GitLab

class confirm.tools.gitlab.GitLabGuard(private_token, url='https://git.confirm.ch', namespace='confirm')

The GitLabGuard is a Python tool which helps to verify & fix GitLab project settings, protected branches & tags.

While the GitLab guard provides some defaults (see SETTINGS), projects can override settings by providing a .gitlab-guard.yml file, such as this:

---
settings:
  request_access_enabled: True
  visibility: public

protected_branches:
  master:
    merge: 'Developers + Maintainers'
    push: 'Maintainers'

protected_tags:
  '*': 'Maintainers'
Parameters
  • private_token (str) – The private API token

  • url (str) – The GitLab URL

  • namespace (str) – The GitLab namespace

current_project_settings(project_id)

Retreive the current project settings of a GitLab project.

Parameters

project_id (int) – A GitLab project ID

Returns

The current settings

Return type

dict

current_protected_branches(project_id)

Retreive the current protected branches of a GitLab project.

Parameters

project_id (int) – A GitLab project ID

Returns

The current protected branches

Return type

list

current_protected_tags(project_id)

Retreive the current protected tags of a GitLab project.

Parameters

project_id (int) – A GitLab project ID

Returns

The current protected tags

Return type

list

expected_project_settings(project_id)

Retreive the expected project settings of a GitLab project.

The expected project settings are defined by the default settings of the GitLabGuard and the project-specific overrides.

Parameters

project_id (int) – A GitLab project ID

Returns

The expected settings

Return type

dict

expected_protected_branches(project_id)

Retreive the expected protected branches of a GitLab project.

The expected protected branches are defined by the default protected branches of the GitLabGuard and the project-specific overrides.

Parameters

project_id (int) – A GitLab project ID

Returns

The expected protected branches

Return type

dict

expected_protected_tags(project_id)

Retreive the expected protected tags of a GitLab project.

The expected protected tags are defined by the default protected tags of the GitLabGuard and the project-specific overrides.

Parameters

project_id (int) – A GitLab project ID

Returns

The expected protected tags

Return type

dict

project_overrides(project_id)

Retreive the project overrides from the project’s .gitlab-guard.yml file.

The .gitlab-guard.yml is looked up in the default branch of the root level of the project’s repository. It must be a valid YAML file.

Parameters

project_id (int) – A GitLab project ID

Returns

The project overrides

Return type

dict

property projects

Retreive all unarchived GitLab projects.

The projects will be returned ordered by their path and sorted ascending.

Returns

The GitLab projects

Return type

dict

verify(project_ids=None, fix=False)

Verify all GitLab projects.

Parameters
  • project_ids (list) – The project ID’s

  • fix (bool) – Fix the settings automatically

Returns

The violations

Return type

list

verify_project_settings(project_id, fix=False)

Verify the project settings of a GitLab project.

This method is leveraging the expected_project_settings() and current_project_settings() methods.

Parameters
  • project_id (int) – A GitLab project ID

  • fix (bool) – Fix the settings automatically

Returns

The violations

Return type

list

verify_protected_branches(project_id, fix=False)

Verify the protected branches of a GitLab project.

This method is leveraging the expected_protected_branches() and current_protected_branches() methods.

Parameters
  • project_id (int) – A GitLab project ID

  • fix (bool) – Fix the settings automatically

Returns

The violations

Return type

list

verify_protected_tags(project_id, fix=False)

Verify the protected tags of a GitLab project.

This method is leveraging the expected_protected_tags() and current_protected_tags() methods.

Parameters
  • project_id (int) – A GitLab project ID

  • fix (bool) – Fix the settings automatically

Returns

The violations

Return type

list

confirm.tools.gitlab.URL = 'https://git.confirm.ch'

The GitLab URL.

confirm.tools.gitlab.NAMESPACE = 'confirm'

The default GitLab namespace.

confirm.tools.gitlab.COMMON_SETTINGS = {'auto_devops_enabled': False, 'emails_disabled': False, 'issues_access_level': 'private', 'request_access_enabled': False, 'service_desk_enabled': True, 'snippets_access_level': 'disabled', 'visibility': 'private', 'wiki_access_level': 'disabled'}

The expected default common settings.

confirm.tools.gitlab.REPOSITORY_SETTINGS = {'builds_access_level': 'private', 'container_registry_enabled': False, 'default_branch': 'master', 'forking_access_level': 'private', 'lfs_enabled': False, 'merge_requests_access_level': 'private', 'packages_enabled': False, 'repository_access_level': 'private', 'repository_storage': 'default'}

The expected default repository settings.

confirm.tools.gitlab.MERGE_REQUESTS_SETTINGS = {'allow_merge_on_skipped_pipeline': False, 'autoclose_referenced_issues': True, 'merge_method': 'ff', 'only_allow_merge_if_all_discussions_are_resolved': True, 'only_allow_merge_if_pipeline_succeeds': True, 'remove_source_branch_after_merge': True, 'resolve_outdated_diff_discussions': True, 'squash_option': 'never', 'suggestion_commit_message': ''}

The expected default merge requests settings.

confirm.tools.gitlab.CI_SETTINGS = {'auto_cancel_pending_pipelines': 'enabled', 'build_timeout': 900, 'ci_config_path': None, 'ci_default_git_depth': 50, 'ci_forward_deployment_enabled': True, 'public_jobs': True, 'shared_runners_enabled': True}

The expected default GitLab CI settings.

confirm.tools.gitlab.PROTECTED_BRANCHES = {'master': {'merge': 'Maintainers', 'push': 'No one'}}

The expected protected branches.

confirm.tools.gitlab.PROTECTED_TAGS = {'*': 'Maintainers'}

The expected protected tags.