Skip to content

Protected packages: Validate package_name_pattern format

What does this MR do and why?

  • During a MR review, we noticed that npm packages only allow a certain format for the package name, e.g. no backslashes characters, no asterisk characters, etc.
  • When implementing package protection rule for npm packages, the field package_name_pattern should also consider the format validation that is applied to npm packages => This MR wants to add this format validation.

🛠 with at Siemens

Screenshots or screen recordings

This MR has no frontend changes.

How to set up and validate locally

  1. Create a valid package protection rule because the field package_name_pattern is
package = Packages::Package.new(project: Project.find(7), name: "@gitlab-org/npm-package-valid-name")
package.valid? # => true

package_protection_rule = Packages::Protection::Rule.new(project: Project.find(7), package_type: :npm, push_protected_up_to_access_level: Gitlab::Access::DEVELOPER, package_name_pattern: "@gitlab-org/npm-package-valid-name")
package_protection_rule.valid? # => true
  1. Create an invalid package protection rule because the field package_name_pattern cannot represent a valid package name
package = Packages::Package.new(project: Project.find(7), name: "@gitlab-org/npm-package-%%")
package.valid? # => false
package.errors.full_messages # => ["Name is invalid"]

package_protection_rule = Packages::Protection::Rule.new(project: Project.find(7), package_type: :npm, push_protected_up_to_access_level: Gitlab::Access::DEVELOPER, package_name_pattern: "@gitlab-org/npm-package-%%")
package_protection_rule.valid? # => false
package_protection_rule.errors.full_messages # => ["Package name pattern should be a valid NPM package name with optional wildcard characters."]

Todos

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to Protected packages: Add basic model and migrati... (#416382) and Protected packages: Adding new scope for_packag... (!131298 - merged)

Edited by Gerardo Navarro

Merge request reports