Adding Secure Files data model and file uploader

Darby Freyrequested to merge
346290-proposal-for-adding-binary-file-support-to-ci-variables into master

What does this MR do and why?

This change adds the data model and file uploader to support the Secure Files mechanism discussed in #346290 (closed).

The feature is designed to support folks who need a simple way to add binary files to their CI pipelines. The use case I'm focused on is in the code signing process for mobile teams, but this approach has been generalized to support other use cases as well.

I'm breaking down the original MR into smaller changes that should be easier to review. The original MR is here: !75695 (closed).

Screenshots or screen recordings

A recorded walkthrough of this whole feature is here: https://youtu.be/eK3FUskHfdo

File Attributes

Secure Files have several attributes which are stored in the database:

  • project Secure Files belong to a project
  • name the name of the file will be downloaded as
  • file the file itself, files are encrypted before they are written to disk
  • checksum a checksum of the unencrypted file is computed and saved, this is checked by the download API
  • permissions an enum of read_only, read_write, or execute, to be used by the future GitLab Runner integration

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #346290 (closed)

Edited by Darby Frey

Merge request reports