Add a setting for allowing/disallowing duplicate NuGet package uploads

What does this MR do and why?

Context

When using the GitLab Package Registry to publish NuGet packages, a duplicate package name/version can be uploaded. This may be great for snapshots, but you may want your releases to be immutable.

This MR introduces a new setting that enables the user to define, at the group level, whether duplicate NuGet packages are allowed or not. In a subsequent MR, the newly added settings in the MR would be utilized in services and endpoints to allow/disallow NuGet packages' duplicate uploads. ALL MRs should be behind the same feature flag.

Implementation

The setting is defined in namespace_package_settings database table:

• nuget_duplicates_allowed is a boolean column that is true by default (the current default behavior is to allow duplicates). When toggled to false, the duplication should be disallowed.
• nuget_duplicate_exception_regex is a charvar column to save a regex defining NuGet packages that are allowed to be duplicated when duplicates are not allowed.

In this MR, the setting can be updated using GraghQL, but they are behind the nuget_duplicates_option feature flag. When the feature flag is disabled for the namespace, the setting cannot be updated.

How to set up and validate locally

1. Try to update the namespace package settings nuget_duplicates_allowed using the query below in graphql-explorer:

   mutation {
     updateNamespacePackageSettings(input: {
       namespacePath: "<your-namespace-full-path>", 
       nugetDuplicatesAllowed:false,
     }) {
       packageSettings {
   	nugetDuplicatesAllowed
       }
     }
   }

2. The setting shouldn't be updated because the feature flag nuget_duplicates_option is disabled for the namespace.

3. In the rails console, enable the FF for the namespace:

   Feature.enable(:nuget_duplicates_option, Namespace.find(<namespace_id>))

4. Restart your GDK and repeat the above graghql query. The setting nuget_duplicates_allowed should be updated to be false

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

Related to #293748 (closed)

changed milestone to %16.2

added Category:Package Registry NuGet Repository Package:P1 backend customer devopspackage grouppackage registry ruby sectionci typefeature workflowin dev labels

assigned to @mkhalifa3

added 425 commits

• dc90d4fb...5aff3896 - 424 commits from branch master
• 7b451a04 - Merge branch 'master' into 293748-Add-a-setting-for-disallowing-duplicate-NuGet-package-uploads

Compare with previous version

added database databasereview pending documentation labels

	1 Warning
	c0d5d840: The commit body should not contain more than 72 characters per line. For more information, take a look at our Commit message guidelines.

	1 Message
	This merge request adds or changes documentation files. A review from the Technical Writing team before you merge is recommended. Reviews can happen after you merge.

Documentation review

The following files require a review from a technical writer:

• doc/api/graphql/reference/index.md (Link to current live version)
• doc/development/packages/settings.md (Link to current live version)

The review does not need to block merging this merge request. See the:

• Metadata for the *.md files that you've changed. The first few lines of each *.md file identify the stage and group most closely associated with your docs change.
• The Technical Writer assigned for that stage and group.
• Documentation workflows for information on when to assign a merge request for review.

Reviewer roulette

Changes that require review have been detected!

Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:

Category	Reviewer	Maintainer
backend	Mo Khan (@mokhax) (UTC-6)	Luke Duncalfe (@.luke) (UTC+12)
database	João Pereira (@jdrpereira) (UTC+1)	Leonardo da Rosa (@l.rosa) (UTC-3)
~"migration"	No reviewer available	No maintainer available

To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.

To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.

Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.

If needed, you can retry the danger-review job that generated this comment.

Generated by Danger

added Data WarehouseImpact Check label

added featureaddition label

Allure report

allure-report-publisher generated test report!

e2e-test-on-gdk: test report for c0d5d840

expand test summary

+------------------------------------------------------------------+
|                          suites summary                          |
+-------------+--------+--------+---------+-------+-------+--------+
|             | passed | failed | skipped | flaky | total | result |
+-------------+--------+--------+---------+-------+-------+--------+
| Package     | 0      | 0      | 1       | 0     | 1     | ➖     |
| Govern      | 19     | 0      | 0       | 12    | 19    | ❗     |
| Plan        | 47     | 0      | 0       | 11    | 47    | ❗     |
| Data Stores | 20     | 0      | 0       | 10    | 20    | ❗     |
| Verify      | 8      | 0      | 0       | 5     | 8     | ❗     |
| Create      | 19     | 0      | 0       | 17    | 19    | ❗     |
| Manage      | 12     | 0      | 1       | 12    | 13    | ❗     |
+-------------+--------+--------+---------+-------+-------+--------+
| Total       | 125    | 0      | 2       | 67    | 127   | ❗     |
+-------------+--------+--------+---------+-------+-------+--------+

e2e-package-and-test: test report for c0d5d840

expand test summary

+--------------------------------------------------------------+
|                        suites summary                        |
+---------+--------+--------+---------+-------+-------+--------+
|         | passed | failed | skipped | flaky | total | result |
+---------+--------+--------+---------+-------+-------+--------+
| Package | 70     | 0      | 6       | 0     | 76    | ✅     |
+---------+--------+--------+---------+-------+-------+--------+
| Total   | 70     | 0      | 6       | 0     | 76    | ✅     |
+---------+--------+--------+---------+-------+-------+--------+

changed the description

changed the description

Hi @radbatnag

Can you plz take over the backend review for this MR if you have the capacity?

---

Hi @carlad-gl

Can you plz take over the database review for this MR if you have the capacity? I'm adding two new columns to the namespace_package_settings table.

Thank you both

requested review from @radbatnag

requested review from @carlad-gl

Database migrations (on the main database)

Migrations included in this change have been executed on gitlab.com data for testing purposes. For details, please see the migration testing pipeline (limited access).

Migration	Type	Total runtime	Result	DB size change
20230613182541 - AddNugetDuplicateAllowedToNamespacePackageSettings	Regular	4.1 s		+0.00 B

Runtime Histogram for all migrations

Query Runtime	Count
0 seconds - 0.01 seconds	0
0.01 seconds - 0.1 seconds	8
0.1 seconds - 1 second	0
1 second - 5 seconds	0
5 seconds - 15 seconds	0
15 seconds - 5 minutes	0
5 minutes +	0

Migration: 20230613182541 - AddNugetDuplicateAllowedToNamespacePackageSettings

• Type: Regular
• Duration: 4.1 s
• Database size change: +0.00 B

Calls	Total Time	Max Time	Mean Time	Rows	Query
1	28.2 ms	28.2 ms	28.2 ms	0	ALTER TABLE "namespace_package_settings" ADD "nuget_duplicates_allowed" boolean DEFAULT TRUE NOT NULL
1	18.1 ms	18.1 ms	18.1 ms	0	ALTER TABLE namespace_package_settings VALIDATE CONSTRAINT check_eedcf85c48
1	12.1 ms	12.1 ms	12.1 ms	0	ALTER TABLE namespace_package_settings ADD CONSTRAINT check_eedcf85c48 CHECK ( char_length(nuget_duplicate_exception_regex) <= 255 ) NOT VALID
1	0.8 ms	0.8 ms	0.8 ms	0	ALTER TABLE "namespace_package_settings" ADD "nuget_duplicate_exception_regex" text DEFAULT '' NOT NULL
2	0.0 ms	0.0 ms	0.0 ms	2	SELECT $1::regtype::oid
2	0.0 ms	0.0 ms	0.0 ms	2	SELECT pg_backend_pid()

Histogram for AddNugetDuplicateAllowedToNamespacePackageSettings

Query Runtime	Count
0 seconds - 0.01 seconds	0
0.01 seconds - 0.1 seconds	8
0.1 seconds - 1 second	0
1 second - 5 seconds	0
5 seconds - 15 seconds	0
15 seconds - 5 minutes	0
5 minutes +	0

Other information

Other migrations pending on GitLab.com

Migration	Type	Total runtime	Result	DB size change
20230621072848 - AddTextLimitToCiVariableDescription	Post deploy	2.2 s		+0.00 B
20230621083052 - AddTextLimitToCiGroupVariableDescription	Post deploy	2.1 s		+0.00 B
20230621102941 - ReplaceOldFkCiJobArtifactsToBuildsV2	Post deploy	1.9 s		+0.00 B
20230621103000 - ReplaceOldFkCiRunningBuildsToBuildsV2	Post deploy	1.7 s		+0.00 B
20230621103043 - ReplaceOldFkCiJobVariablesToBuildsV2	Post deploy	1.8 s		+0.00 B
20230626072436 - DropTmpIndexJobArtifactsIdAndExpireAt	Post deploy	2.5 s		+0.00 B
20230627174139 - AddIndexToPoolRepositories	Post deploy	4.5 s		-3.62 MiB

Clone details

Clone ID	Clone Created At	Clone Data Timestamp	Expected Removal Time
database-testing-2087657-10526645-main	2023-07-06T06:05:46Z	2023-07-06T04:12:59Z	2023-07-06 18:11:01 +0000
database-testing-2087657-10526645-ci	2023-07-06T06:05:46Z	2023-07-06T04:48:13Z	2023-07-06 18:11:01 +0000

Job artifacts

Database migrations (on the ci database)

Migrations included in this change have been executed on gitlab.com data for testing purposes. For details, please see the migration testing pipeline (limited access).

Migration	Type	Total runtime	Result	DB size change
20230613182541 - AddNugetDuplicateAllowedToNamespacePackageSettings	Regular	4.0 s		+0.00 B

Runtime Histogram for all migrations

Query Runtime	Count
0 seconds - 0.01 seconds	0
0.01 seconds - 0.1 seconds	8
0.1 seconds - 1 second	0
1 second - 5 seconds	0
5 seconds - 15 seconds	0
15 seconds - 5 minutes	0
5 minutes +	0

Migration: 20230613182541 - AddNugetDuplicateAllowedToNamespacePackageSettings

• Type: Regular
• Duration: 4.0 s
• Database size change: +0.00 B

Calls	Total Time	Max Time	Mean Time	Rows	Query
1	36.8 ms	36.8 ms	36.8 ms	0	ALTER TABLE "namespace_package_settings" ADD "nuget_duplicates_allowed" boolean DEFAULT TRUE NOT NULL
1	8.7 ms	8.7 ms	8.7 ms	0	ALTER TABLE namespace_package_settings ADD CONSTRAINT check_eedcf85c48 CHECK ( char_length(nuget_duplicate_exception_regex) <= 255 ) NOT VALID
1	0.6 ms	0.6 ms	0.6 ms	0	ALTER TABLE "namespace_package_settings" ADD "nuget_duplicate_exception_regex" text DEFAULT '' NOT NULL
1	0.4 ms	0.4 ms	0.4 ms	0	ALTER TABLE namespace_package_settings VALIDATE CONSTRAINT check_eedcf85c48
2	0.0 ms	0.0 ms	0.0 ms	2	SELECT pg_backend_pid()
2	0.0 ms	0.0 ms	0.0 ms	2	SELECT $1::regtype::oid

Histogram for AddNugetDuplicateAllowedToNamespacePackageSettings

Query Runtime	Count
0 seconds - 0.01 seconds	0
0.01 seconds - 0.1 seconds	8
0.1 seconds - 1 second	0
1 second - 5 seconds	0
5 seconds - 15 seconds	0
15 seconds - 5 minutes	0
5 minutes +	0

Other information

Other migrations pending on GitLab.com

Migration	Type	Total runtime	Result	DB size change
20230621072848 - AddTextLimitToCiVariableDescription	Post deploy	11.3 s		+0.00 B
20230621083052 - AddTextLimitToCiGroupVariableDescription	Post deploy	4.2 s		+0.00 B
20230621102941 - ReplaceOldFkCiJobArtifactsToBuildsV2	Post deploy	3.5 s		+0.00 B
20230621103000 - ReplaceOldFkCiRunningBuildsToBuildsV2	Post deploy	2.5 s		+0.00 B
20230621103043 - ReplaceOldFkCiJobVariablesToBuildsV2	Post deploy	2.5 s		+0.00 B
20230626072436 - DropTmpIndexJobArtifactsIdAndExpireAt	Post deploy	3.4 s		+0.00 B
20230627174139 - AddIndexToPoolRepositories	Post deploy	3.4 s		+0.00 B

Clone details

Clone ID	Clone Created At	Clone Data Timestamp	Expected Removal Time
database-testing-2087657-10526645-main	2023-07-06T06:05:46Z	2023-07-06T04:12:59Z	2023-07-06 18:11:01 +0000
database-testing-2087657-10526645-ci	2023-07-06T06:05:46Z	2023-07-06T04:48:13Z	2023-07-06 18:11:01 +0000

Job artifacts

---

Brought to you by gitlab-org/database-team/gitlab-com-database-testing. Epic

mentioned in issue #293748 (closed)

added database-testing-automation label

Just curious since the UI settings won't be available in this MR (?): What is the default behavior? Allow or disallow duplicates?

changed the description