Is your feature request related to a problem? Please describe.
When allow_package_substitution=False is set on a PythonRepository, calling modify() with add_content_units containing 50 packages where 1 has a filename collision (same filename, different sha256), the entire batch of 50 is rejected with ValidationError. The 49 non-conflicting packages are not added.
This makes allow_package_substitution=False impractical for batch operations where packages are copied between repositories in bulk.
Describe the solution you'd like
Instead of rejecting the entire batch, should:
Identify which specific content units have filename/sha256 conflicts with existing content
Remove those conflicting content units from the new version (keep the originals)
Proceed with creating the version containing all non-conflicting content
Report which packages were skipped and why in the task response (filenames, old sha256 vs new sha256)
Additional context
References issue #1162 which added allow_package_substitution. Our use case: we upload rebuilt packages (non-reproducible builds produce different sha256 for the same source) to a test repository, test them, then promote passing packages to a production repository via modify(add_content_units=...). A single conflict in the batch blocks promotion of all packages.
Is your feature request related to a problem? Please describe.
When allow_package_substitution=False is set on a PythonRepository, calling modify() with add_content_units containing 50 packages where 1 has a filename collision (same filename, different sha256), the entire batch of 50 is rejected with ValidationError. The 49 non-conflicting packages are not added.
This makes allow_package_substitution=False impractical for batch operations where packages are copied between repositories in bulk.
Describe the solution you'd like
Instead of rejecting the entire batch, should:
Identify which specific content units have filename/sha256 conflicts with existing content
Remove those conflicting content units from the new version (keep the originals)
Proceed with creating the version containing all non-conflicting content
Report which packages were skipped and why in the task response (filenames, old sha256 vs new sha256)
Additional context
References issue #1162 which added allow_package_substitution. Our use case: we upload rebuilt packages (non-reproducible builds produce different sha256 for the same source) to a test repository, test them, then promote passing packages to a production repository via modify(add_content_units=...). A single conflict in the batch blocks promotion of all packages.