Milestone 16.7 review and discussion (Package stage)
🚀 (NOV 16 to DEC 21)
Milestone 16.7
🎯
Goals - Address key security issues and bugs to maintain our SLA/SLOs.
- Launch the Maven dependency proxy to drive adoption and ARR for this new GitLab Premium feature.
- Improve the container registry UI with improved sorting and MVC support for multi-arch/manifest container images, our most frequently requested UX improvements.
- Finish our investigations and refinement issues to better plan future milestones, especially for the npm dependency proxy and tracking data transfer usage for the package registry, two key initiatives scheduled for 2024.
P1 (Deliverable) Issues 🦊
Please remember to make time in each milestone for learning and personal projects in addition to the below list.
Security Issues
By prioritizing security-related issues, we can help reduce GitLab's threat landscape by reducing the likelihood of a breach, the exposure, and severity of vulnerabilities, and the cost associated with service vulnerabilities.
🔍
Investigations __
-
Investigation: How to build the npm dependency ... (#427648 - closed) -
https://gitlab.com/gitlab-org/gitlab/-/issues/375171+ -
Investigate strategy for enabling background da... (container-registry#221 - closed)
Breaking changes (for 17.0)
Last year we waited until 16.0 to make breaking changes and the tight timeline resulted in us postponing some removals until 17.0. This year, we are starting to prioritize breaking changes in 16.6 and 16.7 and will just remove the feature flags in 17.0.
Container Registry
This milestone, we'll continue to make progress on our main projects. As PM, I'm most excited for the sorting functionality, continued progress on the self-managed rollout and some of the efficiency improvements we have scheduled for the coming milestones.
-
Do not attempt to display a configuration diges... (#408863 - closed) -
fix(handlers): pagination before/last query par... (container-registry#1150 - closed) -
Race condition finding or creating a container ... (#428115 - closed) -
Use Redis repository cache for the manifest del... (container-registry#800 - closed) -
Restore missing container repositories under ex... (#390842) -
Enable service discovery for schema migrations ... (container-registry#1006 - closed) -
Add a new registry config for specifying the pr... (container-registry#1142 - closed) -
Submit conformance tests to OCI (container-registry#1117 - closed) -
Update documentation after achieving OCI compli... (container-registry#1118 - closed) -
Create Imported Image Validation Function (container-registry#1159 - closed) -
Call the rename base repository API when changi... (#424801 - closed) -
Notify user on the implications of conducting a... (#420756 - closed) -
[Feature flag] Enable renaming_project_with_tags (#429734 - closed) -
Use the list repository tags API and its pagina... (#411387 - closed) -
Add registry import subcommand to Omnibus' gitl... (container-registry#1160 - closed)
Package Registry
This milestone we'll continue to move forward with the Maven dependency proxy, improving npm and I'd like to prioritize 1 or 2 Terraform issues. Why Terraform? It's one of our most frequently used formats but it has some key missing features, especially the inability to download a module from a project.
-
Incorrect latest tag when npm packages are publ... (#428626 - closed) -
Dependency proxy for Maven: frontend changes (#410726 - closed) -
Document the dependency proxy for Maven (#410731 - closed) -
[Feature flag] Rollout of `npm_metadata_cache` (#393745 - closed) -
Use Deploy tokens with the Terraform registry (#368041 - closed) -
Reference Terraform modules from a project (#367726 - closed)
Dependency Proxy
This milestone I picked one issue that came up during %16.5, adding a dependency proxy scope to tokens. Adding this additional level of security will help us to expand the dependency proxy to include more features, like adding support for private DockerHub accounts. In addition, I included a bug where users are having trouble using containerd
.
-
Containerd rewrite does not work with Dependenc... (#350485) -
Add a dependency proxy scope for GitLab tokens (#336800) -
Dependency Proxy: add group access scope checks... (#431386)
Stretch goals
Stretch goals are good items to work on in between Deliverable issues.
-
Update Gitlab.com deployments to use the "datab... (container-registry#1143 - closed) -
Instrument data to help measure adoption of the... (#431412 - closed) -
Monitor the package importer usage (gitlab-org/ci-cd/package-stage/pkgs_importer#33) -
Create an internal feature API to evaluate ff (... (#426591) -
Create container registry import guides for Omn... (omnibus-gitlab#8255 - closed)
Refinement
-
Container Registry API: ability to check the de... (#427032 - closed) -
Filter package registry by version (#370145 - closed) -
Allow the upload of Debian packages to GitLab G... (#428451)
Research issues
This milestone, I'd like to research the usefulness of adding package/image usage data. This is something that has been coming up for some of GitLab's larger, more enterprise organizations.
Design
@pedroms Will be helping with the UX/UI for the GCP integration project.
🎥
Kick-off video
🌴
Holidays
Please order by From date
Person | From | To |
---|---|---|
@jaime https://gitlab.com/gitlab-org/ci-cd/package-stage/package/-/issues/165 | 2023-11-17 | 2023-12-10 |
📦
Capacity
Helpful links
Helpful links | Use this for |
---|---|
Functional breakdown | Viewing issues scheduled for the current and next several milestones. |
Milestone board | See how the planned issues are broken down by function. |
Workflow board | See how the milestone issues are broken down by their current status (workflow). |
List of P1 unweighted issues | A list of issues that are not yet weighted, which is a requirement for P1 issues. |
Issues that need refining | A list of issues that refinement |
Issue types by milestone | See the ratio of features, maintenance, and bugs |
Operational tasks
-
PM: Create this issue with the title "Milestone XX.Y review and discussion (Package stage)" -
PM: Assign the issue to PM, EM, SET, and PD -
PM: Set the due date to the end of the milestone -
PM: Update links with the correct milestone -
PM: Write goals, list deliverables, community contribution, and stretch issues that align to the goals -
SET: List quality issues -
PD: List usability improvement issues -
PM: List research issues -
EM: List issues needing refinement -
EM: Review that all issues listed as deliverables are refined. If there is missing weight, implementation plan, and/or workflowready for development label, then ping the team to perform refinement -
EM: For issues that are refined and labeled as Package:P1, assign Deliverable and ~"Track Health Status" labels -
EM: Confirm the list of issues in this issue match with the ones in the filter. -
EM: Confirm there is enough work for golang engineers, rails engineers, and frontend engineers, and capacity is not exceeded. Can use the functional breakdown board to evaluate weights and coordinate with the team to confirm they feel comfortable with the commitments. -
EM: Record a comment like this with the total weight, average, and type of issues ratio and update the table in this issue -
PM: Record the kickoff video, link to this issue, and share it on Slack.
This issue was generated using the Package:Package Registry milestone plan template.