Protected containers: Validation for repository_path_pattern

What does this MR do and why?

• This MR is implemented in the context of the EPIC &9825
• The field container_path_pattern will be used to match incomming container (image) commands => this means that not every string value should be allowed for this field => therefore, this MR adds more validations to this field
• One validation ensures that the field container_path_pattern starts with the project's full path because the container registry accepts container images with a certain naming convention, see https://docs.gitlab.com/ee/user/packages/container_registry/#naming-convention-for-your-container-images
• For the new feature "Protected Packages", this MR follows !132279 (merged)

🛠 with ❤ at Siemens

Screenshots or screen recordings

There are no frontend changes. Only changes in the backend .

How to set up and validate locally

1. Create a valid package protection rule because the field package_name_pattern is

Project.find(7).full_path # => "flightjs/Flight"

container_registry_protection_rule = ContainerRegistry::Protection::Rule.new(project: Project.find(7), push_protected_up_to_access_level: :developer, delete_protected_up_to_access_level: :developer, repository_path_pattern: "flightjs/flight")
container_registry_protection_rule.valid? # => true

container_registry_protection_rule = ContainerRegistry::Protection::Rule.new(project: Project.find(7), push_protected_up_to_access_level: :developer, delete_protected_up_to_access_level: :developer, repository_path_pattern: "flightjs/flight/sub-flight/*")
container_registry_protection_rule.valid? # => true

2. Create an invalid package protection rule because the field package_name_pattern cannot represent a valid package name

Project.find(7).full_path # => "flightjs/Flight"

container_registry_protection_rule = ContainerRegistry::Protection::Rule.new(project: Project.find(7), push_protected_up_to_access_level: :developer, delete_protected_up_to_access_level: :developer, repository_path_pattern:: "other-scope-flightjs/Flight")
container_registry_protection_rule.valid? # => false
container_registry_protection_rule.errors.full_messages # => ["Container path pattern is invalid"]

3. Create an invalid package protection rule because the field package_name_pattern can only contain downcased characters

Project.find(7).full_path # => "flightjs/Flight"

container_registry_protection_rule = ContainerRegistry::Protection::Rule.new(project: Project.find(7), push_protected_up_to_access_level: :developer, delete_protected_up_to_access_level: :developer, repository_path_pattern:: "flightjs/Flight")
container_registry_protection_rule.valid? # => false

Todos

• Discuss lower-case, extracted in another MR
• Unfortunately, there is no other https://docs.docker.com/engine/reference/commandline/tag/
• Check if we can reuse the regex used in this test cases, see spec/lib/gitlab/path_regex_spec.rb
• Improve validation error text regarding repository_path_pattern_in_project_scope in https://gitlab.com/gitlab-community/gitlab/-/blob/efb1493d9b91644df55ddc962d1e4bbf17e52568/app/models/container_registry/protection/rule.rb#L34

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.
  • Changelog entry added, if necessary
  • Documentation created/updated via this MR
  • Documentation reviewed by technical writer or follow-up review issue created
  • Tests added for this feature/bug
  • Tested in all supported browsers
  • Conforms to the code review guidelines
  • Conforms to the merge request performance guidelines
  • Conforms to the style guides
  • Conforms to the javascript style guides
  • Conforms to the database guides
  • Waiting for Protected containers: New scope for finding con... (!135969 - merged)

Related to #424367