GitLab Settings Enforcer
Enforces GitLab project settings by reading a config file and talking to
the GitLab API(s).
Usage
T.B.D.
Configuration
Configuration of project interaction is currently possible via JSON files
providing a Config object. The config object has the following fields:
Field |
Type |
Required |
Content |
Default |
group_name |
string |
yes |
The path of the root group (e.g. example or some/nested/example ) |
|
project_blacklist |
[]string |
no |
A list of projects to blacklist (cannot be set when project_whitelist is used) |
[] |
project_whitelist |
[]string |
no |
A list of projects to whitelist (cannot be set when project_blacklist is used) |
[] |
create_default_branch |
bool |
no |
Whether the default branch configured in project_settings.default_branch should be created if it doesn't exist |
|
protected_branches |
[]ProtectedBranch |
no |
A list of branches to protect, together with the infos which roles are allowed to merge or push. |
|
approval_settings |
Object |
no |
The gitlab project approval settings to change. Possible keys |
|
project_settings |
Object |
no |
The gitlab project settings to change. Possible keys |
|
compliance |
Object |
no |
The compliance configuration. |
|
ProtectedBranch
Field |
Type |
Required |
Content |
name |
string |
yes |
The name of the branch to protect |
push_access_level |
string |
yes |
Which role is allowed to push (possible values: maintainer , developer , noone ) |
merge_access_level |
string |
yes |
Which role is allowed to merge (possible values: maintainer , developer , noone ) |
Compliance
Field |
Type |
Required |
Content |
mandatory |
Object |
yes |
Setting names, and their values following the sync naming schema |
Env vars
To control the GitLab API endpoint and the authentication as well as further
internal flags please use the following env vars:
Name |
Required |
Description |
Default |
GITLAB_ENDPOINT |
no |
Only override when using GitLab on premise, set this to your GitLab Server Domain |
(gitlab.com) |
GITLAB_TOKEN |
yes |
The GitLab API token used for authentication |
|
VERBOSE |
no |
Enables debug logging when enabled |
false |
Config Example
An example SYNC config might look like the following:
{
"group_name": "example",
"project_blacklist": [
"example/path-to/ignored-project"
],
"project_whitelist": [],
"create_default_branch": true,
"protected_branches": [
{ "name": "develop", "push_access_level": "maintainer", "merge_access_level": "developer"},
{ "name": "master", "push_access_level": "maintainer", "merge_access_level": "developer"}
],
"approval_settings": {
"disable_overriding_approvers_per_merge_request": false,
"merge_requests_author_approval": false,
"merge_requests_disable_committers_approval": true,
"reset_approvals_on_push": true
},
"project_settings": {
"default_branch": "develop",
"issues_enabled": true,
"merge_requests_enabled": true,
"jobs_enabled": true,
"wiki_enabled": false,
"snippets_enabled": false,
"resolve_outdated_diff_discussions": true,
"container_registry_enabled": true,
"shared_runners_enabled": false,
"only_allow_merge_if_pipeline_succeeds": false,
"only_allow_merge_if_all_discussions_are_resolved": true,
"merge_method": "merge",
"public_builds": false,
"lfs_enabled": true,
"request_access_enabled": false,
"tag_list": [],
"printing_merge_request_link_enabled": true,
"ci_config_path": null,
"approvals_before_merge": 1
}
}
An example COMPLIANCE config might look like the following:
{
"compliance": {
"mandatory": {
"approval_settings": {
"reset_approvals_on_push": false
},
"project_settings": {
"resolve_outdated_diff_discussions": false
}
}
}
}
License
MIT License
Copyright (c) 2019 Scalify GmbH
Copyright (c) 2019 Eric Rinker