Skip to content

Use package settings to validate Maven packages

Steve Abrams requested to merge 276882-use-package-settings-maven into master

🏛 Context

The GitLab package registry allows users to publish and store Maven (Java) packages to their GitLab projects.

!50104 (merged) added a new table namespace_package_settings which has two columns (settings):

  • maven_duplicates_allowed - If true, duplicate Maven packages (same name and version) are allowed to be published to the project.
  • maven_duplicate_exception_regex - If maven_duplicates_allowed is false, this regex is used to specify any exceptions.

Maven users often will work with what is known as "SNAPSHOT" packages. These are packages that are in development and not yet released, their version is prefixed with "SNAPSHOT", like SNAPSHOT-1.0.0. They will publish the same package multiple times, then once it is complete, give it the proper semantic version: 1.0.0.

These new settings allow users to better configure when and if the GitLab package registry rejects duplicate Maven packages.

🔍 What does this MR do?

This MR updates the package model validation to use the namespace package settings when validating a new Maven package.

📷 Screenshots (strongly suggested)

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team

Related to #276882 (closed)

Edited by Steve Abrams

Merge request reports