tags by name in descending order api
6. Add ability to filter tags by name api
7. Add ability to perform backward pagination in List Repository Tags API
8. Restore missing container repositories under existing projects (part 1/2)

Package Registry

This milestone we begin to address the .NET/C# developer experience by tackling two highly requested features for the NuGet repository. In addition, we continue to improve Maven by adding support for basic auth.

1. Add Nuget package description to the information returned with a package
2. Support dotnet nuget api-key option
3. Database model for the dependency proxy settings
4. Delete the duplicate npm packages from the database
5. Only the first 100 files are shown when browsing a package in the Package Registry frontend
6. Add loader for Files component on package details page frontend
7. NPM Package Registry Group-Level End Point

Stretch goals

If time allows, the below goals will help to deliver our Q1 OKR of improving metadata generation and help make the API more useful.

1. Create a background worker to trigger npm metadata generation
2. Addstatus_message to the package model
3. Dependency proxy service for generating headers and external url
4. Fix Redis pool hit ratio graph on Grafana
5. Use lower resolution by default on registry Grafana dashboards
6. Use Redis repository cache for the cancel blob upload operation

Quality

1. Test npm group endpoint
2. Add a "Pull a known Good Image" Smoke Test to Staging
3. Run container registry QA tests in self-managed and SaaS modes

Design

We do not have a dedicated designer. The guidance we've received is that we should do our best with what's in Pajamas and submit a borrow request for larger design projects.

Issue Refinement

The below issues need refining so that we can schedule them in subsequent milestones.

1. UI does not return to login / SSO token not renewed in certain UI areas when session expires
2. Permissions to list packages of a group via REST API is different than viewing packages on the UI (GraphQL)
3. symbol server capability for the NuGet package registry symbol packages (.snupkg)

Kick-off video 🎥

1. GitLab 16.1 Kickoff - Package:Package

Holidays 🌴

🗓 Shared calendar

Please order by From date

Person	From	To
@10io	2023-05-17	2023-05-19
@trizzi	2023-05-24	2023-05-29
Family and Friends Day 🌞	2023-05-26	2023-05-26
@adie.po	2023-06-01	2023-06-02
@adie.po	2023-06-07	2023-06-09
@adie.po	2023-06-13	2023-06-14

Capacity 📦

• Say/Do dashboard

Helpful links

Helpful links	Use this for
Functional breakdown	Viewing issues scheduled for the current and next several milestones.
Milestone board	See how the planned issues are broken down by function.
Workflow board	See how the milestone issues are broken down by their current status (workflow).
List of P1 unweighted issues	A list of issues that are not yet weighted, which is a requirement for P1 issues.
Issues that need refining	A list of issues that refinement
Issue types by milestone	See the ratio of features, maintenance, and bugs

Operational tasks

1. PM: Create this issue with the title "Milestone XX.Y review and discussion (Package stage)"
2. PM: Assign the issue to PM, EM, SET, and PD
3. PM: Set the due date to the end of the milestone
4. PM: Update links with the correct milestone
5. PM: Write goals, list deliverables, community contribution, and stretch issues that align to the goals
6. SET: List quality issues
7. PD: List usability improvement issues
8. PM: List research issues
9. EM: List issues needing refinement
10. EM: Review that all issues listed as deliverables are refined. If there is missing weight, implementation plan, and/or workflowready for development label, then ping the team to perform refinement
11. EM: For issues that are refined and labeled as Package:P1, assign Deliverable and ~"Track Health Status" labels
12. EM: Confirm the list of issues in this issue match with the ones in the filter.
13. EM: Confirm there is enough work for golang engineers, rails engineers, and frontend engineers, and capacity is not exceeded. Can use the functional breakdown board to evaluate weights and coordinate with the team to confirm they feel comfortable with the commitments.
14. EM: Record a comment like this with the total weight, average, and type of issues ratio and update the table in this issue
15. PM: Record the kickoff video, link to this issue, and share it on slack

---

This issue was generated using the Package:Package Registry milestone plan template.