Skip to content

Add service index and publish endpoints for NuGet v2

Moaz Khalifa requested to merge 416404-NuGet-v2-Support-service-index-and-publishing into master

What does this MR do and why?

Problem to solve

Currently, if you use the GitLab Package Registry to publish NuGet packages, you have to use the v3 feed of NuGet. However, if you are using Chocolatey or PowerShellGet, this is a problem as Chocolatey CLI pre v2 & PowerShellGet only supports v2 of NuGet.

We have customers who are using a mix of v2 and v3 and if they are migrating from Artifactory to GitLab, they likely need support for the older version.

Solution

This MR is adding support for the service index and publishing endpoints so that .NET developers can push NuGet packages to the GitLab registry using Chocolatey & PowerShellGet

  • service index endpoint (GET /api/v4/projects/<project_id>/packages/nuget/v2)
  • authorize publish endpoint ((PUT /api/v4/projects/<project_id>/packages/nuget/v2/authorize)
  • publish endpoint (PUT /api/v4/projects/<project_id>/packages/nuget/v2)

How to set up and validate locally

Test the service index endpoint:

curl "http://gdk.test:3000/api/v4/projects/<project_id>/packages/nuget/v2"

Test the publish endpoint:

To be able to test with Chocolatey cli on macOS M1, I had to use this docker image: https://hub.docker.com/r/kosdk/choco

  1. Pull the image and start the docker container.
  2. Create a package using this command:
choco new --name=ChocoPackage
  1. Navigate to the root of the newly created folder ChocoPackage.
  2. Open chocopackage.nuspec file and edit the version to be any valid version string. For ex: '1.0.0'
  3. Execute choco pack command to generate the package file chocopackage.1.0.0.nupkg
  4. Push the package to your gdk NuGet v2 feed. Use --force so that Choco accepts the non https source.
choco push chocopackage.1.0.0.nupkg --source "http://gdk.test:3000/api/v4/projects/<project_id>/packages/nuget/v2/" --api-key <PAT> --force
  1. The package should be published successfully.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #416404 (closed)

Edited by Moaz Khalifa

Merge request reports