Read parameters from UploadedFile in Maven packages upload (!116236) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

🔥 Problem

File uploads are processed by Workhorse which will then send them to the rails backend.

When sending the request to the Rails backend, it will send the set of parameters of the uploaded file(s) twice:

As body params
As a JWT Token

In gitlab-workhorse!490 (merged), the rails backend has been modified to build the UploadedFile solely out of (2.).

#324873 has been opened to remove (1.).

The problem is that we can still have endpoints that read some parameters from (1.). It is the case for the maven packages (here): the rails backend reads the fingerprints out of (1.).

🚒 Solution (introduced by this MR)

Update UploadedFile to host all fingerprints when reading (2.).
Update the Maven packages API to read the fingerprints out of the UploadedFile.

How to set up and validate locally

Upload a maven package to a project with a PAT (For this, I used https://gitlab.com/10io/gl_pru)
if the FF read_fingerprints_from_uploaded_file_in_maven_upload is enabled, then size, file_sha1 & file_md5 are read from the UploadedFile instance instead of the body params.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #366165 (closed)

Edited Apr 06, 2023 by Moaz Khalifa

Read parameters from UploadedFile in Maven packages upload

What does this MR do and why?

🔥 Problem

🚒 Solution (introduced by this MR)

How to set up and validate locally

MR acceptance checklist

Merge request reports