Skip to content

papanito/terraform-gitlab-generic

BranchesTags

Repository files navigation

tf-module-gitlab

Terraform module to simplify gitlab setup of groups and projects.

Requirements

Name Version
terraform >= 1.10.0, < 2.0.0
gitlab >= 18.0.0, < 19.0.0

Providers

Name Version
gitlab >= 18.0.0, < 19.0.0

Modules

No modules.

Resources

Name Type
gitlab_group.groups resource
gitlab_group_label.labels resource
gitlab_project.repositories resource
gitlab_groups.groups data source

Inputs

Name Description Type Default Required
groups List of repositories. The list is written in a "generic" way, so we can use it for gitlab, github, .....
Each entry contains

  • description: (String) Description of the repo

  • avatar: (String) File name of the avatar, assoumes it's in a subfolder resources

  • visibility_level: (String) Set to public to create a public project. Valid values are private, internal, public.

  • gitlab: (Boolean) if the repo shal be created in gitlab.

  • github: (Boolean) if the repo shal be created in github.

  • auto_devops_enabled: (Boolean)
    Default to Auto DevOps pipeline for all projects within this group.

  • emails_enabled: (Boolean) Enable email notifications.

  • default_branch: (String) Initial
    Default branch name.

  • extra_shared_runners_minutes_limit: (Number) Additional CI/CD minutes for this group.

  • two_factor_grace_period: (Number) Time before Two-factor authentication is enforced (in hours).

  • ip_restriction_ranges: (List of String) A list of IP addresses or subnet masks to restrict group access. Will be concatenated together into a comma separated string. Only allowed on top level groups.
  • lfs_enabled: (Boolean) Enable/disable Large File Storage (LFS) for the projects in this group.

  • membership_lock: (Boolean) Users cannot be added to projects in this group.

  • mentions_disabled: (Boolean) Disable the capability of a group from getting mentioned.

  • path: (String) Override path. This might be necessary to avoid duplication.
    Default is the keyname of the the group element

  • parent_name: "key" of the parent group from the group map

  • prevent_forking_outside_group: (Boolean) When enabled, users can not fork projects from this group to external namespaces.

  • request_access_enabled: (Boolean) Allow users to request member access.

  • require_two_factor_authentication: (Boolean) Require all users in this group to setup Two-factor authentication.

  • share_with_group_lock: (Boolean) Prevent sharing a project with another group within this group.

  • project_creation_level: (String) Determine if developers can create projects in the group. Valid values are: noone, owner, maintainer, developer.

  • subgroup_creation_level: String) Allowed to create subgroups. Valid values are: owner, maintainer.
    • <br/><li>wiki_access_level: (String) The group's wiki access level. Only available on Premium and Ultimate plans. Valid values are disabled, private, enabled.</li><br/><li>default_branch_protection_defaults: (Block List, Max: 1) The default branch protection defaults </li><br/><li>: (Boolean) if the repo shal be created in github.
    		 
    map(object({
        name             = optional(string)
        description      = string
        avatar           = optional(string)
        visibility_level = string

        auto_devops_enabled                = optional(bool, false)
        emails_enabled                     = optional(bool, false)
        default_branch                     = optional(string, "main")
        extra_shared_runners_minutes_limit = optional(number, 0)
        two_factor_grace_period            = optional(number, 24)
        require_two_factor_authentication  = optional(bool, true)
        ip_restriction_ranges              = optional(list(string), [])
        lfs_enabled                        = optional(bool, true)
        membership_lock                    = optional(bool, true)
        mentions_disabled                  = optional(bool, false)
        path                               = optional(string)
        parent_name                        = optional(string, null)
        prevent_forking_outside_group      = optional(bool, false)
        request_access_enabled             = optional(bool, false)
        share_with_group_lock              = optional(bool, true)
        project_creation_level             = optional(string, "owner")
        subgroup_creation_level            = optional(string, "owner")
        wiki_access_level                  = optional(string, "private")
        default_branch_protection_defaults = optional(object({
          allow_force_push           = bool
          allowed_to_merge           = list(string) # developer, maintainer, no one.
          allowed_to_push            = list(string) # developer, maintainer, no one.
          developer_can_initial_push = bool
          }),
          {
            allow_force_push           = true
            allowed_to_merge           = ["maintainer"]
            allowed_to_push            = ["maintainer"]
            developer_can_initial_push = true
        })
        labels = optional(map(object({
          description = string
          color       = string
        })), {})
      }))
    		 n/a yes
    repositories List of repositories. The list is written in a "generic" way, so we can use it for gitlab, github, .....
    Each entry contains

    • description: (String)Description of the repo

    • avatar: (String) File name of the avatar, assoumes it's in a subfolder resources

    • gitlab: (Boolean) if the repo shal be created in gitlab.

    • github: (Boolean) if the repo shal be created in github.

    • archived: (Boolean) if repo is marked as archived.

    • free_tier: (Boolean) if repo is marked as free-tier, then we ignore features related to licensed versions only.

    • access_level: (Object) object that contains access level

    • approvals_before_merge: Number) Number of merge request approvals required for merging.>


    Access Config access_level

    Object contains a list of string. Valid values are disabled, private, enabled.

    • overall: If specific setting below no specified, this setting is taken

    • analytics: Set the analytics access level.

    • builds: Set the builds access level.

    • container_registry: Set visibility of container registry, for this project

    • environments: Set the environments access level

    • feature_flags: Set the feature flags access level

    • forking: Set the forking access level.

    • infrastructure: Set the infrastructure access level

    • issues: Enable issue tracking for the project

    • merge_requests: Set the merge requests access level

    • monitor: Set the monitor access level.

    • packages: Enable packages repository for the project

    • pages: Enable pages access control.

    • releases: Set the releases access level.

    • repository: Set the repository access level.

    • requirements: Set the requirements access level

    • snippets: Set the snippets access level.

    • security_and_compliance:

    • visibility_level: Set to public to create a public project. Valid values are private, internal, public.
    • wiki: Set the wiki access level


    **Pipeline config ci_config **

    • ci_config_path (String) Custom Path to CI config file.

    • ci_default_git_depth (Number) Default number of revisions for shallow cloning.

    • ci_delete_pipelines_in_seconds (Number) Pipelines older than the configured time are deleted.

    • ci_forward_deployment_enabled (Boolean) When a new deployment job starts, skip older deployment jobs that are still pending.

    • ci_id_token_sub_claim_components (List of String) Fields included in the sub claim of the ID Token. Accepts an array starting with project_path. The array might also include ref_type and ref. Defaults to ["project_path", "ref_type", "ref"]. Introduced in GitLab 17.10.

    • ci_pipeline_variables_minimum_override_role (String) The minimum role required to set variables when running pipelines and jobs. Introduced in GitLab 17.1. Valid values are developer, maintainer, owner, no_one_allowed

    • ci_restrict_pipeline_cancellation_role (String) The role required to cancel a pipeline or job. Premium and Ultimate only. Valid values are developer, maintainer, no one

    • ci_separated_caches (Boolean) Use separate caches for protected branches.

    • restrict_user_defined_variables (Boolean) Allow only users with the Maintainer role to pass user-defined variables when triggering a pipeline.



    Remarks

    public_jobs will be set according to builds access level    		 
    map(object({
        name                   = optional(string)
        description            = string
        free_tier              = optional(bool, true)
        group_name             = optional(string)
        avatar                 = optional(string)
        gitlab                 = optional(bool, false)
        github                 = optional(bool, false)
        archived               = optional(bool, false)
        approvals_before_merge = optional(number, 1)
        access_level = object({
          overall                 = string
          analytics               = string
          builds                  = string
          container_registry      = string
          environments            = string
          feature_flags           = string
          forking                 = string
          infrastructure          = string
          issues                  = string
          merge_requests          = string
          monitor                 = string
          packages                = string
          pages                   = string
          releases                = string
          repository              = string
          requirements            = string
          snippets                = string
          security_and_compliance = string
          visibility_level        = string
          wiki                    = string
        })
        ci_config = optional(object({
          ci_config_path                              = optional(string)
          ci_default_git_depth                        = optional(number, 20)
          ci_delete_pipelines_in_seconds              = optional(number, 31536000)
          ci_forward_deployment_enabled               = optional(bool, true)
          ci_restrict_pipeline_cancellation_role      = optional(string, "maintainer")
          ci_pipeline_variables_minimum_override_role = optional(string, "no_one_allowed")
          ci_separated_caches                         = optional(bool, true)
          restrict_user_defined_variables             = optional(bool, true)
        }))
        labels = optional(map(object({
          name        = string
          description = string
          color       = string
        })), {})
        default_branch = optional(string)
        import_url     = optional(string)
        tags           = list(string)
        }
      ))
    		 n/a yes

    Outputs

    Name Description
    group_labels n/a
    groups n/a

    About

    [MIRROR] Terraform module for managing gitlab

    gitlab.com/wyssmann/terraform/terraform-gitlab-generic

    Topics

    gitlab terraform terraform-module

    Resources

    Readme

    License

    Apache-2.0 license
    Activity

    Stars

    0 stars

    Watchers

    0 watching

    Forks

    0 forks
    Report repository

    Releases

    22 tags

    Packages

     
     
     

    Contributors

    Languages