Connect to a GitLab host

Console

To connect your GitLab host to Cloud Build:

1. Open the Repositories page in the Google Cloud console.

   Open the Repositories page

   You see the Repositories page.

2. At the top of the page, select the 2nd gen tab.

3. In the project selector in the top bar, select your Google Cloud project.

4. Click Create host connection to connect a new host to Cloud Build.

5. On the left panel, select GitLab as your source provider.

6. In the Configure Connection section, enter the following information:

   1. Region: Select a region for your connection.

   2. Name: Enter a name for your connection.

7. In the Host details section, select or enter the following information:

   1. GitLab provider: Select GitLab.com as your provider.

8. In the Personal access tokens section, enter the following information:

   1. API access token: Enter the token with the api scope access. This token is used for connecting and disconnecting repositories.

   2. Read API access token: Enter the token with the read_api scope access. Cloud Build triggers use this token to access source code in repositories.

9. Click Connect.

   After clicking the Connect button, your personal access tokens are securely stored in Secret Manager. Following host connection, Cloud Build also creates a webhook secret on your behalf. You can view and manage your secrets on the Secret Manager page.

You have now successfully created a GitLab connection.

gcloud

Prior to connecting your GitLab host to Cloud Build, complete the following steps to store your credentials:

1. Store your token in Secret Manager.

2. Create a webhook secret in Secret Manager by running the following command:

    cat /proc/sys/kernel/random/uuid | tr -d '\n' | gcloud secrets create my-gle-webhook-secret --data-file=-
   

3. If you store your secrets in a different Google Cloud project than the one you plan to use to create a host connection, enter the following command to grant your project access to the Cloud Build service agent:

   PN=$(gcloud projects describe PROJECT_ID --format="value(projectNumber)")
   CLOUD_BUILD_SERVICE_AGENT="service-${PN}@gcp-sa-cloudbuild.iam.gserviceaccount.com"
   gcloud projects add-iam-policy-binding PROJECT_ID \
     --member="serviceAccount:${CLOUD_BUILD_SERVICE_AGENT}" \
     --role="roles/secretmanager.admin"
   

   Where:

   • PROJECT_ID is your Google Cloud project ID.

You can now proceed to connect your GitLab host to Cloud Build.

Complete the following steps:

To connect your GitLab host to Cloud Build:

1. Enter the following command to create a GitLab connection:

   gcloud builds connections create gitlab CONNECTION_NAME \
     --host-uri=HOST_URI \
     --project=PROJECT_ID \
     --region=REGION \
     --authorizer-token-secret-version=projects/PROJECT_ID/secrets/API_TOKEN/versions/SECRET_VERSION \
     --read-authorizer-token-secret-version=projects/PROJECT_ID/secrets/READ_TOKEN/versions/SECRET_VERSION \
     --webhook-secret-secret-version=projects/PROJECT_ID/secrets/WEBHOOK_SECRET/versions/SECRET_VERSION
   

   Where:

   • CONNECTION_NAME is a name for your GitLab host connection in Cloud Build.
   • HOST_URI is the URI of your GitLab instance. For example, https://my-gle-server.net.
   • PROJECT_ID is your Google Cloud project ID.
   • REGION is the region for your connection.
   • API_TOKEN is the name of your token with apiscope.
   • READ_TOKEN is the name of your token with read_apiscope.
   • SECRET_VERSION is the version of your secret.
   • WEBHOOK_SECRET is your webhook secret.

You have now successfully created a GitLab connection.