This page describes how to create connections to GitLab Enterprise and create links to GitLab Enterprise repositories. You can complete these tasks using the Google Cloud console, or the Google Cloud CLI.
These instructions are for application developers, platform administrators, and security managers who want to use GitLab Enterprise source code repositories with Google. Specifically, you can use GitLab Enterprise repositories with Gemini Code Assist.
To learn more about Developer Connect, see Developer Connect overview.
Limitations
To use connected repositories with Gemini Code Assist, your repositories must be accessible through the public internet.
Before you begin
-
Sign in to your Google Account.
If you don't already have one, sign up for a new account.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Developer Connect API.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Developer Connect API.
-
Ensure that you have access to an account on GitLab Enterprise.
To help keep your team's work secure, we recommend that you complete the tasks in this guide using a service account or an account shared by your team, not a personal account.
- Ensure that you own a GitLab Enterprise repository, or have admin-level permissions on a shared repository.
- Optional: Create a key a customer-managed encryption key (CMEK) to encrypt your Secret Manager secrets.
- Optional: To use the command-line instructions in this guide, complete the
following steps:
- Install the Google Cloud CLI. If
you've installed gcloud CLI previously, make sure you have
the latest available version by running
gcloud components update
. - Create a Developer Connect service account
by running the following command, where PROJECT_ID is your Google Cloud project ID:
gcloud beta services identity create \ --service=developerconnect.googleapis.com \ --project=PROJECT_ID
- Install the Google Cloud CLI. If
you've installed gcloud CLI previously, make sure you have
the latest available version by running
Enabling Developer Connect also enables the Secret Manager API.
Required roles
To get the permissions that you need to create connections and links, ask your administrator to grant you the following IAM roles:
-
If you aren't the project owner:
Developer Connect Admin (
roles/developerconnect.admin
) on your user account -
If you plan to use a CMEK key:
Cloud KMS CryptoKey Encrypter/Decrypter (
roles/cloudkms.cryptoKeyEncrypterDecrypter
) on your project -
If you plan to use the gcloud CLI steps in this guide:
Secret Manager Admin role (
roles/secretmanager.admin
) on the Developer Connect service agent
For more information about granting roles, see Manage access to projects, folders, and organizations.
You might also be able to get the required permissions through custom roles or other predefined roles.
Create access tokens
Create personal access tokens in GitLab by completing the following steps:
Follow the instructions in the GitLab documentation to create personal access tokens with the following permissions:
- One token with
api
scope for connecting and disconnecting repositories. - One token with
read_api
scope to allow Developer Connect to read source code in your repositories.
- One token with
Create a connection
This section describes how to create a connection between Developer Connect and GitLab Enterprise. If you're using the Google Cloud console, then you can also start adding links to repositories as you finish setting up your connection.
To create repository links on an existing GitLab Enterprise connection, select one of the following options:
Console
Initiate a connection by completing the following steps:
In the Google Cloud console, open Developer Connect.
Developer Connect displays the Git repositories page.
- If you see a list of source code management providers: Start configuring your first connection by selecting a source code management provider. Click Connect on the GitLab Enterprise card.
If you see a table listing existing connections: Set the source code management provider by clicking Create connection > GitLab Enterprise.
The Create Connection page opens.
In the Configure details pane, specify the following:
For Region, choose a region for your connection resources.
For Name, enter a name for your new connection.
For Host URL, enter the URL of the host you want to connect to.
In the Personal Access Tokens section, enter the tokens for your account:
- API access token: Enter the personal access token with
api
scope. - Read API access token: Enter the personal access token with
read_api
scope.
You are responsible for ensuring your GitLab tokens remain valid. GitLab tokens have a maximum lifetime of 365 days, unless otherwise specified by the token creator or an administrator. To learn how to manage token expiration settings and notifications, see the GitLab documentation on personal access tokens.
For more information, see GitLab's documentation on personal access token expiration.
- API access token: Enter the personal access token with
Optional: In the Encryption section, select a CMEK key to encrypt Secret Manager secrets that Developer Connect creates.
Click Continue.
The Link repositories page appears.
In the list of available repositories, select the repositories you want to use.
Click OK.
Developer Connect displays suggested names for your repository resources.
Select a repository resource naming option:
- Generated: Use the generated repository resource names.
- Manual: Input names of your own.
Click Link.
Your connection is added to the Connections page and your repository links are added to the Repositories page in the Google Cloud console. You can add more links to existing connections at any time.
If you're setting up Gemini Code Assist, continue the process by following the steps in Configure and use Gemini Code Assist code customization.
gcloud
Create a webhook secret in Secret Manager by running the following command, where WEBHOOK_SECRET_NAME is a name for your webhook secret:
cat /proc/sys/kernel/random/uuid | tr -d '\n' | gcloud secrets create WEBHOOK_SECRET_NAME
Store your personal access tokens in Secret Manager by running the following commands:
gcloud secrets create API_SECRET_NAME echo -n API_SECRET_DATA | gcloud secrets versions add API_SECRET_NAME --data-file=- gcloud secrets create READ_SECRET_NAME echo -n READ_SECRET_DATA | gcloud secrets versions add READ_SECRET_NAME --data-file=-
Replace the following:
- API_SECRET_NAME: a name for the secret that stores
the token with
api
scope. - API_SECRET_DATA: the token with
api
scope, similar toglpat-XXXXXXXXXXXXXXXX
. - READ_SECRET_NAME: a name for the secret that stores
the token with
read_api
scope. - READ_SECRET_DATA: the token with
read_api
scope, similar toglpat-XXXXXXXXXXXXXXXX
.
- API_SECRET_NAME: a name for the secret that stores
the token with
Initiate a connection to your GitLab account by running the
developer-connect connections create
command:gcloud beta developer-connect connections create CONNECTION_NAME \ --location=REGION \ --gitlab-config-read-authorizer-credential-user-token-secret-version=projects/PROJECT_ID/secrets/READ_SECRET_NAME/versions/VERSION \ --gitlab-config-authorizer-credential-user-token-secret-version=projects/PROJECT_ID/secrets/API_SECRET_NAME/versions/VERSION \ --gitlab-enterprise-config-host-uri=HOST_URI --gitlab-enterprise-config-webhook-secret-version=projects/PROJECT_ID/secrets/WEBHOOK_SECRET_NAME/versions/VERSION
Replace the following:
- CONNECTION_NAME: the name of your connection.
- REGION: the region for your connection.
- PROJECT_ID: your Google Cloud project ID.
- READ_SECRET_NAME: the name of the
Secret Manager secret that contains the token
with
read_api
scope. - API_SECRET_NAME: the name of the
Secret Manager secret that contains the token
with
api
scope. - VERSION: the version number of each secret. This
can be
latest
to use the most recent version number. - HOST_URI: the URI for the host you want to connect to.
- WEBHOOK_SECRET_NAME: the name of the Secret Manager secret that contains your webhook secret.
Developer Connect completes the connection to GitLab. Next, link to repositories.
Link to repositories using an existing connection
Once you have established a connection to GitLab Enterprise, you can link to repositories. You can repeat these steps later to link additional repositories as needed.
To create repository links on an existing GitLab Enterprise connection, select one of the following options:
Console
Create links to repositories by completing the following steps:
Open the Repositories page in the Google Cloud console.
Click Link repository.
The Link Git repositories pane opens.
In the connections list, choose a connection.
Click Continue.
In the repositories list, select the repositories you want to link to.
Developer Connect displays suggested names for your repository resources.
Select a repository resource naming option:
- Generated: Use the generated repository resource names.
- Manual: Input names of your own.
Click Create.
Developer Connect creates the repository links and displays them in the Google Cloud console.
gcloud
Link to a GitLab repository by running the following command:
gcloud beta developer-connect connections git-repository-links create REPO_NAME \
--clone-uri=REPO_URI \
--connection=CONNECTION_NAME \
--location=REGION
Replace the following:
- REPO_NAME: the name for your repository link.
- REPO_URI: the link to your repository, similar
to
https://gitlab.com/my-project/test-repo.git
. - CONNECTION_NAME: the name of your connection.
- REGION: the region of your connection.
Developer Connect creates the repository links.
To list linked repositories, run the
developer-connect connections git-repository-links list
command.
If you're setting up Gemini Code Assist, continue the process by following the steps in Configure and use Gemini Code Assist code customization.
What's next
- Finish setting up Gemini Code Assist code customization.
- Learn how Gemini Code Assist helps you accelerate software development.
- Explore other integrations available through Developer Connect.