Skip to content

Milestone 16.3 review and discussion (Package stage)

Milestone 16.3 🚀 (JULY 18 to AUG 17)

Goals 🎯

  1. Resolve open security vulnerabilities to meet our SLAs.
  2. Increase the NuGet user base by 5% by adding support for v2 of NuGet.
  3. Double the Maven user base by adding support for a Maven dependency proxy. (note this goal will span several more milestones)
  4. Improve the Package SUS score by 10 points by improving sorting and filtering when using the container registry API.
  5. Improve the performance of the container registry by using Redis to cache blob upload progress.

P1 (Deliverable) Issues 🦊

Please remember to make time in each milestone for learning and personal projects in addition to the below list.

Security Issues

By prioritizing security-related issues, we can help reduce GitLab's threat landscape by reducing the likelihood of a breach, the exposure, and severity of vulnerabilities, and the cost associated with service vulnerabilities.

  1. Confidential Category:Container Registry
  2. Confidential grouppackage registry
  3. Confidential

Container Registry

This milestone, we'll continue to make progress on our main projects. I'm particularly excited about unblocking the addition of deploy token data to GMAU and the possibility of adding default cleanup policies.

  1. Fail to push images with layers larger than 10 GB to GitLab container registry backed by S3 storage
  2. Investigate: Set default cleanup policies for your group
  3. Container registry access for external guest
  4. Update JWT Claims with user information for the Container Registry
  5. Add additional parameters and return value to ContainerRegistry::GitlabApiClient#tags
  6. Run OCI conformance tests
  7. Use Redis repository cache for the cross repository blob mount operation
  8. Create Registry Import Quick Start Guide for Experimental and Beta Support
  9. Restore missing container repositories under existing projects (part 1/2)
  10. Implement "Repository lease check" across registry CUD endpoints (behind environment feature toggle)
  11. Container image tags pagination: add current state to the URL
  12. Container images list pagination: add current state to the URL
  13. Container registry tags list UI sorting behaves... (#409771 - closed) (carried over from %16.2)

Package Registry

This milestone we'll continue to move forward with the Maven dependency proxy, improving NuGet, and npm.

  1. Can't access subgroups packages with a group deploy token
  2. n+1 queries in Package PIpelines endpoint
  3. The Maven dependency proxy API: cache hit path
  4. Consider responding with a 401 instead of 404 on an unauthenticated request toGET /api/:version/packages/npm/*package_name
  5. NuGet v2 - Support install endpoints
  6. NuGet v2 - Support search endpoints
  7. Geo: test npm metadata cache with a secondary Geo site

Dependency Proxy

_This milestone we'll try to tackle the two bugs the Support team most frequently runs into for the feature.__

  1. Dependency Proxy is pulling the image with the wrong architecture
  2. Group Access token support for Dependency Proxy
  3. Refine UI for the dependency proxy settings group level

Stretch goals

Stretch goals are good items to work on in between Deliverable issues.

  1. Create Packages::Nuget::Symbol model and database table
  2. Enable Repository lease check in gstg, pre and gprd
  3. Optimize how RecordDataRepairDetailWorker fetches project
  4. The Maven dependency proxy API: cache miss path)

Quality

  1.   Test GitLab Container Registry HTTP API V1 (container-registry#1047 - closed)
  2.   Add compliance check to self-managed Registry s... (container-registry#1048 - closed)
  3.   Realistic setup prep for the Container Registry... (container-registry#1050 - closed)
  4.   Release automation workflow improvements (container-registry#1051 - closed)

Design

We do not have a dedicated designer. The guidance we've received is that we should do our best with what's in Pajamas and submit a borrow request for larger design projects.

Issue Refinement

The issues below need refining so we can schedule them in subsequent milestones.

Assigned Completed Issue
  •  
  •  

Container registry tags graphql query returns null createdAt value
  •  
  •  
  •  
  •  

Kick-off video 🎥

  1. GitLab 16.3 Kickoff - Package:Package

Holidays 🌴

🗓 Shared calendar

Please order by From date

Person From To
@trizzi Jul 17 Jul 26
@crystalpoole Jul 19 Aug 2
@10io (🌴) Jul 21 Jul 25
@radbatnag (🌴) Jul 26 Jul 28
@10io () Jul 31 Aug 11
@dmeshcharakou (🌴) Aug 7 Aug 11
adie (🌴) Aug 8 Aug 11
adie (🌴) Aug 14 Aug 18

Capacity 📦

Helpful links

Helpful links Use this for
Functional breakdown Viewing issues scheduled for the current and next several milestones.
Milestone board See how the planned issues are broken down by function.
Workflow board See how the milestone issues are broken down by their current status (workflow).
List of P1 unweighted issues A list of issues that are not yet weighted, which is a requirement for P1 issues.
Issues that need refining A list of issues that refinement
Issue types by milestone See the ratio of features, maintenance, and bugs

Operational tasks

  1. PM: Create this issue with the title "Milestone XX.Y review and discussion (Package stage)"
  2. PM: Assign the issue to PM, EM, SET, and PD
  3. PM: Set the due date to the end of the milestone
  4. PM: Update links with the correct milestone
  5. PM: Write goals, list deliverables, community contribution, and stretch issues that align to the goals
  6. SET: List quality issues
  7. PD: List usability improvement issues
  8. PM: List research issues
  9. EM: List issues needing refinement
  10. EM: Review that all issues listed as deliverables are refined. If there is missing weight, implementation plan, and/or workflowready for development label, then ping the team to perform refinement
  11. EM: For issues that are refined and labeled as Package:P1, assign Deliverable and ~"Track Health Status" labels
  12. EM: Confirm the list of issues in this issue match with the ones in the filter.
  13. EM: Confirm there is enough work for golang engineers, rails engineers, and frontend engineers, and capacity is not exceeded. Can use the functional breakdown board to evaluate weights and coordinate with the team to confirm they feel comfortable with the commitments.
  14. EM: Record a comment like this with the total weight, average, and type of issues ratio and update the table in this issue
  15. PM: Record the kickoff video, link to this issue, and share it on slack

This issue was generated using the Package:Package Registry milestone plan template.

Edited by João Pereira