# vi: set ft=yaml:

gitlab:

url: https://gitlab.example.com

author_email: [email protected]

author_name: Commit Author

groups:

- path: dev/projects/subgroup # mandatory, parent group should exist

name: Subgroup # mandatory

active: True # mandatory

description: Subgroup # mandatory

visibility: private # mandatory

members: # optional, see projects:members for complete description

...

variables_clean_all_before_set: True # optional, delete all variables before setting, useful to clean garbage, also it runs much faster than updating, disable only if you need to keep some manually added values

#variables_from_files: # optional, use with variables (or add variables: [] if only variables_from_files needed), file should contain a list of variables (without "variables:" key)

# - var_file.inc # variables defined here below in "variables:" have higher priority than defined in files

variables: # optional, see projects:variables for complete description

...

projects:

- path: dev/projects/subgroup/project1 # mandatory

name: Project1 # mandatory

active: True # mandatory

description: My Project # mandatory

visibility: internal # mandatory

members: # optional

- user: bot1

access_level: 10 # 0 - noone, 10 - guest, 20 - reporter, 30 - developer, 40 - maintainer

- group: dev/group1

access_level: 30

deploy_keys: # optional

- title: [email protected]

key: ssh-ed25519 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA [email protected]

- title: [email protected]

key: ssh-ed25519 BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB [email protected]

deploy_tokens: # optional

- name: gitlab-deploy-token

scopes:

- read_registry

access_tokens: # optional

- name: test

scopes:

- api

access_level: 30 # optional

expires_at: "YYYY-MM-DD" # do not remove quotes, the date cannot be set later than the maximum allowable lifetime of an access token.

shared_runners_enabled: False

merge_method: rebase_merge # optional: merge, rebase_merge, ff

resolve_outdated_diff_discussions: True # optional

#squash_commits_when_merging: require # deprecated, use squash_option

squash_option: default_on # optional: never, always, default_on, or default_off

only_allow_merge_if_pipeline_succeeds: True # optional

only_allow_merge_if_all_discussions_are_resolved: True # optional

skip_outdated_deployment_jobs: False # optional

issues_enabled: False # optional

wiki_enabled: False # optional

packages_enabled: False # optional

service_desk_enabled: False # optional

auto_devops_enabled: False # optional

container_registry_enabled: False # optional

jobs_enabled: False # optional

lfs_enabled: False # optional

merge_requests_enabled: False # optional

snippets_enabled: False # optional

analytics_access_level: disabled # optional

builds_access_level: disabled # optional

forking_access_level: disabled # optional

issues_access_level: disabled # optional

merge_requests_access_level: disabled # optional

operations_access_level: disabled # optional

pages_access_level: disabled # optional

requirements_access_level: disabled # optional

repository_access_level: disabled # optional

snippets_access_level: disabled # optional

wiki_access_level: disabled # optional

approvals_before_merge: 1 # optional

reset_approvals_on_push: True # optional

selective_code_owner_removals: False # disable

disable_overriding_approvers_per_merge_request: True # optional

merge_requests_author_approval: False # optional

merge_requests_disable_committers_approval: True # optional

require_password_to_approve: False # optional

protected_branches: # optional

- name: master

push_access_level: 0

merge_access_level: 40

code_owner_approval_required: True

allow_force_push: True

allowed_to_merge: # optional

- user: user1

- group: dev/group2

allowed_to_push: # optional

- user: user1

- group: dev/group2

protected_tags: # optional

- name: 'v*'

create_access_level: 40

allowed_to_create: # optional

- user: user1

- group: dev/group2

merge_request_approval_rules: # optional

- name: QA

groups:

- dev/qa

branch: master

approvals_required: 1

template: # mandatory for --template-projects

path: .template # mandatory

cmd: XXX=zzz ./test.sh # mandatory, runned as cd .template; XXX=zzz ./test.sh ../.projects/dev/projects/subgroup/project1

specific_runners_enabled: # optional, enable specific runners for projects, runners are identified by description field

- dev-runner

- prod-runner

protected_environments: # optional, create and protect environments

- name: prod

deploy_access_level: 40

bulk_delete_tags: # mandatory for --bulk-delete-tags-in-projects, https://docs.gitlab.com/ce/api/container_registry.html#delete-registry-repository-tags-in-bulk

# rule list

# several different rules can be applied to a project, each rule should be run on different hour as the bulk delete function can be only run once an hour (GitLab limitation)

# non prod tags

- run_on_hours: [10] # mandatory, day hours list to run this rule

image_repo_regex: .* # each project can have many docker repos nested in dirs, use regex to match repos against rule

name_regex_delete: .* # mandatory

older_than: 2w # optional

# both types of prod tags exclude

name_regex_keep: (?:^v.+|^master$) # optional

# branched prod tmp tags

- run_on_hours: [12]

image_repo_regex: .*

name_regex_delete: ^v\d+-\d+-\d+-.+$

older_than: 4w

# prod tags

- run_on_hours: [14]

image_repo_regex: .*

name_regex_delete: (?:^v\d+-\d+-\d+$|^master$)

keep_n: 10 # optional

push_rules: # optional, check https://docs.gitlab.com/ee/api/projects.html for the details

commit_committer_check: False # required, if push_rules key used, all other push_rules sub options are optional

commit_committer_name_check: False

reject_unsigned_commits: False

deny_delete_tag: False

member_check: False

prevent_secrets: False

commit_message_regex: ""

commit_message_negative_regex: ""

branch_name_regex: ""

author_email_regex: ""

file_name_regex: ""

max_file_size: 0

variables_clean_all_before_set: True # optional, delete all variables before setting, useful to clean garbage, also it runs much faster than updating, disable only if you need to keep some manually added values

#variables_from_files: # optional, use with variables (or add variables: [] if only variables_from_files needed), file should contain a list of variables (without "variables:" key)

# - var_file.inc # variables defined here below in "variables:" have higher priority than defined in files

cicd: # optional, https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html#allow-access-to-your-project-with-a-job-token

token_access_limit_access_to_this_project: False

projects_with_access: # projects are only added, to cleanup - remove manually

- group1/project1

- group2/project2

variables: # optional

- key: TEST1 # mandatory

value: XXX1 # mandatory

variable_type: env_var # env_var by default or file

protected: True # False by default

masked: False # False by default

#raw: True # optional, False by default, "Expand variable reference" switcher, in API reference it is called "raw" https://docs.gitlab.com/ee/api/project_level_variables.html

environment_scope: '*' # * by default

- key: TEST1 # mandatory, we can have the same var in different scopes

value: XXX1 # mandatory

variable_type: env_var # env_var by default or file

environment_scope: 'staging'

- key: TEST_TRUE

value: "true" # do not put yaml boolean in value as GitLab vars are not boolean compatible, it will save them as "true" and "false" strings, put the same here

variable_type: env_var

environment_scope: 'prod'

- key: TEST_FALSE

value: "false" # do not put yaml boolean in value as GitLab vars are not boolean compatible, it will save them as "true" and "false" strings, put the same here

variable_type: env_var

environment_scope: # you can use list of scopes here, it will be expanded to several vars in gitlab

- 'prod'

- 'staging'

- variable_type: env_var

environment_scope: 'dev/my-*'

key_values: # another more compact format to set multiple key-values for the same scope, type of var

TEST1: XXX1

TEST2: XXX2

TEST3: XXX3

TEST4: XXX4

TEST5: XXX5