Protected packages: Validate package_name_pattern format
requested to merge gitlab-community/gitlab:416382-protected-packages-add-format-validation-for-package-name-pattern into master
What does this MR do and why?
- During a MR review, we noticed that npm packages only allow a certain format for the package name, e.g. no backslashes characters, no asterisk characters, etc.
- When implementing package protection rule for npm packages, the field
package_name_pattern
should also consider the format validation that is applied to npm packages => This MR wants to add this format validation.
Screenshots or screen recordings
This MR has no frontend changes.
How to set up and validate locally
- Create a valid package protection rule because the field
package_name_pattern
is
package = Packages::Package.new(project: Project.find(7), name: "@gitlab-org/npm-package-valid-name")
package.valid? # => true
package_protection_rule = Packages::Protection::Rule.new(project: Project.find(7), package_type: :npm, push_protected_up_to_access_level: Gitlab::Access::DEVELOPER, package_name_pattern: "@gitlab-org/npm-package-valid-name")
package_protection_rule.valid? # => true
- Create an invalid package protection rule because the field
package_name_pattern
cannot represent a valid package name
package = Packages::Package.new(project: Project.find(7), name: "@gitlab-org/npm-package-%%")
package.valid? # => false
package.errors.full_messages # => ["Name is invalid"]
package_protection_rule = Packages::Protection::Rule.new(project: Project.find(7), package_type: :npm, push_protected_up_to_access_level: Gitlab::Access::DEVELOPER, package_name_pattern: "@gitlab-org/npm-package-%%")
package_protection_rule.valid? # => false
package_protection_rule.errors.full_messages # => ["Package name pattern should be a valid NPM package name with optional wildcard characters."]
Todos
-
@gerardo-navarro Finish the description of the MR
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR. -
Changelog entry added, if necessary -
Documentation created/updated via this MR -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Tested in all supported browsers -
Conforms to the code review guidelines -
Conforms to the merge request performance guidelines -
Conforms to the style guides -
Conforms to the javascript style guides -
Conforms to the database guides
-
Related to Protected packages: Add basic model and migrati... (#416382) and Protected packages: Adding new scope for_packag... (!131298 - merged)
Edited by Gerardo Navarro