Conan package registry file upload endpoints
What does this MR do?
This MR implements the endpoints for handling file uploads to the conan package registry. When running a command like conan upload, the conan CLI will make api requests to this endpoint sending each package file as a request to the API. Workhorse intercepts these requests and handles the file upload, but forwards a /authorize
request that is expected to be verified. Once workhorse has verified authorization, it submits the original request, but with file metadata rather than the file itself. This MR implements the endpoint for authorizing workhorse, and the endpoint for accepting the file metadata and creating the conan Package
, PackageFile
, and ConanFileMetadatum
records.
This requires v8.11.0 of workhorse, which is already in use on master per the GITLAB_WORKHORSE_VERSION
file. The workhorse route was imlemented in gitlab-workhorse!412 (merged)
Note: This is only a piece of the full
conan upload
implementation (it is too large for one MR), these new endpoints sit behind a feature flag, so there is no need for a changelog. The documentation for conan is also being handled in a separate MR: !16349 (merged)
Does this MR meet the acceptance criteria?
Conformity
[ ] Changelog entry[ ] Documentation created/updated or follow-up review issue created-
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Performance and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- ~~[ ] Label as security and @ mention
@gitlab-com/gl-security/appsec
~~ [ ] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods[ ] Security reports checked/validated by a reviewer from the AppSec team
Related #13345 (closed)