Protected packages: Show protected label in packages list (!141134) · Merge requests · GitLab.org / GitLab

The 17.0 major release is coming on May 16, 2024! This version brings many exciting improvements to GitLab, but also removes some deprecated features. We are introducing three breaking change windows during which we expect breaking changes to be deployed to GitLab.com. You can read more about it on our blogpost . The second breaking change window begins 2024-04-29 09:00 UTC and ends 2024-05-01 22:00 UTC.

Gerardo Navarro requested to merge gitlab-community/gitlab:413641-gerardo-navarro-protected-packages-show-protected-packages-in-package-registry-list into master Jan 05, 2024

What does this MR do and why?

Read the description of the issue to get more context information, see #437926
Feature flag switch to enable / disable the protected label

🛠 with ❤ at Siemens

Personal notes (@gerardo-navarro)

Implementation challenge: How to efficiently check if the package is protected or not?

Approach Matching on frontend 👎

Pulling all package protection rules via GraphQL and performing the matching on the frontend in javscript is not a good option. 🛑

How are other GitLab solving this?

In app/views/projects/branches/_branch.html.haml, the code checks for every branch if it is protected or not app/helpers/branches_helper.rb => can I also do this with GraphQl? => maybe I need more insights.
The check of the branch is protected is partially optimized by using the ProtectedBranches::CacheService

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

MR Checklist (@gerardo-navarro)

Screenshots or screen recordings

The following screenshot shows the end result. All packages with at least one matching package protection rule will receive the badge "protected". For now, we disregard the information related to the access level in the protection rules.

How to set up and validate locally

Enable the feature flag :packages_protected_packages

Feature.enable(:packages_protected_packages)

Go to the package registry setting of a project: http://gdk.test:3000/flightjs/Flight/-/settings/packages_and_registries
Create a new package protection rule with package name pattern @flightjs/npm_package_* (<= this will match seeded packages that are already in the package registry)
Go to the package registry of the project: http://gdk.test:3000/flightjs/Flight/-/packages

Related to #413641 and #437926

Edited Apr 04, 2024 by Gerardo Navarro

Admin message

Protected packages: Show protected label in packages list