Nuget package content service
What does this MR do?
This MR implements the Package content service on the Nuget API. See https://docs.microsoft.com/en-us/nuget/api/package-base-address-resource.
This API is meant to be used by the nuget
client or its relatives, dotnet
and Visual Studio
.
Relates to: #36506 (closed) and #20050 (closed)
This MR is part of the nuget MVC (See the epic &2271 (closed)). This MR is gated behind this feature flag (scoped by project): nuget_package_registry
. This MR doesn't need documentation or a change log entry.
Technical description
As described in the official documentation, the content service has two endpoints:
- One that given the package name will return all the available versions as json.
- One that given the package name + version will return the package archive as a download.
One thing to keep in mind is that nuget
uses the lower case version of the package name. If the package name is DummyPackage
then, on both endpoints, nuget
will send dummypackage
as the package name.
The relevant finders have been updated to support this "case insensitive" mode.
One last thing, nuget
doesn't autofollow 302 Moved
redirects. It will interpret those codes as errors and stop the execution.
Screenshots
The following examples suppose having a nuget registry setup as described in https://docs.gitlab.com/ee/user/packages/npm_registry/index.html and a package name DummyProject.DummyPackage
with 3 versions 1.0.0
, 1.0.1
and 1.0.2
.
nuget
$ nuget install DummyProject.DummyPackage -OutputDirectory packages -source locally
Feeds used:
https://gitlab.local:3443/api/v4/projects/1/packages/nuget/index.json
Installing package 'DummyProject.DummyPackage' to 'packages'.
GET https://gitlab.local:3443/api/v4/projects/1/packages/nuget/metadata/dummyproject.dummypackage/index.json
OK https://gitlab.local:3443/api/v4/projects/1/packages/nuget/metadata/dummyproject.dummypackage/index.json 355ms
Attempting to gather dependency information for package 'DummyProject.DummyPackage.1.0.2' with respect to project 'packages', targeting 'Any,Version=v0.0'
Gathering dependency information took 18.1 ms
Attempting to resolve dependencies for package 'DummyProject.DummyPackage.1.0.2' with DependencyBehavior 'Lowest'
Resolving dependency information took 0 ms
Resolving actions to install package 'DummyProject.DummyPackage.1.0.2'
Resolved actions to install package 'DummyProject.DummyPackage.1.0.2'
GET https://gitlab.local:3443/api/v4/projects/1/packages/nuget/download/DummyProject.DummyPackage/1.0.2/dummyproject.dummypackage.1.0.2.nupkg
Retrieving package 'DummyProject.DummyPackage 1.0.2' from 'locally'.
OK https://gitlab.local:3443/api/v4/projects/1/packages/nuget/download/DummyProject.DummyPackage/1.0.2/dummyproject.dummypackage.1.0.2.nupkg 5093ms
Installing DummyProject.DummyPackage 1.0.2.
Adding package 'DummyProject.DummyPackage.1.0.2' to folder '/Users/nuget/packages'
Added package 'DummyProject.DummyPackage.1.0.2' to folder '/Users/nuget/packages'
Successfully installed 'DummyProject.DummyPackage 1.0.2' to packages
Executing nuget actions took 5.19 sec
dotnet
$ dotnet add package DummyProject.DummyPackage
info : Adding PackageReference for package 'DummyProject.DummyPackage' into project '/Users/nuget/nuget_client.csproj'.
info : Restoring packages for /Users/nuget/nuget_client.csproj...
info : CACHE https://gitlab.local:3443/api/v4/projects/1/packages/nuget/download/dummyproject.dummypackage/index.json
info : Package 'DummyProject.DummyPackage' is compatible with all the specified frameworks in project '/Users/nuget/nuget_client.csproj'.
info : PackageReference for package 'DummyProject.DummyPackage' version '1.0.2' added to file '/Users/nuget/nuget_client.csproj'.
info : Committing restore...
info : Generating MSBuild file /Users/nuget/obj/nuget_client.csproj.nuget.g.props.
info : Writing assets file to disk. Path: /Users/nuget/obj/project.assets.json
log : Restore completed in 28.15 sec for /Users/nuget/nuget_client.csproj.
[output truncated to relevant lines]
Visual Studio
This client can't be tested yet as it needs a search service first (see #36505 (closed))
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team