Using three dots in composer package registry version fails validation
Summary
If a composer package has a version that contains three dots, such as 1.0.0.0, a failure occurs when publishing the package to the registry.
When publishing via the API, the error message is {"message":"Validation failed: Version is invalid"}%
.
In !46191 (merged), it appears composer packages are not validated against semantic versioning regular expression. Semver does not validate for 1.0.0.0.
Customer in internal ticket, was previously using dates for versioning. For example, 2020.12.01.000000
. Since upgrading GitLab to 13.6.1, they receive the same validation error: "Validation failed: Version is invalid"
when publishing packages.
Steps to reproduce
- Install GitLab 13.6
- Create a project
- Create a composer package
- Tag it with 1.0.0.0
- Publish with the API
Example Project
https://gitlab.com/john_long/testing-composer-versioning
What is the current bug behavior?
When publishing a composer package with a version containing three dots(.
), such as 1.0.0.0, validation fails causing the publishing of a package to fail.
What is the expected correct behavior?
Composer packages with versions containing three dots should pass validation allowing the package to publish.
Relevant logs and/or screenshots
{
"time": "2020-12-01T17:24:31.243Z",
"severity": "INFO",
"duration_s": 0.03273,
"db_duration_s": 0.00433,
"view_duration_s": 0.0284,
"status": 400,
"method": "POST",
"path": "/api/v4/projects/2/packages/composer",
"params": [
{
"key": "tag",
"value": "1.0.0.0"
}
],
"host": "192.168.33.10",
"remote_ip": "192.168.33.1, 127.0.0.1",
"ua": "curl/7.64.1",
"route": "/api/:version/projects/:id/packages/composer",
"user_id": 1,
"username": "root",
"api_error": [
"{\"message\":\"Validation failed: Version is invalid\"}"
],
"queue_duration_s": 0.008549,
"gitaly_calls": 4,
"gitaly_duration_s": 0.005949,
"redis_calls": 4,
"redis_duration_s": 0.000498,
"redis_read_bytes": 634,
"redis_write_bytes": 233,
"redis_cache_calls": 4,
"redis_cache_duration_s": 0.000498,
"redis_cache_read_bytes": 634,
"redis_cache_write_bytes": 233,
"correlation_id": "DXUvCn8gNr5",
"meta.user": "root",
"meta.project": "root/awesome-composer-packages",
"meta.root_namespace": "root",
"meta.caller_id": "/api/:version/projects/:id/packages/composer",
"meta.feature_category": "package_registry",
"content_length": "11"
}
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
```bash root@ubuntu-bionic:/var/log/gitlab# sudo gitlab-rake gitlab:env:info System information System: Ubuntu 18.04 Proxy: no Current User: git Using RVM: no Ruby Version: 2.7.2p137 Gem Version: 3.1.4 Bundler Version:2.1.4 Rake Version: 13.0.1 Redis Version: 5.0.9 Git Version: 2.29.0 Sidekiq Version:5.2.9 Go Version: unknown GitLab information Version: 13.6.1-ee Revision: a0e59de39b3 Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: PostgreSQL DB Version: 11.9 URL: http://192.168.33.10 HTTP Clone URL: http://192.168.33.10/some-group/some-project.git SSH Clone URL: git@192.168.33.10:some-group/some-project.git Elasticsearch: no Geo: no Using LDAP: no Using Omniauth: yes Omniauth Providers: GitLab Shell Version: 13.13.0 Repository storage paths: - default: /var/opt/gitlab/git-data/repositories GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell Git: /opt/gitlab/embedded/bin/git ```
Results of GitLab application Check
Expand for output related to the GitLab application check
root@ubuntu-bionic:/var/log/gitlab# sudo gitlab-rake gitlab:check SANITIZE=true Checking GitLab subtasks ... Checking GitLab Shell ... GitLab Shell: ... GitLab Shell version >= 13.13.0 ? ... OK (13.13.0) Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Internal API available: OK Redis available via internal API: OK gitlab-shell self-check successful Checking GitLab Shell ... Finished Checking Gitaly ... Gitaly: ... default ... OK Checking Gitaly ... Finished Checking Sidekiq ... Sidekiq: ... Running? ... yes Number of Sidekiq processes ... 1 Checking Sidekiq ... Finished Checking Incoming Email ... Incoming Email: ... Reply by email is disabled in config/gitlab.yml Checking Incoming Email ... Finished Checking LDAP ... LDAP: ... LDAP is disabled in config/gitlab.yml Checking LDAP ... Finished Checking GitLab App ... Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... skipped (no tmp uploads folder yet) Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... 2/1 ... yes 1/2 ... yes 1/3 ... yes Redis version >= 4.0.0? ... yes Ruby version >= 2.5.3 ? ... yes (2.7.2) Git version >= 2.29.0 ? ... yes (2.29.0) Git user has default SSH configuration? ... yes Active users: ... 1 Is authorized keys file accessible? ... yes GitLab configured to store new projects in hashed storage? ... yes All projects are in hashed storage? ... yes Elasticsearch version 7.x (6.4 - 6.x deprecated to be removed in 13.8)? ... skipped (elasticsearch is disabled) Checking GitLab App ... Finished Checking GitLab subtasks ... Finished
Possible fixes
https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/models/packages/package.rb#L48