Connect to a GitLab host

This page explains how to connect a GitLab host to Cloud Build.

Before you begin

Enable the Cloud Build and Secret Manager APIs.
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles.
Enable the APIs

Connect to a GitLab host

Before creating a host connection for your GitLab instance, you must create personal access tokens in GitLab by completing the following steps:

Log into your GitLab instance.
On the GitLab page for your instance, click your avatar in the upper-right corner.
Click Edit profile.
On the left sidebar, select Access tokens.

You see the Personal Access Tokens page.
Create an access token with the api scope to use for connecting and disconnecting repositories.
Create an access token with the read_api scope to ensure Cloud Build repositories can access source code in repositories.

Note: In addition to personal access tokens, you can also use project access tokens. If your GitLab version is 14.2 or higher, you can also use group access tokens. If you use project or group access tokens, select the Maintainer role to ensure a successful connection.

Console

To connect your GitLab host to Cloud Build:

Open the Repositories page in the Google Cloud console.

Open the Repositories page

You see the Repositories page.
At the top of the page, select the 2nd gen tab.
In the project selector in the top bar, select your Google Cloud project.
Click Create host connection to connect a new host to Cloud Build.
On the left panel, select GitLab as your source provider.
In the Configure Connection section, enter the following information:
1. Region: Select a region for your connection.
  
  Note: You must specify a region. Your connection cannot exist globally.
2. Name: Enter a name for your connection.
In the Host details section, select or enter the following information:
1. GitLab provider: Select GitLab.com as your provider.
In the Personal access tokens section, enter the following information:
1. API access token: Enter the token with the api scope access. This token is used for connecting and disconnecting repositories.
2. Read API access token: Enter the token with the read_api scope access. Cloud Build triggers use this token to access source code in repositories.
Click Connect.

After clicking the Connect button, your personal access tokens are securely stored in Secret Manager. Following host connection, Cloud Build also creates a webhook secret on your behalf. You can view and manage your secrets on the Secret Manager page.

You have now successfully created a GitLab connection.

gcloud

Prior to connecting your GitLab host to Cloud Build, complete the following steps to store your credentials:

Store your token in Secret Manager.

Create a webhook secret in Secret Manager by running the following command:

 cat /proc/sys/kernel/random/uuid | tr -d '\n' | gcloud secrets create my-gle-webhook-secret --data-file=-

If you store your secrets in a different Google Cloud project than the one you plan to use to create a host connection, enter the following command to grant your project access to the Cloud Build service agent:

PN=$(gcloud projects describe PROJECT_ID --format="value(projectNumber)") CLOUD_BUILD_SERVICE_AGENT="service-${PN}@gcp-sa-cloudbuild.iam.gserviceaccount.com" gcloud projects add-iam-policy-binding PROJECT_ID \  --member="serviceAccount:${CLOUD_BUILD_SERVICE_AGENT}" \  --role="roles/secretmanager.admin"

Where:

PROJECT_ID is your Google Cloud project ID.

You can now proceed to connect your GitLab host to Cloud Build.

Complete the following steps:

To connect your GitLab host to Cloud Build:

Enter the following command to create a GitLab connection:
```
gcloud builds connections create gitlab CONNECTION_NAME \  --host-uri=HOST_URI \  --project=PROJECT_ID \  --region=REGION \  --authorizer-token-secret-version=projects/PROJECT_ID/secrets/API_TOKEN/versions/SECRET_VERSION \  --read-authorizer-token-secret-version=projects/PROJECT_ID/secrets/READ_TOKEN/versions/SECRET_VERSION \  --webhook-secret-secret-version=projects/PROJECT_ID/secrets/WEBHOOK_SECRET/versions/SECRET_VERSION 
```
Where:
- CONNECTION_NAME is a name for your GitLab host connection in Cloud Build.
- HOST_URI is the URI of your GitLab instance. For example, https://my-gle-server.net.
- PROJECT_ID is your Google Cloud project ID.
- REGION is the region for your connection.
- API_TOKEN is the name of your token with apiscope.
- READ_TOKEN is the name of your token with read_apiscope.
- SECRET_VERSION is the version of your secret.
- WEBHOOK_SECRET is your webhook secret.

You have now successfully created a GitLab connection.

What's next

Learn how to connect a GitLab repository.
Learn how to build and deploy your workloads to Google Cloud using Google-managed CI/CD components in your GitLab pipeline. See GitLab on Google Cloud.

Connect to a GitLab host Stay organized with collections Save and categorize content based on your preferences.

Before you begin

Connect to a GitLab host

Console

gcloud

What's next

Connect to a GitLab host