Adding Secure Files data model and file uploader (!77886) · Merge requests · GitLab.org / GitLab

Darby Frey requested to merge 346290-proposal-for-adding-binary-file-support-to-ci-variables into master Jan 10, 2022

What does this MR do and why?

This change adds the data model and file uploader to support the Secure Files mechanism discussed in #346290 (closed).

The feature is designed to support folks who need a simple way to add binary files to their CI pipelines. The use case I'm focused on is in the code signing process for mobile teams, but this approach has been generalized to support other use cases as well.

I'm breaking down the original MR into smaller changes that should be easier to review. The original MR is here: !75695 (closed).

Screenshots or screen recordings

A recorded walkthrough of this whole feature is here: https://youtu.be/eK3FUskHfdo

File Attributes

Secure Files have several attributes which are stored in the database:

project Secure Files belong to a project
name the name of the file will be downloaded as
file the file itself, files are encrypted before they are written to disk
checksum a checksum of the unencrypted file is computed and saved, this is checked by the download API
permissions an enum of read_only, read_write, or execute, to be used by the future GitLab Runner integration

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #346290 (closed)

Edited Jan 10, 2022 by Darby Frey

Admin message

Adding Secure Files data model and file uploader

What does this MR do and why?

Screenshots or screen recordings

File Attributes

MR acceptance checklist

Merge request reports