Nuget package content service (!24290) · Merge requests · GitLab.org / GitLab

David Fernandez requested to merge 10io-nuget-package-content-service into master Feb 03, 2020

What does this MR do?

This MR implements the Package content service on the Nuget API. See https://docs.microsoft.com/en-us/nuget/api/package-base-address-resource.

This API is meant to be used by the nuget client or its relatives, dotnet and Visual Studio.

Relates to: #36506 (closed) and #20050 (closed)

This MR is part of the nuget MVC (See the epic &2271 (closed)). This MR is gated behind this feature flag (scoped by project): nuget_package_registry. This MR doesn't need documentation or a change log entry.

Technical description

As described in the official documentation, the content service has two endpoints:

One that given the package name will return all the available versions as json.
One that given the package name + version will return the package archive as a download.

One thing to keep in mind is that nuget uses the lower case version of the package name. If the package name is DummyPackage then, on both endpoints, nuget will send dummypackage as the package name.

The relevant finders have been updated to support this "case insensitive" mode.

One last thing, nuget doesn't autofollow 302 Moved redirects. It will interpret those codes as errors and stop the execution.

Screenshots

The following examples suppose having a nuget registry setup as described in https://docs.gitlab.com/ee/user/packages/npm_registry/index.html and a package name DummyProject.DummyPackage with 3 versions 1.0.0, 1.0.1 and 1.0.2.

nuget

$ nuget install DummyProject.DummyPackage -OutputDirectory packages -source locally
Feeds used:
  https://gitlab.local:3443/api/v4/projects/1/packages/nuget/index.json

Installing package 'DummyProject.DummyPackage' to 'packages'.
  GET https://gitlab.local:3443/api/v4/projects/1/packages/nuget/metadata/dummyproject.dummypackage/index.json
  OK https://gitlab.local:3443/api/v4/projects/1/packages/nuget/metadata/dummyproject.dummypackage/index.json 355ms


Attempting to gather dependency information for package 'DummyProject.DummyPackage.1.0.2' with respect to project 'packages', targeting 'Any,Version=v0.0'
Gathering dependency information took 18.1 ms
Attempting to resolve dependencies for package 'DummyProject.DummyPackage.1.0.2' with DependencyBehavior 'Lowest'
Resolving dependency information took 0 ms
Resolving actions to install package 'DummyProject.DummyPackage.1.0.2'
Resolved actions to install package 'DummyProject.DummyPackage.1.0.2'
  GET https://gitlab.local:3443/api/v4/projects/1/packages/nuget/download/DummyProject.DummyPackage/1.0.2/dummyproject.dummypackage.1.0.2.nupkg
Retrieving package 'DummyProject.DummyPackage 1.0.2' from 'locally'.
  OK https://gitlab.local:3443/api/v4/projects/1/packages/nuget/download/DummyProject.DummyPackage/1.0.2/dummyproject.dummypackage.1.0.2.nupkg 5093ms
Installing DummyProject.DummyPackage 1.0.2.
Adding package 'DummyProject.DummyPackage.1.0.2' to folder '/Users/nuget/packages'
Added package 'DummyProject.DummyPackage.1.0.2' to folder '/Users/nuget/packages'
Successfully installed 'DummyProject.DummyPackage 1.0.2' to packages
Executing nuget actions took 5.19 sec

dotnet

$ dotnet add package DummyProject.DummyPackage
info : Adding PackageReference for package 'DummyProject.DummyPackage' into project '/Users/nuget/nuget_client.csproj'.
info : Restoring packages for /Users/nuget/nuget_client.csproj...
info :   CACHE https://gitlab.local:3443/api/v4/projects/1/packages/nuget/download/dummyproject.dummypackage/index.json
info : Package 'DummyProject.DummyPackage' is compatible with all the specified frameworks in project '/Users/nuget/nuget_client.csproj'.
info : PackageReference for package 'DummyProject.DummyPackage' version '1.0.2' added to file '/Users/nuget/nuget_client.csproj'.
info : Committing restore...
info : Generating MSBuild file /Users/nuget/obj/nuget_client.csproj.nuget.g.props.
info : Writing assets file to disk. Path: /Users/nuget/obj/project.assets.json
log  : Restore completed in 28.15 sec for /Users/nuget/nuget_client.csproj.

[output truncated to relevant lines]

Visual Studio

This client can't be tested yet as it needs a search service first (see #36505 (closed))

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
Tested in all supported browsers
Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

Label as security and @ mention @gitlab-com/gl-security/appsec
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
Security reports checked/validated by a reviewer from the AppSec team

Edited Feb 13, 2020 by Tim Rizzi

Nuget package content service