Merge branch '214429-validate-package-versions' into 'master'

Resolve "Validate package versions" See merge request gitlab-org/gitlab!46191

Merge branch '214429-validate-package-versions' into 'master'
Resolve "Validate package versions" See merge request gitlab-org/gitlab!46191
df31bd0d · Stan Hu · afdc69e9 · 7e14f096 · df31bd0d · df31bd0d
Commit df31bd0d authored Oct 30, 2020 by Stan Hu
4 changed files
--- a/app/models/packages/package.rb
+++ b/app/models/packages/package.rb
@@ -37,12 +37,13 @@ class Packages::Package < ApplicationRecord
  validate :package_already_taken, if: :npm?
  validates :name, format: { with: Gitlab::Regex.conan_recipe_component_regex }, if: :conan?
  validates :name, format: { with: Gitlab::Regex.generic_package_name_regex }, if: :generic?
-  validates :version, format: { with: Gitlab::Regex.semver_regex }, if: :npm?
  validates :version, format: { with: Gitlab::Regex.nuget_version_regex }, if: :nuget?
  validates :version, format: { with: Gitlab::Regex.conan_recipe_component_regex }, if: :conan?
  validates :version, format: { with: Gitlab::Regex.maven_version_regex }, if: -> { version? && maven? }
  validates :version, format: { with: Gitlab::Regex.pypi_version_regex }, if: :pypi?
  validates :version, format: { with: Gitlab::Regex.prefixed_semver_regex }, if: :golang?
+  validates :version, format: { with: Gitlab::Regex.semver_regex }, if: -> { composer_tag_version? || npm? }
  validates :version,
    presence: true,
    format: { with: Gitlab::Regex.generic_package_version_regex },
@@ -174,6 +175,10 @@ class Packages::Package < ApplicationRecord
  private
+  def composer_tag_version?
+    composer? && !Gitlab::Regex.composer_dev_version_regex.match(version.to_s)
+  end
  def valid_conan_package_recipe
    recipe_exists = project.packages
                           .conan

--- a/lib/gitlab/regex.rb
+++ b/lib/gitlab/regex.rb
@@ -22,6 +22,10 @@ module Gitlab
        @composer_package_version_regex ||= %r{^v?(\d+(\.(\d+|x))*(-.+)?)}.freeze
      end
+      def composer_dev_version_regex
+        @composer_dev_version_regex ||= %r{(^dev-)|(-dev$)}.freeze
+      end
      def package_name_regex
        @package_name_regex ||= %r{\A\@?(([\w\-\.\+]*)\/)*([\w\-\.]+)@?(([\w\-\.\+]*)\/)*([\w\-\.]*)\z}.freeze
      end

--- a/spec/lib/gitlab/regex_spec.rb
+++ b/spec/lib/gitlab/regex_spec.rb
@@ -243,6 +243,15 @@ RSpec.describe Gitlab::Regex do
    it { is_expected.not_to match('!!()()') }
  end
+  describe '.composer_dev_version_regex' do
+    subject { described_class.composer_dev_version_regex }
+    it { is_expected.to match('dev-master') }
+    it { is_expected.to match('1.x-dev') }
+    it { is_expected.not_to match('foobar') }
+    it { is_expected.not_to match('1.2.3') }
+  end
  describe '.conan_recipe_component_regex' do
    subject { described_class.conan_recipe_component_regex }

--- a/spec/models/packages/package_spec.rb
+++ b/spec/models/packages/package_spec.rb
@@ -156,6 +156,13 @@ RSpec.describe Packages::Package, type: :model do
        it { is_expected.not_to allow_value('%2e%2e%2f1.2.3').for(:version) }
      end
+      context 'composer package' do
+        it_behaves_like 'validating version to be SemVer compliant for', :composer_package
+        it { is_expected.to allow_value('dev-master').for(:version) }
+        it { is_expected.to allow_value('2.x-dev').for(:version) }
+      end
      context 'maven package' do
        subject { build_stubbed(:maven_package) }