Connect to GitLab Enterprise

This page describes how to create connections to GitLab Enterprise and create links to GitLab Enterprise repositories. You can complete these tasks using the Google Cloud console, or the Google Cloud CLI.

These instructions are for application developers, platform administrators, and security managers who want to use GitLab Enterprise source code repositories with Google. Specifically, you can use GitLab Enterprise repositories with Gemini Code Assist.

To learn more about Developer Connect, see Developer Connect overview.

Limitations

To use connected repositories with Gemini Code Assist, your repositories must be accessible through the public internet.

Before you begin

  1. Sign in to your Google Account.

    If you don't already have one, sign up for a new account.

  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Google Cloud project.

  4. Enable the Developer Connect API.

    Enable the API

  5. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  6. Make sure that billing is enabled for your Google Cloud project.

  7. Enable the Developer Connect API.

    Enable the API

  8. Enabling Developer Connect also enables the Secret Manager API.

  9. Ensure that you have access to an account on GitLab Enterprise.

    To help keep your team's work secure, we recommend that you complete the tasks in this guide using a service account or an account shared by your team, not a personal account.

  10. Ensure that you own a GitLab Enterprise repository, or have admin-level permissions on a shared repository.
  11. Optional: Create a key a customer-managed encryption key (CMEK) to encrypt your Secret Manager secrets.
  12. Optional: To use the command-line instructions in this guide, complete the following steps:
    1. Install the Google Cloud CLI. If you've installed gcloud CLI previously, make sure you have the latest available version by running gcloud components update.
    2. Create a Developer Connect service account by running the following command, where PROJECT_ID is your Google Cloud project ID:
              gcloud beta services identity create \
                  --service=developerconnect.googleapis.com \
                  --project=PROJECT_ID
              

Required roles

To get the permissions that you need to create connections and links, ask your administrator to grant you the following IAM roles:

For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

Create access tokens

Create personal access tokens in GitLab by completing the following steps:

  1. Sign in to GitLab.

  2. Follow the instructions in the GitLab documentation to create personal access tokens with the following permissions:

    • One token with api scope for connecting and disconnecting repositories.
    • One token with read_api scope to allow Developer Connect to read source code in your repositories.

Create a connection

This section describes how to create a connection between Developer Connect and GitLab Enterprise. If you're using the Google Cloud console, then you can also start adding links to repositories as you finish setting up your connection.

To create repository links on an existing GitLab Enterprise connection, select one of the following options:

Console

Initiate a connection by completing the following steps:

  1. In the Google Cloud console, open Developer Connect.

    Go to Developer Connect

    Developer Connect displays the Git repositories page.

    • If you see a list of source code management providers: Start configuring your first connection by selecting a source code management provider. Click Connect on the GitLab Enterprise card.
    • If you see a table listing existing connections: Set the source code management provider by clicking Create connection > GitLab Enterprise.

      The Create Connection page opens.

  2. In the Configure details pane, specify the following:

    1. For Region, choose a region for your connection resources.

    2. For Name, enter a name for your new connection.

    3. For Host URL, enter the URL of the host you want to connect to.

  3. In the Personal Access Tokens section, enter the tokens for your account:

    • API access token: Enter the personal access token with api scope.
    • Read API access token: Enter the personal access token with read_api scope.

    You are responsible for ensuring your GitLab tokens remain valid. GitLab tokens have a maximum lifetime of 365 days, unless otherwise specified by the token creator or an administrator. To learn how to manage token expiration settings and notifications, see the GitLab documentation on personal access tokens.

    For more information, see GitLab's documentation on personal access token expiration.

  4. Optional: In the Encryption section, select a CMEK key to encrypt Secret Manager secrets that Developer Connect creates.

  5. Click Continue.

The Link repositories page appears.

  1. In the list of available repositories, select the repositories you want to use.

  2. Click OK.

    Developer Connect displays suggested names for your repository resources.

  3. Select a repository resource naming option:

    • Generated: Use the generated repository resource names.
    • Manual: Input names of your own.
  4. Click Link.

Your connection is added to the Connections page and your repository links are added to the Repositories page in the Google Cloud console. You can add more links to existing connections at any time.

If you're setting up Gemini Code Assist, continue the process by following the steps in Configure and use Gemini Code Assist code customization.

gcloud

  1. Create a webhook secret in Secret Manager by running the following command, where WEBHOOK_SECRET_NAME is a name for your webhook secret:

         cat /proc/sys/kernel/random/uuid | tr -d '\n' | gcloud secrets create WEBHOOK_SECRET_NAME
    
  2. Store your personal access tokens in Secret Manager by running the following commands:

    gcloud secrets create API_SECRET_NAME
    
    echo -n API_SECRET_DATA | gcloud secrets versions add API_SECRET_NAME --data-file=-
    
    gcloud secrets create READ_SECRET_NAME
    
    echo -n READ_SECRET_DATA | gcloud secrets versions add READ_SECRET_NAME --data-file=-
    

    Replace the following:

    • API_SECRET_NAME: a name for the secret that stores the token with api scope.
    • API_SECRET_DATA: the token with api scope, similar to glpat-XXXXXXXXXXXXXXXX.
    • READ_SECRET_NAME: a name for the secret that stores the token with read_api scope.
    • READ_SECRET_DATA: the token with read_api scope, similar to glpat-XXXXXXXXXXXXXXXX.
  3. Initiate a connection to your GitLab account by running the developer-connect connections create command:

    gcloud beta developer-connect connections create CONNECTION_NAME \
        --location=REGION \
        --gitlab-config-read-authorizer-credential-user-token-secret-version=projects/PROJECT_ID/secrets/READ_SECRET_NAME/versions/VERSION \
        --gitlab-config-authorizer-credential-user-token-secret-version=projects/PROJECT_ID/secrets/API_SECRET_NAME/versions/VERSION \
        --gitlab-enterprise-config-host-uri=HOST_URI
        --gitlab-enterprise-config-webhook-secret-version=projects/PROJECT_ID/secrets/WEBHOOK_SECRET_NAME/versions/VERSION
    

    Replace the following:

    • CONNECTION_NAME: the name of your connection.
    • REGION: the region for your connection.
    • PROJECT_ID: your Google Cloud project ID.
    • READ_SECRET_NAME: the name of the Secret Manager secret that contains the token with read_api scope.
    • API_SECRET_NAME: the name of the Secret Manager secret that contains the token with api scope.
    • VERSION: the version number of each secret. This can be latest to use the most recent version number.
    • HOST_URI: the URI for the host you want to connect to.
    • WEBHOOK_SECRET_NAME: the name of the Secret Manager secret that contains your webhook secret.

    Developer Connect completes the connection to GitLab. Next, link to repositories.

Once you have established a connection to GitLab Enterprise, you can link to repositories. You can repeat these steps later to link additional repositories as needed.

To create repository links on an existing GitLab Enterprise connection, select one of the following options:

Console

Create links to repositories by completing the following steps:

  1. Open the Repositories page in the Google Cloud console.

    Open the Repositories page

  2. Click Link repository.

    The Link Git repositories pane opens.

  3. In the connections list, choose a connection.

  4. Click Continue.

  5. In the repositories list, select the repositories you want to link to.

    Developer Connect displays suggested names for your repository resources.

  6. Select a repository resource naming option:

    • Generated: Use the generated repository resource names.
    • Manual: Input names of your own.
  7. Click Create.

Developer Connect creates the repository links and displays them in the Google Cloud console.

gcloud

Link to a GitLab repository by running the following command:

gcloud beta developer-connect connections git-repository-links create REPO_NAME \
    --clone-uri=REPO_URI \
    --connection=CONNECTION_NAME \
    --location=REGION

Replace the following:

  • REPO_NAME: the name for your repository link.
  • REPO_URI: the link to your repository, similar to https://gitlab.com/my-project/test-repo.git.
  • CONNECTION_NAME: the name of your connection.
  • REGION: the region of your connection.

Developer Connect creates the repository links.

To list linked repositories, run the developer-connect connections git-repository-links list command.

If you're setting up Gemini Code Assist, continue the process by following the steps in Configure and use Gemini Code Assist code customization.

What's next