GitlabProject
Creates or mutates a GitLab project.
Schema
GitlabProjectResource
| property | type | description |
|---|---|---|
| version | string, required | Version of Frigg to use. Should be 1. |
| kind | GitlabProject, required | Kind of resource you want to specify |
| metadata | object, required | Data used by Frigg internally |
| metadata.name | string, required | Name used to reference this resource from other resources |
| metadata.configDefaults | string, required | Name of the GitlabDefaults resource to use to resolve default configuration. |
| metadata.id | number, optional | Numeric ID of the Gitlab project. Specify this when you want to start managing an already existing project using Frigg. |
| spec | object, required | State you want the resource to have |
| spec.name | string, required | Name of the project in GitLab |
| spec.group | string, required | Name of the parent group |
| spec.config | GitlabProjectConfig, optional | Leave undefined if you want to fully use configDefaults.projectConfig instead. |
| spec.approvalsConfig | GitlabApprovalsConfig, optional | Leave undefined if you want to fully use configDefaults.approvalsConfig instead. |
| spec.approvalRules | GitlabApprovalRule array, optional | Leave undefined if you want to fully use configDefaults.approvalRules instead. |
| spec.pushRules | GitlabPushRule, optional | Leave undefined if you want to fully use configDefaults.pushRules instead. |
| spec.protectedBranches | GitlabProtectedBranch array, optional | Leave undefined if you want to fully use configDefaults.protectedBranches instead. |
| spec.members | GitlabMember array, optional | Array containing the group’s members. |
| spec.sharedWithGroups | SharedWithGroup array, optional | Array containing the groups that this group is shared with. |
GitlabProjectConfig
All properties are optional. Any undefined properties will default to the specified configDefaults.projectConfig of the referenced GitlabDefaults.
For detailed info about the properties, please reference GitLab’s documentation.
| property | type |
|---|---|
| allowMergeOnSkippedPipeline | boolean, optional |
| allowPipelineTriggerApproveDeployment | boolean, optional |
| analyticsAccessLevel | disabled | private | enabled, optional |
| autoCancelPendingPipelines | enabled | disabled, optional |
| autoDevopsDeployStrategy | continuous | manual | timed_incremental, optional |
| autoDevopsEnabled | boolean, optional |
| autocloseReferencedIssues | boolean, optional |
| buildGitStrategy | string, optional |
| buildTimeout | number, optional |
| buildsAccessLevel | disabled | private | enabled, optional |
| ciAllowForkPipelinesToRunInParentProject | boolean, optional |
| ciConfigPath | string, optional |
| ciDefaultGitDepth | number, optional |
| ciForwardDeploymentEnabled | boolean, optional |
| ciSeparatedCaches | boolean, optional |
| containerExpirationPolicyAttributes | object, optional |
| containerExpirationPolicyAttributes.cadence | string, optional |
| containerExpirationPolicyAttributes.enabled | boolean, optional |
| containerExpirationPolicyAttributes.keepN | number, optional |
| containerExpirationPolicyAttributes.nameRegexDelete | string, optional |
| containerExpirationPolicyAttributes.nameRegexKeep | string, optional |
| containerExpirationPolicyAttributes.nameRegexKeep | olderThan, optional |
| containerRegistryAccessLevel | disabled | private | enabled, optional |
| defaultBranch | string, optional |
| description | string, optional |
| emailsEnabled | boolean, optional |
| enforceAuthChecksOnUploads | boolean, optional |
| externalAuthorizationClassificationLabel | string, optional |
| featureFlagsAccessLevel | disabled | private | enabled, optional |
| forkingAccessLevel | disabled | private | enabled, optional |
| groupRunnersEnabled | boolean, optional |
| infrastructureAccessLevel | disabled | private | enabled, optional |
| issueBranchTemplate | string, optional |
| issuesAccessLevel | disabled | private | enabled, optional |
| issuesTemplate | string, optional |
| keepLatestArtifact | boolean, optional |
| lfsEnabled | boolean, optional |
| mergeCommitTemplate | string, optional |
| mergeMethod | merge | rebase_merge | ff, optional |
| mergePipelinesEnabled | boolean, optional |
| mergeRequestsAccessLevel | disabled | private | enabled, optional |
| mergeRequestsTemplate | string, optional |
| mergeTrainsEnabled | boolean, optional |
| mirror | boolean, optional |
| monitorAccessLevel | disabled | private | enabled, optional |
| onlyAllowMergeIfAllDiscussionsAreResolved | boolean, optional |
| onlyAllowMergeIfPipelineSucceeds | boolean, optional |
| packagesEnabled | boolean, optional |
| pagesAccessLevel | disabled | private | enabled | public, optional |
| printingMergeRequestLinkEnabled | boolean, optional |
| releasesAccessLevel | disabled | private | enabled, optional |
| removeSourceBranchAfterMerge | boolean, optional |
| repositoryAccessLevel | disabled | private | enabled, optional |
| requestAccessEnabled | boolean, optional |
| requirementsAccessLevel | disabled | private | enabled, optional |
| resolveOutdatedDiffDiscussions | boolean, optional |
| restrictUserDefinedVariables | boolean, optional |
| securityAndComplianceAccessLevel | disabled | private | enabled, optional |
| serviceDeskEnabled | boolean, optional |
| sharedRunnersEnabled | boolean, optional |
| snippetsAccessLevel | disabled | private | enabled, optional |
| squashCommitTemplate | string, optional |
| squashOption | never | always | default_on | default_off, optional |
| suggestionCommitMessage | string, optional |
| topics | string array, optional |
| visibility | public | internal | private, optional |
| wikiAccessLevel | disabled | private | enabled, optional |
GitlabApprovalsConfig
All properties are optional. Any undefined properties will default to the specified configDefaults.approvalsConfig of the referenced GitlabDefaults.
For detailed info about the properties, please reference GitLab’s documentation.
| property | type |
|---|---|
| resetApprovalsOnPush | boolean, optional |
| disableOverridingApproversPerMergeRequest | boolean, optional |
| mergeRequestsAuthorApproval | boolean, optional |
| mergeRequestsDisableCommittersApproval | boolean, optional |
| requirePasswordToApprove | boolean, optional |
GitlabApprovalRule
Only if the project’s spec.approvalRules entire array is left undefined will the configDefaults.approvalsConfig of the referenced GitlabDefaults be used.
For detailed info about the properties, please reference GitLab’s documentation.
| property | type |
|---|---|
| name | string, required |
| approvalsRequired | number, required |
| ruleType | any_approval | regular | report_approver, required |
| appliesToAllProtectedBranches | boolean, required |
| usernames | string array, optional |
| groupIds | string array, optional |
| protectedBranchIds | number array, required when appliesToAllProtectedBranches=false |
| reportType | report_approver | code_coverage, optional |
GitlabPushRule
All properties are optional. Any undefined properties will default to the specified configDefaults.pushRules of the referenced GitlabDefaults.
For detailed info about the properties, please reference GitLab’s documentation.
| Property | Type |
|---|---|
| authorEmailRegex | string, optional |
| branchNameRegex | string, optional |
| commitMessageRegex | string, optional |
| commitMessageNegativeRegex | string, optional (Due to a known issue, this parameter does not work properly, which is currently being worked on) |
| denyDeleteTag | boolean, optional |
| fileNameRegex | string, optional |
| maxFileSize | number, optional |
| memberCheck | boolean, optional |
| preventSecrets | boolean, optional |
| commitCommitterCheck | boolean, optional |
| rejectUnsignedCommits | boolean, optional |
GitlabProtectedBranch
Only if the project’s spec.protectedBranches entire array is left undefined will the configDefaults.protectedBranches of the referenced GitlabDefaults be used.
For detailed info about the properties, please reference GitLab’s documentation.
| property | type |
|---|---|
| name | string, required |
| allowForcePush | boolean, required |
| codeOwnerApprovalRequired | boolean, required |
| mergeAccessLevels | no_one | developer | maintainer, nullable |
| pushAccessLevels | no_one | developer | maintainer, nullable |
| unprotectedAccessLevels | no_one | developer | maintainer, nullable |
GitlabMember
| property | type | description |
|---|---|---|
| name | string, required | Name of the user in the Users resource. |
| accessLevel | no_access | minimal_access | guest | reporter | developer | maintainer | owner, required | The access level of the user. |
SharedWithGroup
| property | type | description |
|---|---|---|
| name | string, required | Metadata name of the group you want to share this group with. |
| accessLevel | no_access | minimal_access | guest | reporter | developer | maintainer | owner, required | The access level of the group. |
Example
The following example includes all possible properties for GitlabGroupConfig and GitlabApprovalsConfig. Furthermore, an example GitlabApprovalRule array is included.
version: '1'
kind: GitlabProject
metadata:
name: example_project
configDefaults: GitlabDefaults
spec:
name: Example Project
group: example_group
config:
allowMergeOnSkippedPipeline: false
allowPipelineTriggerApproveDeployment: false
analyticsAccessLevel: enabled
autoCancelPendingPipelines: enabled
autoDevopsDeployStrategy: continuous
autoDevopsEnabled: false
autocloseReferencedIssues: true
buildGitStrategy: fetch
buildTimeout: 3600
buildsAccessLevel: enabled
ciAllowForkPipelinesToRunInParentProject: true
ciConfigPath: ''
ciDefaultGitDepth: 20
ciForwardDeploymentEnabled: true
ciSeparatedCaches: true
containerExpirationPolicyAttributes:
cadence: 1d
enabled: false
keepN: 10
nameRegexDelete: .*
nameRegexKeep: ''
olderThan: 90d
containerRegistryAccessLevel: enabled
defaultBranch: main
description: ''
emailsEnabled: false
enforceAuthChecksOnUploads: true
externalAuthorizationClassificationLabel: ''
featureFlagsAccessLevel: enabled
forkingAccessLevel: enabled
groupRunnersEnabled: true
infrastructureAccessLevel: enabled
issueBranchTemplate: ''
issuesAccessLevel: enabled
issuesTemplate: ''
keepLatestArtifact: true
lfsEnabled: true
mergeCommitTemplate: ''
mergeMethod: ff
mergePipelinesEnabled: true
mergeRequestsAccessLevel: private
mergeRequestsTemplate: ''
mergeTrainsEnabled: false
mirror: false
monitorAccessLevel: enabled
onlyAllowMergeIfAllDiscussionsAreResolved: true
onlyAllowMergeIfPipelineSucceeds: true
packagesEnabled: true
pagesAccessLevel: private
printingMergeRequestLinkEnabled: true
releasesAccessLevel: enabled
removeSourceBranchAfterMerge: true
repositoryAccessLevel: enabled
requestAccessEnabled: false
requirementsAccessLevel: enabled
resolveOutdatedDiffDiscussions: false
restrictUserDefinedVariables: false
securityAndComplianceAccessLevel: private
serviceDeskEnabled: true
sharedRunnersEnabled: true
snippetsAccessLevel: disabled
squashCommitTemplate: ''
squashOption: default_off
suggestionCommitMessage: ''
topics: []
visibility: private
wikiAccessLevel: disabled
approvalsConfig:
disableOverridingApproversPerMergeRequest: false
mergeRequestsAuthorApproval: false
mergeRequestsDisableCommittersApproval: false
requirePasswordToApprove: false
resetApprovalsOnPush: true
approvalRules:
- name: Approval rule
appliesToAllProtectedBranches: false
approvalsRequired: 1
groupIds: []
protectedBranchIds: []
ruleType: any_approver
usernames: []
protectedBranches:
- name: main
allowForcePush: false
codeOwnerApprovalRequired: false
mergeAccessLevels:
- maintainer
pushAccessLevels:
- maintainer
unprotectedAccessLevels: []
members:
- name: alice.johnson
accessLevel: maintainer
- name: erik.klein
accessLevel: developer
sharedWithGroups:
- name: another_example_group
accessLevel: developer