Git repository for a software project with optional GitHub mirror.
Usage
terraform {
required_providers {
gitlab = {
source = "gitlabhq/gitlab"
}
github = {
source = "integrations/github"
}
}
}
provider "gitlab" {
token = local.gitlab_token
}
provider "github" {
token = local.github_token
owner = local.github_organization_name
}
locals {
gitlab_token = "" # Generate this using the instructions below
github_organization_name = "sr2c" # Change this to your organization's name
github_token = "" # Generate this using the instructions below
}
data "gitlab_group" "this" {
group_id = 11925634 # Change this to your organization's GitLab group ID
}
module "projects" {
source = "sr2c/software-project/gitlab"
gitlab_group = data.gitlab_group.this
name = "terraform-null-example"
description = "An example Terraform module (null provider)"
github_mirror = true
github_user = "ExampleMirrorBot"
github_token = local.github_token
}
Generating the GitLab token
To configure GitLab, you will need an access token. GitLab has a variety of scoped access tokens, including personal and group access tokens. Project-level access tokens cannot be used with this module. Create the type of token that is suitable according to your threat model.
Add a name so that you will be reminded of the purpose of this token when you go to look at it later. Your access token will need the “api” scope. The expiry can be set according to your threat model. GitLab will send an email warning to token owners 7 days before expiry allowing you to generate a new token and update your configuration.
Generating the GitHub token
To configure GitHub, you will need a “personal access token”. It is not possible to restrict a token to specific repositories, so it is best to create a machine user and then invite that user to only the repositories that should be accessed to limit the impact of a token disclosure.
To create a token, visit the New personal access token page of the GitHub settings. Add a note so that you will be reminded of the purpose of this token when you go to look at it later. Your access token will need the “repo” OAuth scope.
The expiry can be set according to your threat model. GitHub will send an email warning before the token expires allowing you to generate a new token and update your configuration.
Requirements
| Name | Version |
|---|---|
| terraform | >= 1.0.11 |
| github | >= 5.9.1 |
| gitlab | >= 3.19.0 |
Providers
| Name | Version |
|---|---|
| github | 5.9.1 |
| gitlab | 3.19.0 |
Modules
No modules.
Resources
| Name | Type |
|---|---|
| github_repository.this | resource |
| gitlab_project.this | resource |
| gitlab_project_mirror.this | resource |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| description | The project description. | string | n/a | yes |
| enabled | Set to false to prevent the module from creating any resources | bool | true | no |
| github_mirror | Create a mirror of this project on GitHub. | bool | false | no |
| github_token | The GitHub access token to use for mirroring (required if github_mirror is true). | string | "" | no |
| github_user | The GitHub username to use for mirroring (required if github_mirror is true). | string | "" | no |
| gitlab_group | The ID of the GitLab group in which to create the project. If this is not specified, it will be created in the personal namespace of the authenticated user. | number | null | no |
| name | The project name. | string | n/a | yes |
| shared_runners | Enable shared runners on the GitLab repository. | bool | true | no |
| visibility | The visibility of the project. Allowed values are “public” and “private”. This will apply also to the GitHub mirror if specified to be created. | string | "public" | no |
Outputs
| Name | Description |
|---|---|
| github_repository_git_url | The URL to clone from the GitHub mirror using the git protocol, if created. |
| github_repository_svn_url | The URL to checkout from the GitHub mirror using the Subversion protocol, if created. |
| github_repository_web_url | The web URL for the GitHub mirror, if created. |
| gitlab_project_id | The ID of the GitLab project. |
| gitlab_project_ssh_url | The SSH URL to clone/push this GitLab project. |
| gitlab_project_web_url | The web URL for the GitLab project. |