[go: up one dir, main page]
Skip to content

Allow digests request without a file in the cache for Maven virtual registry

Sylvia Shenrequested to merge
571414-allow-digest-request-without-file into master

🛠️ What does this MR do and why?

Currently, Maven Virtual Registries expect a specific request order:

  1. The file itself (e.g., .jar, .pom)
  2. The digests of the file (e.g., .md5, .sha1)

The cache entry is created for step 1, but not for step 2, because the expectation was that step 1 would always be the first request.

However, under some conditions (e.g., when the file already exists in the local Maven cache ~/.m2/repository), Maven clients can skip step 1 and directly request digests to verify file integrity. In this case, we return digest_not_found because no cache entry exists.

This MR implements automatic file caching for Maven Virtual Registries when digest requests are made without the actual file being cached first.

What are done in this MR:

  1. Use Gitlab::Workhorse.send_url to download and return the digest file to the client
  2. Trigger VirtualRegistries::Packages::Maven::DownloadFileWorker to download and cache the actual file (e.g., my_package.pom)

References

N/A

Screenshots or screen recordings

N/A

How to set up and validate locally

  1. Switch to this branch 571414-allow-digest-request-without-file

  2. Enter Rails console and enable feature flags

    Feature.enable(:maven_virtual_registry)
Feature.enable(:ui_for_virtual_registries)

  3. Go to a group, on side bar, select Deploy -> Virtual Registry

  4. If you have a Maven Registry created, go there; otherwise, create one.

  5. Create upstream

    1. Click on the Add upstream button
    2. The required fields are name, url, and cache period. For the URL, you can use https://repo1.maven.org/maven2/.

  6. In rails console, get registry_id and upstream_id. Check if upstream has no cache entries

    upstream = VirtualRegistries::Packages::Maven::Upstream.last
registry = upstream.registries.first
upstream.cache_entries
=> []

  7. Download .sha1 directly via curl

    curl -H "Private-Token: ${TOKEN}" \
 "${GITLAB_URL}/api/v4/virtual_registries/packages/maven/${REGISTRY_ID}/org/apache/commons/commons-lang3/3.12.0/commons-lang3-3.12.0.pom.sha1"
=> 302d01a9279f7a400b1e767be60f12c02a5cf513

  8. Back to rails console and check cache_entries

    upstream.reload
entry = upstream.cache_entries.first
entry.file.read

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #571414

Merge request reports