Cannot see shared GitLab repositories

#1

Hi,

I’ve added my GitLab credentials to Rancher in the hope of being able to build and deploy a number of shared repositories using a pipeline. Unfortunately I can only see GitLab repositories which I’ve created myself.

Is it possible to use shared GitLab repositories within Rancher?

Thanks :grinning:

#2

Hi, did you manage to resolve this issue in any way?

I tried to set up pipelines with gitlab (not self-hosted) in a fresh install of rancher 2.2.0, unfortunately I am in a similar situation.
In our case we have a master group in gitlab where I have an owner role. This group contains several subgroups to organize projects (created by different accounts), these subgroups might contain more subgroups or projects.

According to gitlabs documentation:

When you add a member to a subgroup, they inherit the membership and permission level from the parent group. This model allows access to nested groups if you have membership in one of its parents.

Thus I have an owner role for all projects.

Despite this, I can only access repositories created by me / shared with me directly in the rancher pipeline after connecting my gitlab account (I cannot see any of the projects where the role is inherited).

Now the 2 options I am aware of to resolve this would be:

  1. Create a separate rancher project for each of our gitlab subgroups and set up pipelines independently for each of these projects. This would not be desired by us, since it introduces a level of complexity. I would like to represent these subgroups as namespaces, and configure the pipeline on project level only once.
  2. Change ownerships for all subgroups. Unfortunately this is not possible in gitlab as far as I know, so we would have to create new subgroups and move all projects which would break the current CI/CD pipelines.

EDIT:
We’ve been able to work around this by creating a new user, assigning a “lower” role on the main group and a higher role on the groups containing repositories, so that the user gets an explicit role for the projects and not an inherited one.