database: Add trustpub_configs_gitlab table

Turbo87 · Turbo87 · commit 309eb6d4d9e4 · 2025-09-30T14:05:56.000+02:00
diff --git a/crates/crates_io_database/src/schema.patch b/crates/crates_io_database/src/schema.patch
@@ -86,8 +86,8 @@
  diesel::joinable!(readme_renderings -> versions (version_id));
 +diesel::joinable!(recent_crate_downloads -> crates (crate_id));
  diesel::joinable!(trustpub_configs_github -> crates (crate_id));
+ diesel::joinable!(trustpub_configs_gitlab -> crates (crate_id));
  diesel::joinable!(version_downloads -> versions (version_id));
- diesel::joinable!(version_owner_actions -> api_tokens (api_token_id));
 @@ -1140,6 +1152,7 @@
      publish_limit_buckets,
      publish_rate_overrides,
diff --git a/crates/crates_io_database/src/schema.rs b/crates/crates_io_database/src/schema.rs
@@ -799,6 +799,28 @@ diesel::table! {
     }
 }
 
+diesel::table! {
+    /// Trusted Publisher configuration for GitLab CI
+    trustpub_configs_gitlab (id) {
+        /// Unique identifier of the `trustpub_configs_gitlab` row
+        id -> Int4,
+        /// Date and time when the configuration was created
+        created_at -> Timestamptz,
+        /// Unique identifier of the crate that this configuration is for
+        crate_id -> Int4,
+        /// GitLab namespace (user or group) that owns the project
+        namespace -> Varchar,
+        /// GitLab namespace ID, populated on first token exchange for resurrection attack protection
+        namespace_id -> Nullable<Varchar>,
+        /// Name of the GitLab project that this configuration is for
+        project -> Varchar,
+        /// Path to the CI/CD configuration file that will be used to publish the crate
+        workflow_filepath -> Varchar,
+        /// GitLab environment that will be used to publish the crate (if `NULL` the environment is unrestricted)
+        environment -> Nullable<Varchar>,
+    }
+}
+
 diesel::table! {
     /// Temporary access tokens for Trusted Publishing
     trustpub_tokens (id) {
@@ -1137,6 +1159,7 @@ diesel::joinable!(publish_rate_overrides -> users (user_id));
 diesel::joinable!(readme_renderings -> versions (version_id));
 diesel::joinable!(recent_crate_downloads -> crates (crate_id));
 diesel::joinable!(trustpub_configs_github -> crates (crate_id));
+diesel::joinable!(trustpub_configs_gitlab -> crates (crate_id));
 diesel::joinable!(version_downloads -> versions (version_id));
 diesel::joinable!(version_owner_actions -> api_tokens (api_token_id));
 diesel::joinable!(version_owner_actions -> users (user_id));
@@ -1171,6 +1194,7 @@ diesel::allow_tables_to_appear_in_same_query!(
     reserved_crate_names,
     teams,
     trustpub_configs_github,
+    trustpub_configs_gitlab,
     trustpub_tokens,
     trustpub_used_jtis,
     users,
diff --git a/crates/crates_io_database_dump/src/dump-db.toml b/crates/crates_io_database_dump/src/dump-db.toml
@@ -205,6 +205,18 @@ repository_name = "private"
 workflow_filename = "private"
 environment = "private"
 
+[trustpub_configs_gitlab]
+dependencies = ["crates"]
+[trustpub_configs_gitlab.columns]
+id = "private"
+created_at = "private"
+crate_id = "private"
+namespace = "private"
+namespace_id = "private"
+project = "private"
+workflow_filepath = "private"
+environment = "private"
+
 [trustpub_tokens.columns]
 id = "private"
 created_at = "private"
diff --git a/migrations/2025-09-24-104418_add_trustpub_configs_gitlab/down.sql b/migrations/2025-09-24-104418_add_trustpub_configs_gitlab/down.sql
@@ -0,0 +1 @@
+DROP TABLE trustpub_configs_gitlab;
diff --git a/migrations/2025-09-24-104418_add_trustpub_configs_gitlab/up.sql b/migrations/2025-09-24-104418_add_trustpub_configs_gitlab/up.sql
@@ -0,0 +1,20 @@
+CREATE TABLE trustpub_configs_gitlab (
+    id SERIAL PRIMARY KEY,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    crate_id INTEGER NOT NULL REFERENCES crates ON DELETE CASCADE,
+    namespace VARCHAR NOT NULL,
+    namespace_id VARCHAR,
+    project VARCHAR NOT NULL,
+    workflow_filepath VARCHAR NOT NULL,
+    environment VARCHAR
+);
+
+comment on table trustpub_configs_gitlab is 'Trusted Publisher configuration for GitLab CI';
+comment on column trustpub_configs_gitlab.id is 'Unique identifier of the `trustpub_configs_gitlab` row';
+comment on column trustpub_configs_gitlab.created_at is 'Date and time when the configuration was created';
+comment on column trustpub_configs_gitlab.crate_id is 'Unique identifier of the crate that this configuration is for';
+comment on column trustpub_configs_gitlab.namespace is 'GitLab namespace (user or group) that owns the project';
+comment on column trustpub_configs_gitlab.namespace_id is 'GitLab namespace ID, populated on first token exchange for resurrection attack protection';
+comment on column trustpub_configs_gitlab.project is 'Name of the GitLab project that this configuration is for';
+comment on column trustpub_configs_gitlab.workflow_filepath is 'Path to the CI/CD configuration file that will be used to publish the crate';
+comment on column trustpub_configs_gitlab.environment is 'GitLab environment that will be used to publish the crate (if `NULL` the environment is unrestricted)';
