Prevent NuGet processing packages being returned by the API
requested to merge 208678-packages-project-and-group-api-will-return-processing-nuget-packages into master
What does this MR do?
Prevents NuGet processing packages from being returned by the Packages API. The processed
scope was added to the package
, packages
and group_packages
finder. Tests were updated to include testing for this.
Related issue: #208678 (closed)
Screenshots
No visual changes.
Database
Query:
SELECT
"packages_packages".*
FROM
"packages_packages"
WHERE
"packages_packages"."project_id" = 9
AND ("packages_packages"."package_type" != 4
OR "packages_packages"."name" != 'NuGet.Temporary.Package')
ORDER BY
created_at ASC
LIMIT 20 OFFSET 0
Explain (from chatops):
Limit (cost=0.42..22.85 rows=20 width=80) (actual time=0.985..3.866 rows=20 loops=1)
Buffers: shared hit=8 read=16
I/O Timings: read=2.935
-> Index Scan using index_packages_packages_on_project_id_and_created_at on packages_packages (cost=0.42..123.77 rows=110 width=80) (actual time=0.984..3.859 rows=20 loops=1)
Index Cond: (project_id = 15400614)
Filter: ((package_type <> 4) OR ((name)::text <> 'NuGet.Temporary.Package'::text))
Buffers: shared hit=8 read=16
I/O Timings: read=2.935
Planning time: 2.684 ms
Execution time: 3.895 ms
Visual: https://explain.depesz.com/s/K4eX
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Edited by Nick Kipling