Skip to content

Nuget package content service

David Fernandez requested to merge 10io-nuget-package-content-service into master

What does this MR do?

This MR implements the Package content service on the Nuget API. See https://docs.microsoft.com/en-us/nuget/api/package-base-address-resource.

This API is meant to be used by the nuget client or its relatives, dotnet and Visual Studio.

Relates to: #36506 (closed) and #20050 (closed)

This MR is part of the nuget MVC (See the epic &2271 (closed)). This MR is gated behind this feature flag (scoped by project): nuget_package_registry. This MR doesn't need documentation or a change log entry.

Technical description

As described in the official documentation, the content service has two endpoints:

  • One that given the package name will return all the available versions as json.
  • One that given the package name + version will return the package archive as a download.

One thing to keep in mind is that nuget uses the lower case version of the package name. If the package name is DummyPackage then, on both endpoints, nuget will send dummypackage as the package name.

The relevant finders have been updated to support this "case insensitive" mode.

One last thing, nuget doesn't autofollow 302 Moved redirects. It will interpret those codes as errors and stop the execution.

Screenshots

The following examples suppose having a nuget registry setup as described in https://docs.gitlab.com/ee/user/packages/npm_registry/index.html and a package name DummyProject.DummyPackage with 3 versions 1.0.0, 1.0.1 and 1.0.2.

nuget

$ nuget install DummyProject.DummyPackage -OutputDirectory packages -source locally
Feeds used:
  https://gitlab.local:3443/api/v4/projects/1/packages/nuget/index.json

Installing package 'DummyProject.DummyPackage' to 'packages'.
  GET https://gitlab.local:3443/api/v4/projects/1/packages/nuget/metadata/dummyproject.dummypackage/index.json
  OK https://gitlab.local:3443/api/v4/projects/1/packages/nuget/metadata/dummyproject.dummypackage/index.json 355ms


Attempting to gather dependency information for package 'DummyProject.DummyPackage.1.0.2' with respect to project 'packages', targeting 'Any,Version=v0.0'
Gathering dependency information took 18.1 ms
Attempting to resolve dependencies for package 'DummyProject.DummyPackage.1.0.2' with DependencyBehavior 'Lowest'
Resolving dependency information took 0 ms
Resolving actions to install package 'DummyProject.DummyPackage.1.0.2'
Resolved actions to install package 'DummyProject.DummyPackage.1.0.2'
  GET https://gitlab.local:3443/api/v4/projects/1/packages/nuget/download/DummyProject.DummyPackage/1.0.2/dummyproject.dummypackage.1.0.2.nupkg
Retrieving package 'DummyProject.DummyPackage 1.0.2' from 'locally'.
  OK https://gitlab.local:3443/api/v4/projects/1/packages/nuget/download/DummyProject.DummyPackage/1.0.2/dummyproject.dummypackage.1.0.2.nupkg 5093ms
Installing DummyProject.DummyPackage 1.0.2.
Adding package 'DummyProject.DummyPackage.1.0.2' to folder '/Users/nuget/packages'
Added package 'DummyProject.DummyPackage.1.0.2' to folder '/Users/nuget/packages'
Successfully installed 'DummyProject.DummyPackage 1.0.2' to packages
Executing nuget actions took 5.19 sec

dotnet

$ dotnet add package DummyProject.DummyPackage
info : Adding PackageReference for package 'DummyProject.DummyPackage' into project '/Users/nuget/nuget_client.csproj'.
info : Restoring packages for /Users/nuget/nuget_client.csproj...
info :   CACHE https://gitlab.local:3443/api/v4/projects/1/packages/nuget/download/dummyproject.dummypackage/index.json
info : Package 'DummyProject.DummyPackage' is compatible with all the specified frameworks in project '/Users/nuget/nuget_client.csproj'.
info : PackageReference for package 'DummyProject.DummyPackage' version '1.0.2' added to file '/Users/nuget/nuget_client.csproj'.
info : Committing restore...
info : Generating MSBuild file /Users/nuget/obj/nuget_client.csproj.nuget.g.props.
info : Writing assets file to disk. Path: /Users/nuget/obj/project.assets.json
log  : Restore completed in 28.15 sec for /Users/nuget/nuget_client.csproj.

[output truncated to relevant lines]

Visual Studio

This client can't be tested yet as it needs a search service first (see #36505 (closed))

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Tim Rizzi

Merge request reports

Loading