Adding Secure Files data model and file uploader
What does this MR do and why?
This change adds the data model and file uploader to support the Secure Files mechanism discussed in #346290 (closed).
The feature is designed to support folks who need a simple way to add binary files to their CI pipelines. The use case I'm focused on is in the code signing process for mobile teams, but this approach has been generalized to support other use cases as well.
I'm breaking down the original MR into smaller changes that should be easier to review. The original MR is here: !75695 (closed).
Screenshots or screen recordings
A recorded walkthrough of this whole feature is here: https://youtu.be/eK3FUskHfdo
File Attributes
Secure Files have several attributes which are stored in the database:
-
project
Secure Files belong to a project -
name
the name of the file will be downloaded as -
file
the file itself, files are encrypted before they are written to disk -
checksum
a checksum of the unencrypted file is computed and saved, this is checked by the download API -
permissions
an enum ofread_only
,read_write
, orexecute
, to be used by the future GitLab Runner integration
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #346290 (closed)