π Protected environment labels
Problem
Environment labels are used to tag repositories and snapshots across environments (e.g. production, pre-production).
Currently there is no protection mechanism β it is possible to accidentally remove a label, delete a snapshot it references, or modify a repository linked to it.
In production environments, such mistakes can have serious consequences and are difficult to recover from.
Proposed solution
Introduce a protection flag per environment label.
When a label is marked as protected, the following operations must be blocked unless protection is explicitly removed first:
- β Remove the environment label β deletion of a protected label is blocked until protection is lifted.
- β Delete a snapshot used by a protected label β a snapshot referenced by a protected label cannot be removed.
- β Remove a repository linked to that snapshot β the full chain (repository β snapshot β protected label) is guarded.
- β Modify a snapshot that carries a protected label β adding or removing packages from such a snapshot requires removing protection first.
Expected behaviour
An administrator can toggle protection on/off for any environment label from the label settings.
When a protected operation is attempted, the UI and API should return a clear error indicating that the label is protected and protection must be disabled before proceeding.
Use case
Teams managing production and pre-production package repositories need a safety net against accidental changes.
Protecting the prod label ensures that no one can inadvertently alter, remove, or break the state of repositories that production systems depend on.
π Protected environment labels
Problem
Environment labels are used to tag repositories and snapshots across environments (e.g. production, pre-production).
Currently there is no protection mechanism β it is possible to accidentally remove a label, delete a snapshot it references, or modify a repository linked to it.
In production environments, such mistakes can have serious consequences and are difficult to recover from.
Proposed solution
Introduce a protection flag per environment label.
When a label is marked as protected, the following operations must be blocked unless protection is explicitly removed first:
Expected behaviour
An administrator can toggle protection on/off for any environment label from the label settings.
When a protected operation is attempted, the UI and API should return a clear error indicating that the label is protected and protection must be disabled before proceeding.
Use case
Teams managing production and pre-production package repositories need a safety net against accidental changes.
Protecting the
prodlabel ensures that no one can inadvertently alter, remove, or break the state of repositories that production systems depend on.