Skip to content

Add a setting for allowing/disallowing duplicate NuGet package uploads

Moaz Khalifa requested to merge 293748-Add-a-setting-for-disallowing-duplicate-NuGet-package-uploads into master

What does this MR do and why?

Context

When using the GitLab Package Registry to publish NuGet packages, a duplicate package name/version can be uploaded. This may be great for snapshots, but you may want your releases to be immutable.

This MR introduces a new setting that enables the user to define, at the group level, whether duplicate NuGet packages are allowed or not. In a subsequent MR, the newly added settings in the MR would be utilized in services and endpoints to allow/disallow NuGet packages' duplicate uploads. ALL MRs should be behind the same feature flag.

Implementation

The setting is defined in namespace_package_settings database table:

  • nuget_duplicates_allowed is a boolean column that is true by default (the current default behavior is to allow duplicates). When toggled to false, the duplication should be disallowed.
  • nuget_duplicate_exception_regex is a charvar column to save a regex defining NuGet packages that are allowed to be duplicated when duplicates are not allowed.

In this MR, the setting can be updated using GraghQL, but they are behind the nuget_duplicates_option feature flag. When the feature flag is disabled for the namespace, the setting cannot be updated.

How to set up and validate locally

  1. Try to update the namespace package settings nuget_duplicates_allowed using the query below in graphql-explorer:

    mutation {
  updateNamespacePackageSettings(input: {
    namespacePath: "<your-namespace-full-path>", 
    nugetDuplicatesAllowed:false,
  }) {
    packageSettings {
	nugetDuplicatesAllowed
    }
  }
}

  2. The setting shouldn't be updated because the feature flag nuget_duplicates_option is disabled for the namespace.

  3. In the rails console, enable the FF for the namespace:

    Feature.enable(:nuget_duplicates_option, Namespace.find(<namespace_id>))

  4. Restart your GDK and repeat the above graghql query. The setting nuget_duplicates_allowed should be updated to be false

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #293748 (closed)

Edited by Moaz Khalifa

Merge request reports