PyPi Artifact Repository MVC
Binary Repository Managers (https://en.wikipedia.org/wiki/Binary_repository_manager) allow easy access and management of artifacts created and consumed by projects. Software like JFrog Artifactory (https://www.jfrog.com/artifactory/) or Sonatype Nexus (https://www.sonatype.com/nexus-repository-oss) are examples of multi-protocol repositories.
We want to enhance our existing artifacts system, allowing access using the most common package managers. This epic focuses on PyPi.
The MVP will focus on:
- PyPi: https://pypi.org
Artifacts stored based on GitLab's settings for Artifacts, either locally on disk or in object storage.
- Proposed architecture
- Utilize the existing API for the registry in: https://gitlab.com/gitlab-org/gitlab-ee/issues/5838
- Define the protocol
- HTTP(S) protocol only, based on how the larger GitLab configuration is configured
- Certificates would then already be handled, either manually or via LE
- Should we support SHA256? MD5 hashing is not good for FIPS compliance?