Maven package upload working with a free tier account
On GitLab.com, I have a free tier account. I am able to push Maven packages using a CI build.
This is not expected considering the documentation: https://about.gitlab.com/pricing/self-managed/feature-comparison/
Steps to reproduce
- Create a free tier account
- Create a public project
- Upload a Maven package following https://docs.gitlab.com/ee/user/packages/maven_repository/
What is the current bug behavior?
I was able to push a Maven package using a CI job
What is the expected correct behavior?
mvn deploy executed by the CI job should be rejected.
Relevant logs and/or screenshots
Uploading: https://gitlab.com/api/v4/projects/15187476/packages/maven/com/example/dep/simple-maven-dep/1.0-SNAPSHOT/simple-maven-dep-1.0-20191107.141022-1.jar 2/3 KB 3/3 KB Uploaded: https://gitlab.com/api/v4/projects/15187476/packages/maven/com/example/dep/simple-maven-dep/1.0-SNAPSHOT/simple-maven-dep-1.0-20191107.141022-1.jar (3 KB at 1.1 KB/sec)
Output of checks
This bug happens on GitLab.com
Prevent the maven API to be used with free tier accounts or update the documentation.
Note that if free tier accounts can use the package features, this has several implications:
- code organisation.
- naming enforcements during group/project path updates or transfers.
This could also happen for NPM packages.