Skip to content

Fix the `requiring_cleanup` scope in ContainerRepository model

🏗 Context

In !58123 (merged), we changed how background jobs execute cleanup policies. For way more details, check the MR description there.

In that MR, we created a scope in the ContainerRepository model: .requiring_cleanup. That scope is used to select the next ContainerRepository for cleanup.

We introduced a ~bug in that scope: we should not select container repositories that have already been cleaned up for the current cleanup policy run. In other words, when a cleanup policy is executed by the jobs, the linked container repositories should be cleaned up only once.

For that, it's just a matter to compare the cleanup policy next_run_at timestamps with the expiration_policy_started_at field from the container repository (which is set when the cleanup starts).

Basically, we have this:

-------C----------P-----------> Timeline
       ^          ^ 
Cleanup started   Policy next_run_at

The scope should select ContainerRepositorys on the left of P. Once the cleanup is started, ContainerRepository will go to the right hand side of P and those should not be selected by the scope again.

We need also to deal with the edge case where C could be nil, meaning that the cleanup in that container repository was never done for the first time.

Currently, we select container repositories on the left and right side of P. That's the ~bug described in #331121 (closed).

🔬 What does this MR do?

  • Update ContainerRepository.requiring_cleanup scope
  • Update the related specs

📹 Screenshots (strongly suggested)

n / a

📐 Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team

💾 Database review

Update query due to the model change: !62827 (comment 589144447)

Edited by David Fernandez

Merge request reports

Loading