►
From YouTube: Importing NPM packages to GitLab with a CI pipeline
Description
Artifactory import investigation: https://gitlab.com/gitlab-org/gitlab/-/issues/298726.
Importing packages with a CI pipeline idea: https://gitlab.com/gitlab-org/gitlab/-/issues/298726#note_1078330418.
A
A
Okay
is
the
phone
size?
Okay?
Is
it
readable?
Okay?
So
we
do
have
an
ongoing
investigation
about
importing
packages
from
artifactory.
Artifactory
is
a
third
party
package
registry,
where
you
can
post
many
different
package
formats
and
we
have
quite
an
extra
amount
of
customers
asking
for
a
way
to
import
those
packages
to
the
gitlab
package
with
history.
A
So
could
we
have
a
script
that
will
look
at
both
States,
build
a
div
and
then
actually
trigger
another
pipeline
where
one
job
will
do
one
operation,
which
is
actually
either
adding
a
new
package
or
a
removing
one
so
that
at
the
end
of
all
of
these
operations,
the
state
in
the
package,
the
state
in
the
gitlab
package
registry
is
the
like
the
exact
same
one.
Then
the
the
one
of
the
registry
that
we
were
targeting.
A
So
the
short
answer
is
yes,
we
can
do
that,
but
we
are
going
to
dip
a
bit
into
details.
So
I
created
I
created
a
ruby
script
to
help
me
with
this.
This
script
is
basically
built
around
a
configuration
where
we
Define
a
Target
registry
and
well
actually
a
source
registry
and
the
Target
registry
and
the
whole
script
has
commands
to
build
the
the
diff
between
the
source
and
the
Target
and
then
build
all
the
the
jobs
for
the
children
pipelines
for
for
all
the
operations.
A
A
A
It
could
be
the
same
that
could
work
too,
but
I
wanted
to
show
that
we
can
Target
a
different
package
registry,
so
yeah
I'm,
going
to
show
the
the
configuration
of
the
import,
a
quick
note,
I'm
using
gitlab.com
here
so
I'm,
not
using
my
local
gitlab
instance,
I'm,
not
using
any
feature
that
I
added
locally
or
something
that
is
under
development.
It's
just
Center
things
that
are
already
available,
so
we
are.
A
The
static
configuration
of
the
of
the
pipeline,
so
this
one
is
basically
pulling
the
the
script
from
the
first
project
that
I
show
and
set
up
the
script
and
just
starting
the
script
and
and
defining
the
the
files
that
will
trigger
the
dynamic
child
pipelines
so
basically
yeah.
We
can
ignore
this
step.
This
is
just
pulling
the
the
gem
or
the
script
and
and
doing
some
stuff
for
setup.
A
So,
let's
see
the
configuration
of
the
import,
the
script
since
I
I
worked
just
a
few
hours
on
that
is
coped
on
npm
packages.
Only
for
now
and
the
Target
registry
is
only
git
lab,
but
we
could
imagine
to
have
different
Target
types
but
yeah
for
now
it's
on
big
Islam,
so
to
keep
things
super
simple,
this
the
source
package,
which
history
is
actually
npmgs
directly.
It's
not
a
private
registry.
A
A
We
actually
read
the
state
of
npmgs
and
this
defines
additional
filters
on
that
state,
because,
obviously
we
don't
want
to
import
all
npmgs
on
that
project.
It
would
be
perhaps
too
many
packages,
so
we
have
additional
filters
to
select
which
npm
packages
we
want
from
which
version
and
yeah
I
implemented
the
like.
We,
we
can
specify
a
range
of
versions,
so
these
ones
are
actually
the
exact
packages
that
are
currently
living
here.
You
can
see
npm
no
Redwood,
so
they
are
there.
So
I'm
going
to
update
this
configuration.
A
No
okay,
yeah,
let's
I,
think
it's
you
or
ugs,
no
I,
think
it's
you
yeah!
So
we
go
here.
We
see
all
the
versions
history,
let's
say
that
we
want
from
this
version
and
all
the
above
that
one.
So
we
want
it's
real
right.
It's
not
huge!
Yes,
yeah!
It's
you,
the
name
so
view
from
this
version,
so
I'm
going
to
commit
this
change.
This
will
trigger
the
pipeline
and
that
pipeline
will
execute
the
script.
A
A
A
Yeah
it's
here,
so
this
is
the
pipeline
running,
so
we
have
the
pulling
the
discrete
and
and
doing
some
setup.
This
is
the
main
task
where
we
are
going
to
generate
the
the
div
of
the
states
of
the
two
package
registries
and
then
out
of
this
div,
we
are
going
to
generate
two
two,
two
yaml
configs
for
two
pipelines,
one
for
adding
packages
and
one
for
removing
packages
and
those
jobs
are
waiting
for
those
files
to
be
created
so
for
now
the
they
will
not
get
they're
in
waiting
mode.
A
A
A
A
Yeah,
that's
it.
So
here
is
the
summary.
We
are
going
to
remove
all
the
bubble
core
packages
and
we
are
going
to
add
all
the
view.
Npm
packages
and
yeah
you
can.
We
can
say
that
the
the
CI
yaml
file
for
adding
packages
has
been
written
and
the
same
for
removing
it's
here.
So
now
that
we
have
those
two
files,
the
triggers
yeah
I
need
to
refresh
the
page.
The
triggers
have
been
executed
and
those
are
two
new
pipelines
that
are
children
pipelines
of
this
one.
A
A
This
brings
a
lot
of
visibility
on
the
import
operation,
because
each
step
has
its
own
job
with
its
status,
and
we
can
actually
imagine
that
one
of
those
jobs
fails.
We
can
actually
retry
it
or
we
can
actually
see
like
very,
very
quickly
which
one
fail
because
well
here
they
all
pass.
But
if
you
have
a
job
that
fails,
you
will
have
a
new
tabs
here
with
failed
jobs,
and
so
just
clicking
on
that
tab.
You
have
a
summary
of
which
packages
which
steps
of
the
import
failed.
A
We
are
yeah.
We
are
going
to
verify
that
yeah.
It
worked
as
expected,
so
the
package
registry
well
I'm
not
going
to
search
for
view
since
they're
there,
and
if
we
look
for
bubble
call
they
shouldn't
be
there
yeah,
it's
not
there
anymore.
So
we
just
we
just
have
the
the
exhaust.
The
exact
package
registry
state
that
we
wanted
and
that
we
defined
from
the
config
file
that
is
here
from
this.
This
configuration
that's
good.
A
So
actually
you
have
some
changes
in
the
source
package
registry
and-
and
you
want
those
changes
to
be
reflected
in
gitlab
and
actually
mirroring.
We
can
do
this
very
easily
if
we
have
a
pipeline
because
we
can
have
scheduled
pipeline
pipelines
so
pipelines
that
runs
on
a
defined
schedule
like
I,
don't
know
each
hour
or
a
daily
Pipeline,
and
and
so
if
we
let's
say
that
we
run
this
pipeline
nightly
well,
this
python
will
check
on
every
night.
A
It
will
check
the
state
of
the
Target
The
Source
package
registry
generate
the
blah
blah
blah
generate
the
the
operations
that
are
necessary
to
bring
the
Target
registry.
In
this
case,
the
gitlab
package
Regency
to
the
to
the
state
that
we
configured
in
the
config
file,
so
that's
another
bonus
of
using
pipelines-
is
that
mirroring
is
just
one
setup
away
from
happening.
We
just
have
to
set
up
a
a
scheduled
pipeline
that
could
be
recurrent
so
could
be
implemented
very
easily.
A
So
a
lot
of
benefits
of
this
approach,
one
benefit
that
we
didn't
talk
about-
is
that
these
jobs
are
potentially
executed
in
parallel.
So
it's
not
like
we
are
executing
them
in
sequence,
we
get
some
parallelism
in
the
input
steps
and
they
are
all
independent.
So
if
one
job
fails,
that
doesn't
mean
that
another
another
job
will
fail
too,
like
they
are
not
related
at
all.
A
A
A
I
I
choose
to
start
with
npm,
because
I
knew
that
there
is
an
API
that
is
defined
by
the
the
like
npm
client
API,
with
package
Registries.
There
is
an
endpoint
that
will
list
all
the
packages
with
all
the
available
versions,
so
for
npm
is,
is
possible,
for
others
could
be
more
challenging
to
to
get
that.
A
A
What
we
really
need
is
hey
give
me
all
the
packages
that
you
know
and
all
the
versions
that
you
know
so
could
be
challenging
for
some
package
formats,
but
yeah
that
would
that
would
be
to
be
that
that
would
need
to
be
worked
on
on
a
on
a
case-by-case
basis.
I
guess
there
are
other
package
formats
where
they
don't
work
with
package
artifacts
or
package
files,
such
as
composer
composer
packages,
are
actually
git
tags.
A
So
it's
not
exactly
the
same
as
pulling
a
file
from
from
somewhere
and
uploading
that
file
anywhere
else.
It's
not
exactly
that
so
yeah
I'm
I
have
some
doubts
that
this
approach
can
be
applied
to
all
package
formats,
but
it
could
be
worth
to
expand
the
list
of
formats
that
we
could
support
with
this,
and
the
other
downside
I
had
in
mind.
A
Yeah
we
we
would
need
to
to
update
the
script
to
support.
Obviously,
we
need
to
support
private
Registries,
which
means
we
need
to
support
credentials
so,
for
example,
artifactory,
like
a
user,
want
to
import
all
the
npm
packages
from
RT
Factory,
we
will
need
to
support
the
credential.
So
there
is
a
bit
of
of
work
to
improve
things,
but
I
would
say
that
it's
it's
doable.
A
And
lastly,
yeah
one
benefit
I'd
like
to
list
here
is
that
we
could
have
a
project
in
in
Gate
lab
so
like
this
one
that
is
importing
or
moving
packages
from
package
Registries
that
don't
live
in
git
lab.
This
is
I,
don't
know
strange
a
strange
use
case
or
weird,
but
we
could
imagine
having
a
gitlab
project
like
this
one
moving
packages
from
I
don't
know
artifactory
to
something
else,
yeah.
Why
not?
That
would
be
possible.
A
We
could
also
imagine
this
project
moving
packages
between
two
other
gitlab
instances.
Why
not?
That
would
be
possible.
Imagine
that
we
have
to
self-manage
gitlab
instances
and
somehow
they
want
to
move
all
the
packages
from
one
instance
to
a
different
one.
We
could
have
this
project
handling
that
move
or
import
or
mirroring,
depending
on
what
the
the
users
want.
That
would
be
possible,
so
I
would
say
that
it
gives
a
lot
of
flexibility
using
this.