Protected packages: Conan package push protection
-
Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you can request access to GitLab Duo.
What does this MR do and why?
Protected packages: Integrate package protection rules for conan packages
- Push protecting conan packages when a package protection rule exists.
- Enabling conan as a valid package type for package protection rules.
- Added tests
- Update also graphql api documentation
- Extracted a service to check if a rule exists for a package as discussed in a previous review, see !157098 (comment 2005373709)
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
MR Checklist (@gerardo-navarro)
-
Changelog entry added, if necessary -
Documentation created/updated via this MR -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Tested in all supported browsers -
Conforms to the code review guidelines -
Conforms to the merge request performance guidelines -
Conforms to the style guides -
Conforms to the javascript style guides -
Conforms to the database guides -
Badge "protected" is not attached to protected packages in the package overview
Screenshots or screen recordings
Before
In the project settings, the package protection rules only allow the package type npm and pypi (<= the feature flag :packages_protected_packages_pypi is enabled)
In the backend, conan packages can uploaded as usual to the package registry.
After
Regarding frontend, there is only a minimal change. As discussed here, a UX review should not be necessary for this.
The main changes of the MR are related to the backend. When a package protection rule is defined, then the conan package is protected and cannot be uploaded. The following console output will appear.
conan upload Hello/0.13@flightjs+flight/stable --all --remote=gitlab_gdk
Uploading to remote 'gitlab_gdk':
Uploading Hello/0.13@flightjs+flight/stable to remote 'gitlab_gdk'
ERROR:
Error uploading file: conanfile.py, '{"message":"403 Forbidden - Package protected."}'
ERROR:
Error uploading file: conanmanifest.txt, '{"message":"403 Forbidden - Package protected."}'
ERROR: Hello/0.13@flightjs+flight/stable: Upload recipe to 'gitlab_gdk' failed: Execute upload again to retry upload the failed files: conanfile.py, conanmanifest.txt. [Remote: gitlab_gdk]
ERROR: Errors uploading some packagesHow to set up and validate locally
- In rails console, enable the feature flag
:packages_protected_packages_conan
Feature.enable(:packages_protected_packages_conan)- Go to the package settings page of the seeded project "flightjs/Flight": http://gdk.test:3000/flightjs/Flight/-/settings/packages_and_registries
- Add a package protection rule with package_name_pattern value
Hellofor the field Package name pattern
- Create a conan package as explained in the GitLab package guide
- Configure conan remote with your local gdk package registry, see https://docs.gitlab.com/ee/user/packages/conan_repository/#add-the-package-registry-as-a-conan-remote
- Create and upload the conan package with the following commands
conan new Hello/0.1 -t
conan create . flightjs+flight/stable
conan upload Hello/0.1@flightjs+flight/stable --all --remote=gitlab_gdk- The conan package should not be successfully uploaded because it is protected, see console output above
💥 - Create a conan package with another package name (not Hello) and run the conan upload commands => the conan package will be successfully uploaded
conan new OtherHelloPackage/0.1 -t
conan create . flightjs+flight/stable
conan upload OtherHelloPackage/0.1@flightjs+flight/stable --all --remote=gitlab_gdkRelated to #323975