Dodanie grupy gitlab

gitlab-group

Repozytorium modułu opentofu - gitlab-group
🔗 GitLab: pl.rachuna-net/artifacts/opentofu/gitlab-group

Repozytorium GitLab zawierające definicję grup
🔗 GitLab: pl.rachuna-net/infrastructure/gitlab-com/iac-gitlab

---

Definiowanie grupy w OpenTofu

Aby utworzyć grupę repozytoriów w GitLab, należy dodać odpowiednią definicję do pliku konfiguracyjnego OpenTofu.

---

Minimalna definicja grupy

module "_apps" {
  source = "git@gitlab.com:pl.rachuna-net/artifacts/opentofu/gitlab-group?ref=v1.0.0"

  name           = "apps"
  description    = "Aplikacje i usługi"
  parent_group   = local.parent_name
  visibility     = "public"
  default_branch = "main"
  avatar         = "apps"
}

module "apps" {
  source = "./apps/"
}

Definicja locals w ./apps/_locals.tf

locals {
  parent_name  = "pl.rachuna-net/containers"
  project_type = "container"
}

---

Ustawienie labels dla grupy

module "_apps" {
  source = "git@gitlab.com:pl.rachuna-net/artifacts/opentofu/gitlab-group?ref=v1.0.0"

  name           = "apps"
  description    = "Aplikacje i usługi"
  parent_group   = local.parent_name
  visibility     = "public"
  default_branch = "main"
  avatar         = "apps"

+ labels = {
+   "tech::opentofu" = {
+       "description" = "OpenTofu related issues",
+       "color"       = "#FFEE00"
+    }
+    "critical" = {
+        "description" = "Critical issues",
+        "color"       = "#FF0000"
+    }
+    "parametrized" = {
+        "description" = "Parametrized issues",
+        "color"       = "#36454F"
+    }
+    "documentation" = {
+        "description" = "Documentation issues",
+        "color"       = "#6699CC"
+    }
+ }
}


module "apps" {
  source = "./apps/"
}

---

Ustawienie badges dla grupy

module "_apps" {
  source = "git@gitlab.com:pl.rachuna-net/artifacts/opentofu/gitlab-group?ref=v1.0.0"

  name           = "apps"
  description    = "Aplikacje i usługi"
  parent_group   = local.parent_name
  visibility     = "public"
  default_branch = "main"
  avatar         = "apps"

+ badges = {
+   "release" = {
+       "link_url"  = "http://gitlab.com/%{project_path}/-/releases",
+       "image_url" = "http://gitlab.com/%{project_path}/-/badges/release.svg"
+   }
+   "pipeline": {
+       "link_url"  = "http://gitlab.com/%{project_path}/-/commits/%{default_branch}",
+       "image_url" = "http://gitlab.com/%{project_path}/badges/%{default_branch}/pipeline.svg"
+   }
+ }

}

Ustawienie members

module "_apps" {
  source = "git@gitlab.com:pl.rachuna-net/artifacts/opentofu/gitlab-group?ref=v1.0.0"

  name           = "apps"
  description    = "Aplikacje i usługi"
  parent_group   = local.parent_name
  visibility     = "public"
  default_branch = "main"
  avatar         = "apps"

+  members = {
+    mrachuna = {
+     access_level = "owner"
+    }
+  }
}

Ustawienie ci variables dla grupy

+ data "vault_kv_secret_v2" "auth_gitlab" {
+   mount = "kv-gitlab"
+   name  = "pl.rachuna-net/auth/gitlab-com"
+ }
+ 
+ data "vault_kv_secret_v2" "auth_vault" {
+   mount = "kv-gitlab"
+   name  = "pl.rachuna-net/auth/vault"
+ }

module "_apps" {
  source = "git@gitlab.com:pl.rachuna-net/artifacts/opentofu/gitlab-group?ref=v1.0.0"

  name           = "apps"
  description    = "Aplikacje i usługi"
  parent_group   = local.parent_name
  visibility     = "public"
  default_branch = "main"
  avatar         = "apps"

+  variables = {
+    GITLAB_BASE_URL = {
+      value       = "https://gitlab.com"
+      description = "Adres serwera gitlab"
+    }
+    GITLAB_SSH_KEY = {
+      description = "Klucz SSH dla gitlab runnera do komunikacji z gitlabem"
+      value       = data.vault_kv_secret_v2.auth_gitlab.data["GITLAB_SSH_KEY"]
+    }
+    GITLAB_TOKEN = {
+      description = "GitLab Token dla gitlab runnera"
+      masked      = true
+      value       = data.vault_kv_secret_v2.auth_gitlab.data["GITLAB_TOKEN"]
+    }
+    VAULT_ADDR = {
+      description = "Adres serwera Vault"
+      value       = "https://vault.rachuna-net.pl"
+    }
+    VAULT_TOKEN = {
+      description = "Vault token dla gitlab runnera do komunikacji z vaultem"
+      masked      = true
+      value       = data.vault_kv_secret_v2.auth_vault.data["token"]
+    }
+  }
}