GitlabDefaults
Specifies a resource used internally in Frigg to allow for templating GitlabGroups and GitlabProjects.
Schema
GitlabDefaults
| Property | Type | Required | Description |
|---|---|---|---|
| version | string | Yes | Version of Frigg to use. Should be 2. |
| kind | GitlabDefaults | Yes | Kind of resource you want to specify |
| gitlabLicense | Free | Premium | No | The license tier of the GitLab instance (top level group) |
| metadata | object | Yes | Data used by Frigg internally |
| metadata.name | string | Yes | Name used to reference this resource from other resources |
| spec | object | Yes | State you want the resource to have |
| spec.groupConfig | GitlabGroupConfig | Yes | Default configuration for all groups. Should include all properties. |
| spec.projectConfig | GitlabProjectConfig | Yes | Default configuration for all projects. Should include all properties. |
| spec.approvalsConfig | GitlabApprovalsConfig | Yes | Default approval configuration for all projects. Should include all properties. |
| spec.approvalRules | GitlabApprovalRule array | Yes | Default approval rules for all projects. Should include all properties. |
| spec.pushRules | GitlabPushRule | Yes | Default push rules for all projects. Should include all properties. |
| spec.protectedBranches | GitlabProtectedBranch array | Yes | Default protected branches for all projects. Should include all properties. |
Example
version: "2"
kind: GitlabDefaults
gitlabLicense: Premium
metadata:
name: GitlabDefaults
spec:
groupConfig:
autoDevopsEnabled: false
defaultBranchProtection: 2
description: ""
emailsEnabled: true
lfsEnabled: true
membershipLock: false
mentionsDisabled: false
projectCreationLevel: maintainer
requestAccessEnabled: true
requireTwoFactorAuthentication: true
shareWithGroupLock: false
subgroupCreationLevel: owner
twoFactorGracePeriod: 48
visibility: private
projectConfig:
allowMergeOnSkippedPipeline: false
allowPipelineTriggerApproveDeployment: false
analyticsAccessLevel: enabled
autoCancelPendingPipelines: enabled
autoDevopsDeployStrategy: continuous
autoDevopsEnabled: false
autocloseReferencedIssues: true
buildGitStrategy: fetch
buildTimeout: 3600
buildsAccessLevel: enabled
ciAllowForkPipelinesToRunInParentProject: true
ciConfigPath: ""
ciDefaultGitDepth: 20
ciForwardDeploymentEnabled: true
ciSeparatedCaches: true
containerExpirationPolicyAttributes:
cadence: 1d
enabled: false
keepN: 10
nameRegexDelete: .*
nameRegexKeep: ""
olderThan: 90d
containerRegistryAccessLevel: enabled
defaultBranch: main
description: ""
emailsEnabled: true
enforceAuthChecksOnUploads: true
externalAuthorizationClassificationLabel: ""
featureFlagsAccessLevel: enabled
forkingAccessLevel: enabled
groupRunnersEnabled: true
infrastructureAccessLevel: enabled
issueBranchTemplate: ""
issuesAccessLevel: enabled
issuesTemplate: ""
keepLatestArtifact: true
lfsEnabled: true
mergeCommitTemplate: ""
mergeMethod: ff
mergePipelinesEnabled: true
mergeRequestsAccessLevel: private
mergeRequestsTemplate: ""
mergeTrainsEnabled: false
mirror: false
monitorAccessLevel: enabled
onlyAllowMergeIfAllDiscussionsAreResolved: true
onlyAllowMergeIfPipelineSucceeds: true
packagesEnabled: true
pagesAccessLevel: private
printingMergeRequestLinkEnabled: true
releasesAccessLevel: enabled
removeSourceBranchAfterMerge: true
repositoryAccessLevel: enabled
requestAccessEnabled: false
requirementsAccessLevel: enabled
resolveOutdatedDiffDiscussions: false
restrictUserDefinedVariables: false
securityAndComplianceAccessLevel: private
serviceDeskEnabled: true
sharedRunnersEnabled: true
sharedWithGroups: []
snippetsAccessLevel: disabled
squashCommitTemplate: ""
squashOption: default_off
suggestionCommitMessage: ""
topics: []
visibility: private
wikiAccessLevel: disabled
approvalsConfig:
disableOverridingApproversPerMergeRequest: false
mergeRequestsAuthorApproval: false
mergeRequestsDisableCommittersApproval: false
requirePasswordToApprove: false
resetApprovalsOnPush: true
approvalRules:
- name: Approval rule
appliesToAllProtectedBranches: false
approvalsRequired: 1
groupIds: []
protectedBranchIds: []
ruleType: any_approver
usernames: []
protectedBranches:
- name: main
allowForcePush: false
codeOwnerApprovalRequired: false
mergeAccessLevels:
- maintainer
pushAccessLevels:
- maintainer
unprotectedAccessLevels:
- maintainer
pushRules:
commitMessageRegex: ""
commitMessageNegativeRegex: ""
branchNameRegex: ""
authorEmailRegex: ""
fileNameRegex: ""
maxFileSize: 0
rejectUnsignedCommits: false
commitCommitterCheck: false
preventSecrets: false
memberCheck: false
denyDeleteTag: false