Skip to main content

Installation

This page will help you install Port's GitLab integration (powered by the Ocean framework).

This page outlines the following steps:

  • How to create a GitLab group access token to give the integration permissions to query your GitLab account.
  • How to configure and customize the integration before deploying it.
  • How to deploy the integration in the configuration that fits your use case.
Prerequisites
  • A gitlab account with admin privileges.
  • A gitlab group account with the api scope.
  • If you choose the real time & always on installation method - a kubernetes cluster to install the integration on.
  • Your Port user role is set to Admin.

Creating a GitLab group access token​

A group access token can be used for the group it was generated at, as well as for all sub-groups underneath it.

The GitLab integration is able to query multiple GitLab root groups. To do so, it will require multiple group access tokens, each at the correct root group.

GitLab group access tokens example

For example, let's assume the following GitLab account structure:

GitLab account
.
β”œβ”€β”€ microservices-group
β”‚Β Β  β”œβ”€β”€microservice1-group
β”‚Β Β  └──microservice2-group
β”œβ”€β”€ apis-group
β”‚Β Β  β”œβ”€β”€ rest-api-group
β”‚Β Β  └── graphql-api-group

In this example:

  • To map only the microservices-group, we require one group access token - one for the microservices-group.
  • To map the microservices-group and all of its subgroups, we require only one group access token - one for the microservices-group.
  • To map the microservices-group, the apis-group and all of their subgroups, we require only two group access tokens - one for the microservices-group and one for the apis-group.
  • To map the microservice1-group, we have 2 options:
    • Create a group access token for the microservices-group and use the token mapping to select just the microservice1-group.
    • Create a group access token for the microservice1-group directly.

See the token mapping section for more information.

The following steps will guide you how to create a GitLab group access token.

  1. Sign in to GitLab and go to your desired group's settings page:

  2. In the "Access Tokens" section, you need to provide the token details, including the name and an optional expiration date. Additionally, select the api scope, and then proceed to click on the "Create access token" button.

  3. Click "Create group access token".

  4. Copy the generated token and use it when deploying the integration in the following steps.

Configuring the GitLab integration​

tokenMapping​

The GitLab integration supports fetching data related to specific paths in your GitLab groups. The integration is also able to fetch data from different GitLab parent groups by providing additional group tokens. In order to do so, you need to map the desired paths to the relevant access tokens. The tokenMapping parameter supports specifying the paths that the integration will search for files and information in, using globPatterns.

Mapping format:

{"MY_FIRST_GITLAB_PROJECT_GROUP_TOKEN": ["**/MyFirstGitLabProject/**","**/MySecondGitLabProject/*"]}

Example:

{"glpat-QXbeg-Ev9xtu5_5FsaAQ": ["**/DevopsTeam/*Service", "**/RnDTeam/*Service"]}
Helm installation parameter

When using the tokenMapping parameter in the integration's Helm installation, make sure to escape the necessary characters, for example:

--set integration.secrets.tokenMapping=β€œ\{\β€œglpat-oh1YXc54pR4eofx6hYy5\β€œ: [\β€œ**\β€œ]\}”

Multiple GitLab group access tokens example:

{"glpat-QXbeg-Ev9xtu5_5FsaAQ": ["**/DevopsTeam/*Service", "**/RnDTeam/*Service"],"glpat-xF7Ae-vXu5ts5_QbEgAQ9": ["**/MarketingTeam/*Service"]}

Configuring Realtime webhook events​

Exposing Endpoint for events​

App Host​
tip

The appHost parameter is used specifically to enable the real-time functionality of the integration.

If it is not provided, the integration will continue to function correctly. In such a configuration, to retrieve the latest information from the target system, the scheduledResyncInterval parameter has to be set, or a manual resync will need to be triggered through Port's UI.

In order for the GitLab integration to update the data in Port on every change in the GitLab repository, you need to specify the appHost parameter. The appHost parameter should be set to the url of your GitLab integration instance. In addition, your GitLab instance (whether it is GitLab SaaS or a self-hosted version of GitLab) needs to have the option to send webhook requests to the GitLab integration instance, so please configure your network accordingly.

The default webhook events behavior​

The GitLab integration supports listening to GitLab webhooks and updating the relevant entities in Port accordingly.

Supported webhooks are Group webhooks and System hooks.

As part of the installation process, the integration will create a webhook in your GitLab instance, and will use it to listen to the relevant events.

There are a few points to consider before deciding on which webhook to choose :

  • If you choose system hooks, the integration will create a single webhook for the entire GitLab instance. If you choose group webhooks, the integration will create a webhook for each root group in your GitLab instance, unless you provide the tokenGroupHooksOverrideMapping parameter- and then it will create a webhook for each specified group in this parameter.

  • The system hooks has much less event types than the group webhooks.

    • Group Webhooks supported event types:

      • push_events
      • issues_events
      • jobs_events
      • merge_requests_events
      • pipeline_events
      • releases_events
      • tag_push_events
      • subgroup_events
      • confidential_issues_events
    • System Hooks supported event types:

      • push_events
      • merge_requests_events
      • repository_update_events

      This means that if you choose system hooks, the integration will not be able to update the relevant entities in Port on events such as issues_events, pipeline_events and etc.

  • Creating a system hook requires admin privileges in GitLab. Due to this, the integration supports that the system hook will be created manually, and the integration will use it to listen to the relevant events.

Specific Group Webhooks​

By default, if appHost is provided, the integration will create group webhooks for each root group in your GitLab instance. If you need to create webhooks only for specific groups, you should configure the tokenGroupHooksOverrideMapping parameter.

System Webhooks​

To create a system hook there are two options:

note

In both options you'll need to provide the useSystemHook parameter with the value true.

  1. Provide a token with admin privileges in GitLab using the tokenMapping parameter.
    • When choosing this option, the integration will create the system hook in your GitLab account automatically.
  2. Create the system hook manually
    • Follow the instructions for creating a system hook in GitLab here.
    • In the URL field, provide the appHost parameter value with the path /integration/system/hook. e.g. https://my-gitlab-integration.com/integration/system/hook.
    • From the Triggers section, the GitLab integration currently supports the following events:
      • push
      • merge_request

GitLab System Hook

tokenGroupHooksOverrideMapping​

the integration can support listening to webhooks on specified groups, by configuring the tokenGroupHooksOverrideMapping parameter. this parameter is not required, and when you don't use it, the integration will listen to all of the root groups (if not using useSystemHooks=true)

Mapping format:

{"MY_FIRST_GROUPS_TOKEN": {"groups:"{"MY_FIRST_GROUP_FULL_PATH": {"events": [CHOSEN_EVENT_TYPES]}, "MY_OTHER_GROUP_FULL_PATH": {"events": [CHOSEN_EVENT_TYPES]}}}}

Example:

{"glpat-QXbeg-Ev9xtu5_5FsaAQ": {"groups": {"path/to/my-first-group": {"events": ["push_events", "merge_requests_events]}, "path/to/my-other-group": {"events": ["pipelines_events"]}}}}

You can configure multiple tokens, and multiple groups per token (the token should have admin access to those groups), but there are some rules:

  • All of the tokens mentioned here must be contained in tokenMapping.
  • A "groups" key is required for each token.
  • All of the groups in all of the tokens must be non-hierarchical to each other, and not identical (duplicated).
  • The group path is the full path in gitlab. If a group path is incorrect, the webhook will not be created.
  • The events for each group must match the supported event types mentioned below. if you would like to have all the events provided in the webhook, you can use: {"events" = []}, but not eliminate this key completely, because it is required.

Deploying the GitLab integration​

Choose one of the following installation methods:

Using this installation option means that the integration will be able to update Port in real time using webhooks.

This table summarizes the available parameters for the installation. Set them as you wish in the script below, then copy it and run it in your terminal:

ParameterDescriptionExampleRequired
port.clientIdYour port client idβœ…
port.clientSecretYour port client secretβœ…
integration.secrets.tokenMappingThe token mapping configuration used to query GitLabβœ…
integration.config.appHostThe host of the Port Ocean app. Used to set up the integration endpoint as the target for webhooks created in GitLabhttps://my-ocean-integration.com❌
integration.config.gitlabHost(for self-hosted GitLab) the URL of your GitLab instancehttps://my-gitlab.com❌
integration.secrets.tokenGroupHooksOverrideMappingThe token group hooks override mapping configuration used to create custom webhooks on groups❌

Advanced configuration

ParameterDescription
integration.eventListener.typeThe event listener type. Read more about event listeners
integration.typeThe integration to be installed
scheduledResyncIntervalThe number of minutes between each resync. When not set the integration will resync for each event listener resync event. Read more about scheduledResyncInterval
initializePortResourcesDefault true, When set to true the integration will create default blueprints and the port App config Mapping. Read more about initializePortResources

To install the integration using Helm, run the following command:

helm repo add --force-update port-labs https://port-labs.github.io/helm-charts
helm upgrade --install my-gitlab-integration port-labs/port-ocean \
--set port.clientId="PORT_CLIENT_ID" \
--set port.clientSecret="PORT_CLIENT_SECRET" \
--set port.baseUrl="https://api.getport.io" \
--set initializePortResources=true \
--set scheduledResyncInterval=120 \
--set integration.identifier="my-gitlab-integration" \
--set integration.type="gitlab" \
--set integration.eventListener.type="POLLING" \
--set integration.secrets.tokenMapping="\{\"TOKEN\": [\"GROUP_NAME/**\"]\}"

It is also possible to get Port's UI to generate your installation command for you, Port will inject values such as your Port client ID and client secret directly into the command, making it easier to get started.

Follow these steps to setup the integration through Port's UI:

  1. Click the ingest button in Port Builder Page for the blueprint you want to ingest using GitLab:

    DevPortal Builder ingest button

  2. Select GitLab under the Git providers category:

    DevPortal Builder GitLab option

  3. Copy the helm installation command and set the required configuration;

  4. Run the helm command with the updated parameters to install the integration in your Kubernetes cluster.

Advanced integration configuration

For advanced configuration such as proxies or self-signed certificates, click here.