Skip to content

Update the maven sync worker

David Fernandez requested to merge 324288-support-versionless-package-in-maven-sync-worker into master

🎈 Context

The maven package registry uses xml files (named maven-metadata.xml) to describe and list the available versions of a given package within the packages registry. A more in depth analysis is available here.

In !55207 (merged), we added a background worker that syncs the versions between the ones existing in the database and the ones that are listed in the most recent maven-metadata.xml file. This way, the xml file can't reference non existing versions.

This xml file is not hosted in the usual Packages::Package record: it is in a record that doesn't have a version set, also called the versionless package. This is expected because the maven-metadata.xml is not bound to a given version but only to a given package name.

!55207 (merged) was deployed on gitlab.com and we discovered that not all the maven artifacts have a versionless package.

This is currently expected by the worker and so, if the versionless package is not present, a sync error is risen. See #324288 (closed).

🔍 What does this MR do?

  • Relax the maven sync worker so that we not finding the versionless package, the worker ends its execution normally
  • Updates the related specs

Screenshots (strongly suggested)

n / a

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by David Fernandez

Merge request reports