How do I use self-hosted gitlab with terraform-aws-ci repo
Gruntwork code shows examples of using hosted github, bitbucket and gitlab. I have a self-hosted gitlab instance within my organization, and I need step-by-step guidance. --- <ins datetime="2023-03-19T23:50:23Z"> <p><a href="https://support.gruntwork.io/hc/requests/110001">Tracked in ticket #110001</a></p> </ins>
# Using self-hosted gitlab In this article, we cover steps necessary to use a self-hosted gitlab instance with Gruntwork's `terraform-aws-ci` repo. ## Obtain and store Gitlab Personal Access Token We will use gitlab PAT to authenticate with gitlab. Instructions for creating PAT are here: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html AWS Secrets Manager is ideal for storing the token, as it offers encryption, granular access policies, ability to rotate secrets, audit trail and versioning. Create a secret and copy the secret's ARN. ## Add gitlab settings to terraform-helper module In [terraform-update-variable](https://github.com/gruntwork-io/terraform-aws-ci/blob/main/modules/terraform-helpers/bin/terraform-update-variable) script, start with the variable declarations section in `run_update` function. Add the secret ARN from step above. ``` local self_hosted_gitlab_token_secrets_manager_arn="" ``` In the case block just below declarations, add the parameter ```asciidoc --self-hosted-gitlab-token-secrets-manager-arn) self_hosted_gitlab_token_secrets_manager_arn="$2" shift ;; ``` Little further down in the module, add gitlab authentication ```asciidoc config_https_auth_from_secrets_manager '[mygitlab.example.com](http://mygitlab.example.com/)' 'oauth2' "$self_hosted_gitlab_token_secrets_manager_arn" ``` ## Add token to infrastructure-deploy-script ### In the main function, add a new environment variable to hold the PAT https://github.com/gruntwork-io/terraform-aws-ci/blob/ba3b1a284c251faea326b3efb646c5f75a89a57d/modules/infrastructure-deploy-script/scripts/infrastructure-deploy-script#L183 ```asciidoc self_hosted_gitlab_auth_token = os.environ.get(f'{ENVVAR_PREFIX}_SELF_HOSTED_GITLAB_TOKEN', None) ``` ### In the token block, add the token https://github.com/gruntwork-io/terraform-aws-ci/blob/ba3b1a284c251faea326b3efb646c5f75a89a57d/modules/infrastructure-deploy-script/scripts/infrastructure-deploy-script#L193-L200 ```asciidoc if self_hosted_gitlab_auth_token is not None: git.configure_https_auth('oauth2', self_hosted_gitlab_auth_token, '[mygitlab.example.com](http://mygitlab.example.com/)') ``` ### In the configure_force_https function, add gitlab url https://github.com/gruntwork-io/terraform-aws-ci/blob/ba3b1a284c251faea326b3efb646c5f75a89a57d/modules/infrastructure-deploy-script/infrastructure_deploy_script/git.py#L63-L81 ```asciidoc for host in ['[github.com](http://github.com/)', '[gitlab.com](http://gitlab.com/)', '[bitbucket.org](http://bitbucket.org/)', '[mygitlab.example.com](http://mygitlab.example.com/)]: ```