Skip to content
Snippets Groups Projects

NuGet - Add Push Service

Merged David Fernandez requested to merge 10io-nuget-push-delete-service into master

What does this MR do?

This MR adds the Push service endpoint in the NuGet API.

This API is meant to be used by the following tools: nuget and Visual Studio.

See the epic: &2271 (closed)

Related issue #36499 (closed) and #20050 (closed)

This MR changes the following:

  • Implements the push service for a NuGet Feed. Basically, an endpoint accepting package uploads. See https://docs.microsoft.com/en-us/nuget/api/package-publish-resource. Only the "push" part is implemented in this MR. The "delete" part will be added at a later time (see #36499 (comment 255275410))
    • Sidenote: this MR being part of the NuGet MVC. We currently allow multiple uploads of the same package file to simplify the first iteration of the implementation.
  • Reuse as many existing services as possible. The only one that is added in this MR is Packages::Nuget::CreatePackageService
  • Centralize code between the Conan endpoint and the Nuget endpoint. For example, all the workhorse upload process is shared. Specs will share common functions.
  • Add missing specs for API::Helpers::PackagesHelpers

Additional notes

  • nuget clients impose how the API has to be authenticated. Clients will make an anonymous request. Upon receiving unauthorized with the proper http header, it will make a second request but the proper credentials attached. This part has already been handled in the previous MR (!20825 (merged)).
  • the upload request lacks of any information about the package. Here is an example of such upload: Screenshot_2019-12-05_at_16.55.16
  • As you can see above, the request doesn't have the package name, the package version or any other information. As such, the upload endpoint will simply store the package archive file and that's it. That's why the package has a fixed name and version.
  • In a future MR, a job will be implemented to extract and analyze the package archive (see #36502 (closed)). That's where we will be able to set properly the package name and version.

Screenshots

Here is an upload action with nuget:

$ nuget push DummyProject.DummyPackage.1.0.0.nupkg -source local
WARNING: No API Key was provided and no API Key could be found for 'https://gitlab.local/api/v4/projects/19/packages/nuget'. To save an API Key for a source use the 'setApiKey' command.
Pushing DummyProject.DummyPackage.1.0.0.nupkg to 'https://gitlab.local/api/v4/projects/19/packages/nuget'...
  PUT https://gitlab.local/api/v4/projects/19/packages/nuget/
  Created https://gitlab.local/api/v4/projects/19/packages/nuget/ 37741ms
Your package was pushed.

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Tim Rizzi

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • added 1 commit

    • 77eb6fcf - Add Push Service endpoint in the NuGet API

    Compare with previous version

  • David Fernandez changed the description

    changed the description

  • David Fernandez unmarked as a Work In Progress

    unmarked as a Work In Progress

  • added workflowin review label and removed workflowin dev label

  • assigned to @sabrams

  • added 1 commit

    • c3eac580 - Add Push Service endpoint in the NuGet API

    Compare with previous version

  • added 1 commit

    • fe77b797 - Add Push Service endpoint in the NuGet API

    Compare with previous version

  • David Fernandez added 578 commits

    added 578 commits

    Compare with previous version

  • David Fernandez
  • added 1 commit

    • 23979a43 - Add Push Service endpoint in the NuGet API

    Compare with previous version

  • David Fernandez changed the description

    changed the description

  • Author Maintainer

    :ping_pong: @igor.drozdov for backend review. Thanks!

  • mentioned in issue #36502 (closed)

  • Igor Drozdov
  • Author Maintainer

    @jprovaznik Do you mind doing the maintainer review for this MR?

    You did it for the initial MR (!20825 (merged)) and as such, you know quite well the context of this API.

    Edited by David Fernandez
  • added 1 commit

    • ef6b2abe - Centralize the "unauthorize or X" logic

    Compare with previous version

  • Jan Provaznik
  • David Fernandez added 2 commits

    added 2 commits

    • 2fc2e52d - Squash tests as suggested by reviews
    • ad2c3cb0 - Apply maintainer feedback

    Compare with previous version

  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Please register or sign in to reply
    Loading