Connect to Gitlab Cloud

Step 1. Determine API access token scopes

To authorize our API calls, we need a personal access token from a Gitlab user account. This account must have access to all projects that you’d like Glean to crawl. For this API token, if you’re willing to grant us the api scope, we can programmatically create webhooks during setup. If you want to restrict the token to read-only access, you will need to manually create webhooks for every single project that you want crawled.

Step 2. Create a personal access token

  1. Sign into your Gitlab user account.
  2. Navigate to upper right hand corner (user icon) and click “Preferences”
  3. Select “Access Tokens” on the left side menu.
  4. Add a personal access token.
    • Name: Glean Token
    • Scopes:
      • if you’re allowing write privileges
        • api
      • if you’re only allowing read privileges:
        • read_user
        • read_api
        • read_repository
  5. Leave Expires at empty
  6. Copy the personal access token into the corresponding field in Glean
  7. Check the box if the token has write privileges
  8. If you provided api scope for the token, click Save and skip to step 4

Step 3. Create webhooks manually (if token has only read access)

Log into Gitlab with an account that has owner privileges in order to manually create webhooks in a project. For each project perform the following steps:
  1. Navigate to the project page within Gitlab.
  2. On the left-side menu, navigate to Settings → Webhooks.
  3. Create a webhook with the following properties:
    • URL: %3%
    • Secret token: sk_test_123456789%2%
    • Trigger:
      • Push events
      • Comments
      • Issue events
      • Merge request events
      • Wiki page events
  4. Input that same Secret Token to corresponding “Webhook secret token” field in Glean. After creating all project webhooks on GitLab, click Save.

Step 4. Upload User Mapping

Gitlab Cloud doesn’t return a user’s email via the API unless that user has explicitly allowed their email to be publicly shown. In order for us to correctly crawl permissions in Gitlab, we need to be able to map each user id to their company email.
  1. Please create a CSV with two columns: Gitlab user ID, and email. The CSV doesn’t need to have column headers, but the columns do need to be in the order (user ID, email).
    1. Note that the user ID is NOT the username –– the user ID should be numbers only and corresponds to the id in the example response of the /members API.
    2. Example of a correct row: 12345,user1@glean.com
  2. Upload this CSV to Glean to correctly map the user IDs to the primary SSO email. To list all gitlab user IDs, you can use the Gitlab API. For your company emails, they can hopefully be queried from an identity system like Okta, GSuite, or any other source you may have internally. Once you’ve successfully uploaded the CSV, click “Save”.