From c3710fc45a55161ec4f9836299a1e772301164a0 Mon Sep 17 00:00:00 2001 From: askripe <99725186+askripe@users.noreply.github.com> Date: Wed, 4 Mar 2026 12:44:15 +0200 Subject: [PATCH 1/3] add groups secret for gitlab Signed-off-by: Alexander Kulikov --- pkg/providers/gitlab/gitlab.go | 47 ++++++++++++++++++++++++++++------ 1 file changed, 39 insertions(+), 8 deletions(-) diff --git a/pkg/providers/gitlab/gitlab.go b/pkg/providers/gitlab/gitlab.go index f30e480e..acbf5856 100644 --- a/pkg/providers/gitlab/gitlab.go +++ b/pkg/providers/gitlab/gitlab.go @@ -51,20 +51,51 @@ func New(cfg api.StaticConfig) *provider { return p } +// buildURL constructs the GitLab API URL based on the key path. +// +// Supported formats: +// - host/id/varname → projects (legacy, 2-component path) +// - host/projects/id/varname → projects (explicit) +// - host/groups/id/varname → groups +func (p *provider) buildURL(key string) (string, error) { + splits := strings.SplitN(key, "/", 4) + + switch len(splits) { + case 3: + // legacy: host/project_id/varname → treated as projects + host, id, varName := splits[0], splits[1], splits[2] + return fmt.Sprintf("%s://%s/api/%s/projects/%s/variables/%s", + p.Scheme, host, p.APIVersion, id, varName), nil + + case 4: + host, kind, id, varName := splits[0], splits[1], splits[2], splits[3] + switch kind { + case "projects": + return fmt.Sprintf("%s://%s/api/%s/projects/%s/variables/%s", + p.Scheme, host, p.APIVersion, id, varName), nil + case "groups": + return fmt.Sprintf("%s://%s/api/%s/groups/%s/variables/%s", + p.Scheme, host, p.APIVersion, id, varName), nil + default: + return "", fmt.Errorf("unsupported resource type %q: must be 'projects' or 'groups'", kind) + } + + default: + return "", fmt.Errorf("invalid key format %q: expected host/id/var or host/projects|groups/id/var", key) + } +} + // Get gets secret from GitLab API func (p *provider) GetString(key string) (string, error) { - splits := strings.Split(key, "/") gitlabToken, ok := os.LookupEnv("GITLAB_TOKEN") if !ok { - return "", errors.New("Missing GITLAB_TOKEN environment variable") + return "", errors.New("missing GITLAB_TOKEN environment variable") } - url := fmt.Sprintf("%s://%s/api/%s/projects/%s/variables/%s", - p.Scheme, - splits[0], - p.APIVersion, - splits[1], - splits[2]) + url, err := p.buildURL(key) + if err != nil { + return "", err + } tr := &http.Transport{ TLSClientConfig: &tls.Config{InsecureSkipVerify: p.SSLVerify}, From 704cb784c97cc42fb4c61f4644ea5239c82b9c56 Mon Sep 17 00:00:00 2001 From: askripe <99725186+askripe@users.noreply.github.com> Date: Wed, 4 Mar 2026 12:57:48 +0200 Subject: [PATCH 2/3] Update GitLab secrets section in README Clarified GitLab secrets section with examples for project and group variables. Signed-off-by: Alexander Kulikov --- README.md | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 76b0713b..881418a7 100644 --- a/README.md +++ b/README.md @@ -864,12 +864,26 @@ Examples: For this provider to work you require an [access token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html) exported as the environment variable `GITLAB_TOKEN`. +- `ref+gitlab://my-gitlab-server.com/[projects/|groups/]id/secret_name?[ssl_verify=false&scheme=https&api_version=v4]` -- `ref+gitlab://my-gitlab-server.com/project_id/secret_name?[ssl_verify=false&scheme=https&api_version=v4]` +* `Project variables` + +Fetches a CI/CD variable `password` from a `project`. Both forms are equivalent: + +- `ref+gitlab://gitlab.com/11111/password` +- `ref+gitlab://gitlab.com/projects/11111/password` + +* `Group variables` + +Fetches a CI/CD variable `password` from a `group`: + +- `ref+gitlab://gitlab.com/groups/2222/password` Examples: - `ref+gitlab://gitlab.com/11111/password` +- `ref+gitlab://gitlab.com/projects/11111/password` +- `ref+gitlab://gitlab.com/groups/2222/password` - `ref+gitlab://my-gitlab.org/11111/password?ssl_verify=true&scheme=https` ### 1Password From 42a84a72a3a6e36637a4ce54cbd3602a6b2cbb7c Mon Sep 17 00:00:00 2001 From: askripe <99725186+askripe@users.noreply.github.com> Date: Wed, 4 Mar 2026 14:38:57 +0200 Subject: [PATCH 3/3] Update pkg/providers/gitlab/gitlab.go Signed-off-by: Alexander Kulikov Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- pkg/providers/gitlab/gitlab.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/providers/gitlab/gitlab.go b/pkg/providers/gitlab/gitlab.go index acbf5856..6e232c2b 100644 --- a/pkg/providers/gitlab/gitlab.go +++ b/pkg/providers/gitlab/gitlab.go @@ -54,7 +54,7 @@ func New(cfg api.StaticConfig) *provider { // buildURL constructs the GitLab API URL based on the key path. // // Supported formats: -// - host/id/varname → projects (legacy, 2-component path) +// - host/id/varname → projects (legacy, 2-component path after host) // - host/projects/id/varname → projects (explicit) // - host/groups/id/varname → groups func (p *provider) buildURL(key string) (string, error) {