Skip to content

Conan packages associate with pipelines

Steve Abrams requested to merge 234002-conan-create-build-info into master

What does this MR do?

Packages published to the GitLab package registry (such as NPM, Maven, Conan, etc...) within a CI pipeline, will show the commit and pipeline that built them.

How this works is in the API authentication code, an instance variable named @current_authenticated_job is set. Then, when a package or package file record is created or updated, we create a new Packages::BuildInfo or Packages::PackageFileBuildInfo record that associates a package and a pipeline (these are essentially join tables with package_id or package_file_id and pipeline_id).

The problem is, Conan overrides a few of the methods in the standard API authentication code, causing @current_authenticated_job never to be set.

This MR sets @current_authenticated_job in the Conan-specific authentication method so the Packages::BuildInfo and Packages::PackageFileBuildInfo records are created when a job is used to publish a Conan package.

Screenshots (strongly suggested)

The commit and pipeline info are now shown when a Conan package is created via CI:

Screen_Shot_2020-12-07_at_3.48.41_PM Screen_Shot_2020-12-07_at_3.48.56_PM

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team

Related to #234002 (closed)

Edited by Steve Abrams

Merge request reports