Setting Up a GitLab App
The relevant app and user properties will be provided to Garden Cloud.
Note that you should have an entry for both the
gitlab/callbackendpoint and the
Select the following scopes:
Once the oauth service provider is created, you should get a Secret and an Application ID. You'll need these values during the Garden Cloud installation.
We recommend creating a dedicated user service account for Garden Cloud, enabling 2FA authentication for that user and granting it access to only the repositories that Garden Cloud should have access to. This includes repositories that are referenced as remote sources in your Garden projects. Please make sure to add the user in the role of maintainer to the repositories and/or groups you want to use with Garden Cloud. The maintainer role is necessary, because Garden Cloud needs to create a webhook on each repository added in Garden Cloud.
The access token must have the following scopes:
You can optionally set an expiry date date on the token, in which case you must make sure to update the token in Garden Cloud before it expires. You can update the token via the Replicated admin console.
You'll need this access token when installing Garden Cloud.
You'll need to have the following values at hand when installing Garden Cloud:
- The Oauth application Application ID you received when creating the Oauth application.
- The Oauth application Secret you received when creating the Oauth application.
- The GitLab instance hostname. If you're using hosted GitLab, this is simply gitlab.com
- The GitLab Access Token.
You'll also need to provide a GitLab webhooks secret during the installation that's used internally between Garden Cloud and GitLab. Note that this is only in the context of installing Garden Cloud, you won't find this value in GitLab.