forked from gitlabform/gitlabform
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig.yml
269 lines (247 loc) · 10.4 KB
/
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
# GitLab API access config
gitlab:
# You can also set in your environment GITLAB_URL
url: https://gitlab.yourcompany.com
# You can also set in your environment GITLAB_TOKEN
token: "<private token of an admin user>"
# GitLab API version. As of now only 4 is supported.
api_version: 4
#
# You can define settings on 3 levels here:
# * common - for ALL projects in ALL groups
# * group - for ALL projects in selected groups
# * project - for single projects
#
# Each level is optional.
#
# To generate effective settings to apply for a given project, if it is configured on more than one level
# (for example you run it for "my_group/my_project" with the example configuration below, where this project will
# take configuration from all 3 levels), GitLabForm will merge those configurations.
#
# Merging is additive, so for sections like `deploy_keys`, `secret_variables`, `hooks' on each lower level
# the effective configuration will contain elements from higher levels plus elements from lower levels.
#
# Exception: when `skip: true` is set on a more specific level, given config section is not set AT ALL for given project.
#
common_settings:
# common settings for ALL projects in ALL groups
secret_variables:
# this name is not actually used, it's just for you
a_secret_you_want_to_add_to_all_projects_in_your_gitlab_instance:
key: A_VERY_COMMONLY_USED_PASSWORD
value: "ThisIsAVerySecretPassword"
group_settings:
# settings for ALL projects in 'my_group' group
"my_group":
deploy_keys:
# this name is not actually used, it's just for you
a_friendly_deploy_key_name:
# you have to pass whole SSH key content here even if GitLab already has this key added and you just assign it
# to another project here
# this is a limitation of GitLab API
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB2QKx6BPzL (...)"
title: ssh_key_name_that_is_shown_in_gitlab
# note that you can set this to `true` or `false` only on the first assignment of the key / its creation
# see https://gitlab.com/gitlab-org/gitlab-ce/issues/30021#note_39567845
# this is a limitation of GitLab API
can_push: false
# this name is not actually used, it's just for you
another_friendly_deploy_key_name:
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDtbyEK66RXg (...)"
title: other_ssh_key_name_that_is_shown_in_gitlab
can_push: false
secret_variables:
# this name is not actually used, it's just for you
a_friendly_secret_variable_name:
key: SSH_PRIVATE_KEY_BASE64
value: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUl (...)"
# keys and values here are as described at https://docs.gitlab.com/ce/api/projects.html#edit-project
project_settings:
jobs_enabled: true
public_jobs: false # "Public pipelines" checkbox in GitLab web UI
visibility: internal
only_allow_merge_if_pipeline_succeeds: true
only_allow_merge_if_all_discussions_are_resolved: true
# See https://docs.gitlab.com/ee/push_rules/push_rules.html#enabling-push-rules
project_push_rules:
commit_message_regex: 'Fixes \d +'
branch_name_regex: ""
deny_delete_tag: false
member_check: false
prevent_secrets: false
author_email_regex: ""
file_name_regex: ""
max_file_size: 0 # in MB, 0 means unlimited
# *** This section requires GitLab EE 10.6+ ***
merge_requests:
# keys and values here are as described at
# https://docs.gitlab.com/ee/api/merge_request_approvals.html#change-configuration
# (note that some Merge Requests-related settings are set in project_settings! read linked gitlab API docs for details)
approvals:
approvals_before_merge: 2
reset_approvals_on_push: true
disable_overriding_approvers_per_merge_request: true
# below settings are using https://docs.gitlab.com/ee/api/merge_request_approvals.html#change-allowed-approvers
# but instead of user and group ids ONLY use usernames and full groups/subgroup paths here
# if neither 'approvers' or 'approver_groups' below are set, approvers are NOT managed by gitlabform
# you DON'T have to provide both
approvers:
- user1
- user2
approver_groups:
# note: this is the only place as of now where the subgroups are supported in this app
- my_group
- my_group1/subgroup
- my_group2/subgroup/subsubgroup
# keys names are branches names and values are as parameters described at
# https://docs.gitlab.com/ee/api/branches.html#protect-repository-branch
branches:
develop:
protected: false
master:
protected: true
developers_can_push: false
developers_can_merge: true
# keys names are members/groups names and values are as parameters described at
# https://docs.gitlab.com/ee/api/projects.html#share-project-with-group
# https://docs.gitlab.com/ee/api/members.html#add-a-member-to-a-group-or-project
members:
groups:
my-group:
group_access: 40
users:
my-user:
access_level: 40
expires_at: 2019-09-26
# keys names are tags names and values are as parameters described at
# https://docs.gitlab.com/ee/api/protected_tags.html
tags:
"v*":
protected: true
create_access_level: 40
# service names are as in the endpoints described at https://docs.gitlab.com/ce/api/services.html
# hashes under those name correspond to the parameters described for given service there
# except where services are deleted with `delete: true`
services:
slack:
delete: true
drone-ci:
delete: true
jira:
url: https://jira.yourcompany.com
project_key: PRO # any JIRA project key will do
# key names here are hook URLs and values are as parameters described at
# https://docs.gitlab.com/ee/api/projects.html#edit-project-hook
# except where hooks are deleted with `delete: true`
hooks:
"http://host.domain.com/some-old-hook-you-want-to-remove-from-config":
delete: true
"http://127.0.0.1:5000/hooks/merge-request":
push_events: false # this is set to true by GitLab API by default
merge_requests_events: true
token: some_secret_auth_token
# with this configuration section you can ensure that some files with appropriate content are in some or all
# branches (or that they are NOT there)
# note that this is gitlabform-specific feature, it DOES NOT directly correspond to GitLab API like other sections
# (although it uses https://docs.gitlab.com/ee/api/repository_files.html)
files:
"README.md":
overwrite: false
branches:
- develop
# this will prevent the commit that applies this file change triggering CI build
# default is `false`, so a file change WILL trigger CI build
skip_ci: true
content: |
This is a default README. Please replace it with a proper one!
".gitlab-ci.yml":
overwrite: true
branches: all
content: |
stages:
- test
test:
image: node:6
stage: test
script:
- npm test
"other-file":
overwrite: true
branches: all
# You can provide file contents with external file too. Both absolute and relative paths are supported.
# Relative paths are interpreted as relative to `config.yml` file location.
file: some-file.txt
"rendered-file":
overwrite: true
branches: all
# jinja templating in gitlabform is supported by FileSystemLoader, so templates could also render each other using for example {% extends 'relative/path/to/other.jinja2' %}
file: some-file.txt.jinja2
template: yes
jinja_env:
foo: 'bar'
"file-using-templating":
overwrite: true
branches: all
content: |
Simple templating is supported via jinja2 with two default variables
{{ project }} will be replaced by project name, while {{ group }} by a group name.
All occurences will be replaced.
"file-escape-templating":
branches: all
template: no
content: |
{{ project }} will be rendered literally
"file-with-custom-variable":
branches: all
content: |
{{ foo }} and {{ bar }} are defined by you, but currently only dict is supported for jinja_env.
Group: {{ group }} and project: {{ project }} are always accessable by jinja.
jinja_env:
foo: "fooz"
bar: "barz"
project_settings:
# settings specific to 'my_group/my_project1' project
"my_group/my_project1":
project_settings:
# this will make this project settings set to values defined on a group level, but with this single parameter
# overriden
visibility: private
deploy_keys:
# see comment above - this key will be ADDED to the keys configured on a group level
one_more_deploy_key:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB2QKx6BPzL...
title: ssh_key_name_that_is_shown_in_gitlab_3
can_push: false
branches:
# see comment above - this branch config will be ADDED to the branches configured on a group level
special_branch:
protected: true
developers_can_push: false
developers_can_merge: true
hooks:
skip: true # this will skip whole hooks config *section* for this project, although it is set on group level
files:
"some-file":
overwrite: true
branches:
- develop
- master
# setting below value to `true` will make this file be set only for the first *existing* branch in the list above
only_first_branch: true
content: |
We want this file to be set only in the first existing branch from the branch list above.
"some-path/garbage-file":
delete: true
branches:
- develop
- master
skip_ci: true
"other-file":
skip: true # this will skip processing this *single file* in case it is configured on a group level
# this will skip these projects from being processed
skip_projects:
- my_group/this_project_will_not_be_processed_with_gitlabform_when_running_for_my_group
- my_group/and_this_too
# this will skip these groups from being processed
skip_groups:
- my_other_group