Skip to content

Set project_id when creating Packages::Dependency

Dzmitry (Dima) Meshcharakourequested to merge
465276-set-project-id into master

What does this MR do and why?

In Add project_id column to packages_dependencies ... (!160830 - merged) we added a new column project_id to the packages_dependencies table.

This is the second MR in the series that changes the Packages::CreateDependencyService to set project_id column when creating a new Packages::Dependency entry and to use project_id when fetching the existing entries.

Additionally, it changes Packages::Rubygems::CreateDependenciesService to re-use Packages::CreateDependencyService with the updated logic, instead of changing already problematic safe_find_or_create_by! to use project_id.

Note: Backfilling project_id for existing entries will be added in the separate MR.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

No.

How to set up and validate locally

The Packages::CreateDependencyService is used to create a new dependency for npm, nuget and rubygems (experiment support packages. Let's check all of them.

npm package

  1. Create a new or choose an existing project where npm package will be published.

  2. Create a new npm package

    mkdir test_package && cd test_package
npm init -y

  3. Change the package's name to include a scope. Example: "name": "@gitlab-org/test_package". More about the naming convention is here.

  4. Change the .npmrc to set the registry for scope and add an authentication token in case of none public page docs. Use project level endpoint.

  5. Add dependency to the package

    npm i axios

  6. Publish the package

    npm publish

  7. Check that the new dependency for axios was created and it contains correct project_id.

    # In `rails console`
Packages::Dependency.where(name: 'axios')

Now let's check that the existing dependency without project_id is re-used

  1. Create a new dependency using rails console

    Packages::Dependency.create(name: "momentjs", version_pattern: "^2.0.0")

  2. Add momentjs to our test_package

    npm i momentjs@2.0.0

  3. Bump the version of package and publish it.

  4. Check the last Packages::Dependency with the name: "momentjs", it should be still without project_id.

  5. Check that the Packages::DependencyLink was created and linked to momentjs and our package.

nuget package

  1. Create a new nuget package

    mkdir pineapple && cd pineapple
nuget spec

  2. Check the dependencies inside Package.nuspec, usually it should have SampleDependency. If there're none, add SampleDependency as following:

    <?xml version="1.0" encoding="utf-8"?>
<package>
  <metadata>
    ...
    <dependencies>
      <group targetFramework=".NETStandard2.1">
        <dependency id="SampleDependency" version="1.0.0" />
      </group>
    </dependencies>
  </metadata>
</package>

  3. Add nuget source to setup authentication docs

  4. Generate package and publish it

    nuget pack
nuget push Package.1.0.0.nupkg -Source gitlab

  5. Check that the new dependency for SampleDependency was created and it contains correct project_id.

    # In `rails console`
Packages::Dependency.where(name: 'SampleDependency')

Now let's check that the existing dependency without project_id is re-used

  1. Create a new dependency using rails console

    Packages::Dependency.create(name: "JunitXml.TestLogger", version_pattern: "4.0.254")

  2. Add JunitXml.TestLogger version 4.0.254 to our package

    <dependencies>
  <group targetFramework=".NETStandard2.1">
    ...
    <dependency id="JunitXml.TestLogger" version="4.0.254" />
  </group>
</dependencies>

  3. Bump the version of package and publish it.

  4. Check the last Packages::Dependency with the name: "JunitXml.TestLogger", it should be still without project_id.

  5. Check that the Packages::DependencyLink was created and linked to JunitXml.TestLogger and our package.

rubygems package

  1. Enable the feature flag Feature.enable(:rubygem_packages)

  2. Create a new ruby package with pry dependency

    mkdir my_gem && cd my_gem
tee -a my_gem.gemspec <<END
 Gem::Specification.new do |s|
   s.name        = 'my_gem'
   s.version     = '0.0.1'
   s.summary     = "This is an example!"
   s.authors     = ["Ruby Coder"]
   s.add_development_dependency "pry"
 end
 END
gem build my_gem.gemspec

  3. Setup the credentials docs

  4. Publish the package

    gem push my_gem-0.0.1.gem --host <RUBYGEMS_API_ENDPOINT>

    RUBYGEMS_API_ENDPOINT is defined in ~/.gem/credentials

  5. Check that the new dependency for pry was created and it contains correct project_id.

    # In `rails console`
Packages::Dependency.where(name: 'pry')

Now let's check that the existing dependency without project_id is re-used

  1. Create a new dependency using rails console

    Packages::Dependency.create(name: "rake", version_pattern: ">= 0")

  2. Add new dependency to my_gem

    s.add_development_dependency "rake"

  3. Bump the version, build the gem and publish

  4. Check the last Packages::Dependency with the name: "rake", it should be still without project_id.

  5. Check that the Packages::DependencyLink was created and linked to rake and our package.

Related to #465276 (closed)

Edited by Dzmitry (Dima) Meshcharakou

Merge request reports