Skip to content

Update the lease key to contain package's version

Dzmitry (Dima) Meshcharakou requested to merge packages-npm-create-package-update-lease-key into master

🌱 Context

In !114317 (merged) we started obtaining a lease when creating a new npm package.

During the rollout of the FF on gitlab.com, the issue was revealed that the Package Registry might get many continuous requests for the same package name and project_id but with with different version. Thus, we need to take version into account when obtaining a lease.

What does this MR do and why?

  • Update the lease key to contain a package's version.

Screenshots or screen recordings

No

How to set up and validate locally

  1. Enable the npm_obtain_lease_to_create_package feature flag:

    Feature.enable(:npm_obtain_lease_to_create_package, Project.first)

  2. Create a rake task lib/tasks/packages/race_condition.rake that's going to simulate a parallel creation of npm packages using Thread.

    # frozen_string_literal: true

desc 'GitLab | Packages | Race condition'
namespace :gitlab do
  namespace :packages do
    task race_condition: :environment do
      # Similar setup to what we have in the tests
      user = User.first
      project = Project.find(1)
      params = JSON.parse(
        File.read('spec/fixtures/packages/npm/payload.json').gsub('@root/npm-test', 'my-package')
      ).with_indifferent_access

      wait_for_it = true

      threads = Array.new(10) do |i|
        Thread.new do
          true while wait_for_it

          modified_params = Gitlab::Json.parse(params.to_json.gsub("1.0.1", "1.0.#{i}")).with_indifferent_access

          ::Packages::Npm::CreatePackageService.new(project, user, modified_params).execute
        end
      end
      wait_for_it = false
      threads.each(&:join)
    end
  end
end

  3. Execute the rake task from the previous step.

    $ rake gitlab:packages:race_condition

  4. In rails console verify amount of created npm packages. It should be 10

    Packages::Package.where(name: 'my-package').count

  5. After the verification is done, it's time to delete the rake task.

    $ rm -rf lib/tasks/packages

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Dzmitry (Dima) Meshcharakou

Merge request reports