Milestone 16.5 review and discussion (Package stage)
🚀 (SEP 18 to OCT 17)
Milestone 16.5
🎯
Goals - Resolve open security vulnerabilities to meet our SLAs.
- Complete investigations to help drive the product roadmap for the remainder of the year.
- Double the Maven user base by adding support for a Maven dependency proxy. (note this goal will span several more milestones).
- Increase usage of the Dependency Proxy by 10% by adding support for private Docker Hub accounts.
- Open the
Beta
program for the container registry and start getting customer feedback about the docs and migration.
P1 (Deliverable) Issues 🦊
Please remember to make time in each milestone for learning and personal projects in addition to the below list.
Security Issues
By prioritizing security-related issues, we can help reduce GitLab's threat landscape by reducing the likelihood of a breach, the exposure, and severity of vulnerabilities, and the cost associated with service vulnerabilities.
🔍
Investigations This milestone we have several investigations scheduled. These investigations will help define our implementation plans for the below bugs and features.
-
Investigate: How to correctly handle multi-arch images -
Investigate: Gitlab registry push extremely slow with Kaniko -
Investigate Using Lock Files to Preserve Data Consistency During Self-Managed Imports -
Investigate strategy for enabling background database migrations -
Investigate: Intermittent failure on push to container registry with podman -
Investigate a path forward to use "Gitlab Feature Flag API"as a source for a GitLab Open feature Provider -
Investigate: Avoid the copy operation during Package Registry uploads
Container Registry
This milestone, we'll continue to make progress on our main projects. As PM, I'm most excited for the sorting functionality, continued progress on the self-managed rollout, and adding the token usage to our GMAU reports.
-
Add ability to sort and paginate repository tags by publishing date -
Remove Accurate Layer Media Types Feature Flag -
Gracefully handle blank spaces in scope query params for the container registry /jwt/auth requests -
Use the list repository tags API and its pagination in getContainerRepositoryTags -
Use Redis repository cache for the complete blob upload operation -
Allow GitlabApiClient to call the new rename endpoint of the registry -
Restore missing container repositories under existing projects (part 1/2)
Package Registry
This milestone we'll continue to move forward with the Maven dependency proxy, improving NuGet, and npm. In addition, we also have our first scheduled PyPI improvement and a request for an improvement to the importer.
-
New Google Artifact Registry Project Integration -
Some NPM packages published in multiple projects are inaccessible -
Monitor the package importer usage -
Delete npm metadata caches using a background worker -
Resolve npm structure too large exceptions -
[Feature flag] Rollout of npm_metadata_cache
Dependency Proxy
_Three very exciting advances for the dependency proxy. Let's continue to move forward support for Maven and add support for private Docker Hub accounts to help folks avoid rate limits.__
-
Allow private registry connections with the dependency proxy -
The dependency proxy settings GraphQL API -
Application setting to control the dependency proxy for packages
Stretch goals
Stretch goals are good items to work on in between Deliverable issues.
-
[container registry migration] Remove backend related code -
[Feature flag] Rollout of harbor_registry_integration
-
Maven dependency proxy: make the ETag support optional -
Discussion: Consider Dropping Support for Less-Used Storage Drivers -
Importer: Tag Concurrency Option Has No Bounds ... (container-registry#978 - closed) -
Add observability for self-managed metadata dat... (#425497 - closed) -
Enable service discovery for schema migrations ... (container-registry#1006 - closed)
Quality
Research issues
Design
We do not have a dedicated designer. The guidance we've received is that we should do our best with what's in Pajamas and submit a borrow request for larger design projects.
Issue Refinement
The issues below need refining so we can schedule them in subsequent milestones.
Assigned | Completed | Issue |
---|---|---|
|
|
|
|
|
|
|
|
🎥
Kick-off video
🌴
Holidays
Please order by From date
Person | From | To |
---|---|---|
@trizzi | Sep 21 | Sep 25 |
@svistas | Sep 18 | Oct 5 |
@rchanila | Sep 11 | Nov 19 |
@dmeshcharakou | Oct 2 | Oct 11 |
📦
Capacity
Helpful links
Helpful links | Use this for |
---|---|
Functional breakdown | Viewing issues scheduled for the current and next several milestones. |
Milestone board | See how the planned issues are broken down by function. |
Workflow board | See how the milestone issues are broken down by their current status (workflow). |
List of P1 unweighted issues | A list of issues that are not yet weighted, which is a requirement for P1 issues. |
Issues that need refining | A list of issues that refinement |
Issue types by milestone | See the ratio of features, maintenance, and bugs |
Operational tasks
-
PM: Create this issue with the title "Milestone XX.Y review and discussion (Package stage)" -
PM: Assign the issue to PM, EM, SET, and PD -
PM: Set the due date to the end of the milestone -
PM: Update links with the correct milestone -
PM: Write goals, list deliverables, community contribution, and stretch issues that align to the goals -
SET: List quality issues -
PD: List usability improvement issues -
PM: List research issues -
EM: List issues needing refinement -
EM: Review that all issues listed as deliverables are refined. If there is missing weight, implementation plan, and/or workflowready for development label, then ping the team to perform refinement -
EM: For issues that are refined and labeled as Package:P1, assign Deliverable and ~"Track Health Status" labels -
EM: Confirm the list of issues in this issue match with the ones in the filter. -
EM: Confirm there is enough work for golang engineers, rails engineers, and frontend engineers, and capacity is not exceeded. Can use the functional breakdown board to evaluate weights and coordinate with the team to confirm they feel comfortable with the commitments. -
EM: Record a comment like this with the total weight, average, and type of issues ratio and update the table in this issue -
PM: Record the kickoff video, link to this issue, and share it on slack
This issue was generated using the Package:Package Registry milestone plan template.