Add filepath redirect url for Release assets

What does this MR do?

With this change we will allow receipt of urls made up of the project + tag + arbitrary filepath to the actual url stored for a link.

This is complicated by the fact that tags may have or or 1 embedded slashes, and the filepath may have any number of embedded slashes.

Existing Routes

be rake routes | grep project_release | awk '{ print $1, $2, $3, $4 }'

evidence_namespace_project_release GET /*namespace_id/:project_id/-/releases/:tag/evidence(.:format) projects/releases#evidence
namespace_project_releases GET /*namespace_id/:project_id/-/releases(.:format) projects/releases#index
edit_namespace_project_release GET /*namespace_id/:project_id/-/releases/:tag/edit(.:format) projects/releases#edit
namespace_project_release GET /*namespace_id/:project_id/-/releases/:tag(.:format) projects/releases#show

Example possible combinations

No embedded slashes

• tag: v11.9.0-rc2
• filepath: /gitlab-runner-linux-amd64.dmg
• filepath_redirect_url: https://gitlab.com/namespace/project/releases/v11.9.0-rc2/gitlab-runner-linux-amd64.dmg

Embedded slash in tag

• tag: v11.9.0/rc2
• filepath: /gitlab-runner-linux-amd64.dmg
• filepath_redirect_url: https://gitlab.com/namespace/project/releases/v11.9.0/rc2/gitlab-runner-linux-amd64.dmg

Embedded slashes in filepath

• tag: v11.9.0-rc2
• filepath: /binaries/v2/gitlab-runner-linux-amd64.dmg
• filepath_redirect_url: https://gitlab.com/namespace/project/releases/v11.9.0-rc2/binaries/v2/gitlab-runner-linux-amd64.dmg

Embedded slashes in both

• tag: v11.9.0/rc2
• filepath: /binaries/v2/gitlab-runner-linux-amd64.dmg
• filepath_redirect_url: https://gitlab.com/namespace/project/releases/v11.9.0/rc2/binaries/v2/gitlab-runner-linux-amd64.dmg

Filepath rules

• No embedded double slashes // or colons : allowed
• single embedded / is allowed
• Embedded -, _, . are allowed as single or multiple
• Filepath must begin with a slash
• Filepath much end with a number or letter
• Filepath must be a valid url fragment
• UTF-8 (accented) characters are not allowed

Screenshots

Does this MR meet the acceptance criteria?

Conformity

• Changelog entry
• [-] Documentation - will be handed in it's own MR
• Code review guidelines
• Merge request performance guidelines
• Style guides
• [-] Database guides
• [-] Separation of EE specific content

Availability and Testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• Tested in all supported browsers
• [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• [-] Label as security and @ mention @gitlab-com/gl-security/appsec
• [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• [-] Security reports checked/validated by a reviewer from the AppSec team

Part of #27300 (closed)

changed milestone to %12.9

added Category:Release Orchestration UX [deprecated] 🍎 backend cicdactive devopsrelease [DEPRECATED] direction frontend missed:12.8 typefeature workflowin dev + 1 deleted label

changed the description

changed target branch from 27300-enable-a-direct-link-to-a-release-and-release-assets-2 to 23700-add-filepath-to-release-links-api

mentioned in commit 2a2a8c25

added 1 commit

• 2a2a8c25 - Add filepath redirect url

Compare with previous version

changed the description

mentioned in commit f04e31e6

added 1 commit

• f04e31e6 - Add filepath redirect url

Compare with previous version

changed the description

mentioned in issue #27300 (closed)

mentioned in merge request !25512 (merged)

mentioned in merge request !24358 (closed)

mentioned in commit f0ff5bc0

added 6 commits

• f04e31e6...2b0ad6ce - 4 commits from branch 23700-add-filepath-to-release-links-api
• f0ff5bc0 - Add filepath redirect url
• be69d6e9 - Remove unneeded code

Compare with previous version

changed the description

added 1 commit

• 1c5d2410 - Update route defn

Compare with previous version

added 1 commit

• afe7f81c - Reconfigure path settings

Compare with previous version

added 1 commit

• e8942789 - Remove local test

Compare with previous version

mentioned in commit 9a733e84

changed the description

removed 1 deleted label

changed target branch from 23700-add-filepath-to-release-links-api to master

mentioned in merge request !25533 (merged)

mentioned in commit 4bfefbb5

added 765 commits

• e8942789...0c3bca67 - 754 commits from branch master
• 177a041e - Add filepath column to release_links
• ca1e4bee - Modified scope of filepath regex
• b2e1abc3 - Apply reviewer suggestion
• 62c16808 - Add filepath to release_links API
• f68ed94e - Add filepath to release_links API
• ad9974eb - Expose filepath_url in API
• 4bfefbb5 - Add filepath redirect url
• 648f3191 - Remove unneeded code
• 04232454 - Update route defn
• 1884c620 - Reconfigure path settings
• 86b52ce0 - Remove local test

Compare with previous version

mentioned in commit dbde7a30

added 1 commit

• dbde7a30 - Add filepath redirect url

Compare with previous version

changed target branch from master to 23700-add-filepath-to-release-links-api

changed target branch from 23700-add-filepath-to-release-links-api to master

mentioned in commit 7354d576

added 243 commits

• dbde7a30...54cd52b6 - 242 commits from branch master
• 7354d576 - Add filepath redirect url

Compare with previous version

added database databasereview pending + 1 deleted label and removed 1 deleted label

added 1 commit

• c912f943 - Non-working WIP code

Compare with previous version

@splattael could I ask your advice on this MR? The goal is to have a catch-all route under tag, e.g.: /namespace/project/releases/v11.9.0-rc2/gitlab-runner-linux-amd64.dmg that is then captured in it's own action. We then check if the rest of the url matches a previously saved filepath if redirect if this is the case. Otherwise it would be a 404.

The problem is that tag is already allowed to have an embedded /, and filepath of course can have any number.

Do you have any thoughts on this WIP MR?

marked as a Work In Progress

unmarked as a Work In Progress

mentioned in commit 9f097fab

added 1 commit

• 9f097fab - Add filepath redirect url

Compare with previous version

added 1 commit

• 14c0e3e9 - Add Rubocop exception

Compare with previous version

added 1 commit

• 4b6746a8 - Fix linter issue

Compare with previous version

marked the checklist item Changelog entry as completed

changed the description

@splattael I wonder if I could ask you to review this MR?

The proposal to embed downloads has been accepted. #27300 (comment 297018858)

assigned to @splattael

unassigned @splattael

added 1 commit

• 3113de08 - Apply suggestion to app/controllers/projects/releases_controller.rb

Compare with previous version

added 1 commit

• 00f60fdf - Apply suggestion to spec/controllers/projects/releases_controller_spec.rb

Compare with previous version

added 1 commit

• fd765c01 - Rspec code refactoring

Compare with previous version

added 1 commit

• d77012c6 - Filepath format testing

Compare with previous version

mentioned in merge request !26370 (merged)

added 1 commit

• bdd1293b - Fix linter issue

Compare with previous version

resolved all threads

assigned to @splattael

@splattael I don't think this should need DB review (as noted by the Dangerbot). If you think it does, just let me know & I'll assign it. Many thanks!

added workflowin review label and removed workflowin dev label

removed database databasereview pending labels

unassigned @splattael

added 1 commit

• 37906f61 - Apply reviewer suggestions

Compare with previous version

Reviewer roulette

Changes that require review have been detected! A merge request is normally reviewed by both a reviewer and a maintainer in its primary category (e.g. frontend or backend), and by a maintainer in all other categories.

To spread load more evenly across eligible reviewers, Danger has randomly picked a candidate for each review slot. Feel free to override this selection if you think someone else would be better-suited, or the chosen person is unavailable.

To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines.

Once you've decided who will review this merge request, mention them as you normally would! Danger does not (yet?) automatically notify them for you.

Category	Reviewer	Maintainer
backend	Brett Walker (@digitalmoksha)	Grzegorz Bizon (@grzesiek)

Generated by Danger

resolved all threads

Back to you @splattael, should be good now.

assigned to @splattael

approved this merge request

resolved all threads

merged

mentioned in commit a9bd44b2

mentioned in commit 421fbbbf

resolved all threads

added workflowstaging label and removed workflowin review label

added workflowcanary label and removed workflowstaging label

added missed:12.8 workflowproduction labels and removed missed:12.8 workflowcanary labels

mentioned in commit 13471854

mentioned in issue #211622 (closed)

mentioned in issue #213016 (closed)

mentioned in issue #296841 (closed)