Managing GitLab groups and projects with Terraform

I’ve begun using GitLab to host some of my personal projects on my own domain, sometimes as a mirror of a GitHub repository and sometimes as the primary home of the project.

Configuring the provider

The following Terraform syntax can be used with the public/commercial GitLab.com service or with a self-hosted installation, as long as you have network connectivity and a token with the correct permissions. I’m using the latter.

In my case, I used a Personal Access Token associated with my individual administrative account, with these permissions:

  • api
  • read_user

    variable "gitlab_token" {
    type    = "string"
    default = "hunter2"
    }
    
    variable "gitlab_url" {
    type    = "string"
    default = "https://gitlab.mydomain.com/api/v4/"
    }
    
    provider "gitlab" {
    base_url = "${var.gitlab_url}"
    token    = "${var.gitlab_token}"
    version  = "~> 1.0.0"
    }

If you’d like to keep these out of your source code, Terraform also allows setting variables in shell environment variables by prefixing them with TF_VAR_, as in TF_VAR_gitlab_token and TF_VAR_gitlab_url. You can manage these manually or with a tool like direnv, and keep the latter’s .envrc file in your .gitignore.

Creating a group

resource "gitlab_group" "blogs" {
  name        = "blogs"
  path        = "blogs"
  description = "Public blog repositories"
}

Creating a nested group

I have a group on my GitLab site for infrastructure projects, and a nested group on my site for Helm charts within that infrastructure group. Here’s the Terraform code that manages those two groups and their relationship:

resource "gitlab_group" "infrastructure" {
  name        = "infrastructure"
  path        = "infrastructure"
}

resource "gitlab_group" "helm-charts" {
  name        = "helm-charts"
  path        = "helm-charts"
  parent_id   = "${gitlab_group.infrastructure.id}"
}

Projects created within this child group will appear on the site at paths that look like /infrastructure/helm-charts/foo-chart.

Creating a project within a group

Here’s an example, a mirror of my public blog that is hosted on GitHub as well. Because of the nature of its contents, I’ve disabled most of the extra features offered by GitLab for this particular repository.

resource "gitlab_project" "blogs-shanesveller-dot-com" {
  name                   = "shanesveller-dot-com"
  default_branch         = "master"
  description            = ""
  issues_enabled         = false
  merge_requests_enabled = false
  namespace_id           = "${gitlab_group.blogs.id}"
  snippets_enabled       = false
  visibility_level       = "public"
  wiki_enabled           = false
}

With the highlighted lines in place, the repository path on the site becomes /blogs/shanesveller-dot-com.

Closing Comments

The GitLab provider as of 1.0.0 is missing some API coverage for what GitLab offers, and has some bugs associated with things like a project’s default branch. Often I use git-flow and want to set a project’s default branch to develop, but that feature does not currently seem to work reliably due to this code typo.

Software/Tools Versions

Software Version
GitLab 10.2.4
Terraform 0.10.7
Terraform GitLab Provider 1.0.0
comments powered by Disqus