Use package settings to validate Maven packages
🏛 Context
The GitLab package registry allows users to publish and store Maven (Java) packages to their GitLab projects.
!50104 (merged) added a new table namespace_package_settings
which has two columns (settings):
-
maven_duplicates_allowed
- If true, duplicate Maven packages (same name and version) are allowed to be published to the project. -
maven_duplicate_exception_regex
-If maven_duplicates_allowed
is false, this regex is used to specify any exceptions.
Maven users often will work with what is known as "SNAPSHOT" packages. These are packages that are in development and not yet released, their version is prefixed with "SNAPSHOT", like SNAPSHOT-1.0.0
. They will publish the same package multiple times, then once it is complete, give it the proper semantic version: 1.0.0
.
These new settings allow users to better configure when and if the GitLab package registry rejects duplicate Maven packages.
🔍 What does this MR do?
This MR updates the package model validation to use the namespace package settings when validating a new Maven package.
📷 Screenshots (strongly suggested)
☑ Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry - [-] Documentation (if required)
-
Code review guidelines -
Merge request performance guidelines -
Style guides - [-] Database guides
- [-] Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Related to #276882 (closed)