Set up GitLab integration for execution environment builder
Configure GitLab content discovery and OAuth so that execution environment builder can scan GitLab groups for Ansible collections and save definition files.
Before you begin
You have a GitLab account with access to the groups automation portal needs to scan.
You have admin access to your GitLab instance or group settings.
About this task
Complete this section if your organization uses GitLab for content discovery or saving definition files. If you use GitHub only, skip to Configure collection discovery sources.
GitLab uses a Personal Access Token for content discovery.
Procedure
Content discovery (scanning repositories for collections)
If you configured a GitLab personal access token during RHEL appliance installation (via cloud-init), the portal_gitlab_token secret already exists and is active for content discovery. Running the command above updates the existing secret with a new value.
If you use a self-hosted GitLab instance (not gitlab.com), add its URL to the CORS allowed origins.
On RHEL appliances, app.baseUrl, backend.baseUrl, and backend.cors.origin must all use the same portal URL. If any of these values are inconsistent, OAuth callbacks and API requests fail. Do not create a duplicate backend: block — add cors to the existing one.
Note:
If you only use gitlab.com, no CORS changes are needed.
Save definition files to a GitLab repository (OAuth)
Create a GitLab OAuth application in your GitLab instance under Admin Area > Applications (or group-level settings). Enter the following details:
Name: A descriptive name, for example ansible-portal-ee-builder.
The write_repository scope lets automation portal push EE definition files and open merge requests on behalf of the authenticated user. It is used for every save operation (new repository or merge request to an existing repository).
Note the Application ID and Secret. Save the secret value immediately — you cannot view it again.
Enable the GitLab auth provider in your configuration.
OpenShift: Uncomment the auth.providers.gitlab block in your Helm chart configuration.
RHEL appliance: Add the following auth.providers block to /etc/portal/configs/app-config/app-config.production.yaml. If an auth: section already exists, add the providers: section inside it:
$ sudo tee -a /etc/containers/systemd/portal.container.d/ee-builder-secrets.conf << 'EOF'
Secret=portal_gitlab_oauth_client_id,type=env,target=GITLAB_OAUTH_CLIENT_ID
Secret=portal_gitlab_oauth_client_secret,type=env,target=GITLAB_OAUTH_CLIENT_SECRET
EOF