Skip to content

SCM GitLab

Fábio Luciano edited this page Jun 16, 2026 · 6 revisions

GitLab

Supports gitlab.com (variant: saas) and self-managed (variant: self-managed) — the variant is descriptive; the API is the same.

Actions: commit_status (shows in the MR pipeline widget) · pr_comment (MR notes, supports mode: upsert) · commit_comment · deployment_status (Environments page) · label (add/remove — single atomic update call, labels auto-created).

Authentication

Personal/project access token with api scope:

scm:
  gitlab:
    - name: gitlab
      variant: saas
      enabled: true
      base_url: https://gitlab.com/api/v4
      auth:
        secretRef:
          name: gitlab-token             # Secret key: token

OAuth2 client credentials (self-managed enterprise):

      auth:
        oauth2:
          client_id:
            secretRef:
              name: gitlab-oauth2        # key: client_id
          client_secret:
            secretRef:
              name: gitlab-oauth2        # key: client_secret
          token_url: https://gitlab.company.example.com/oauth/token
          # grant_type: client_credentials   # default; refresh_token also supported (seed refresh_token)

grant_type defaults to client_credentials. refresh_token is also supported (provide a pre-obtained refresh_token); authorization_code is not — the relay exposes no redirect endpoint.

Required annotations

scm.provider = instance name; project identified by scm.repo-id (numeric ID, preferred) or scm.repo-owner + scm.repo-name (path); scm.commit-sha for statuses/commit comments/deployments; scm.pr-number carries the MR IID for notes/labels.

Comment templates

MR/commit-note bodies are optional templates: inline string, configmapRef: {name, key}, or omitted for the built-in "Build <State> for <RunName>" body. The chart ships gitlab-note.tmpl as an opt-in configmapRef example. See Actions → Comment templates are optional.

Notes

  • deployment_status creates deployments on the Environments page; environment = scm.context annotation (default production). pending events are skipped (GitLab's API starts at running).
  • MR notes in upsert mode converge to a single self-updating note per run.
  • Skipped events (missing SHA / unidentifiable project) are logged at warn level with the reason.

Clone this wiki locally