Dirk's Tech Findings

Gitlab: Clone repository using token and automate with Saltstack

Publication date: 2023-05-09

Issue: How to clone a repository from a Gitlab server using a token and automate this via Saltstack?

Both requirements appear simple to solve (and actually they are...). Nevertheless, my first attempts to do so failed.

Solution: Create access token with correct permissions and use "https_pass" in Saltstack

Create a readonly access token in Gitlab and select scope "read_repository". As role you need to specify "Reporter". The role "Guest" is not sufficient here, even if the scope is correctly set!

Now the repository can be cloned with this URL: https://token:GITLAB_TOKEN_HERE@gitlab.lrz.de/myrepo.git

token can be set arbitrarily. I recommend to use the Gitlab token name to self-document the URL.

Then this token can be used in a Saltstack state to clone the repo. One could use the URL above as the value of the name attribute. However, in this case the token would appear in the Saltstate output/logs. Thus it is better to provide the token as value of the http_pass attribute as shown below.

git_myrepo:
  git.latest:
    - name: https://gitlab.lrz.de/myrepo.git
    - https_pass: {{ salt['pillar.get']('gitlab:myrepo') }}
    - target: /home/myrepo
    - branch: main

Hint towards the solution

Unfortunately, any forum posts I found were not really helpful.

Back to topic list...