• Type: MMF
    • Status: In Test
    • Priority: Major
    • Resolution: Unresolved
    • Labels:



      Once GitLab user can sign up, we want to help them find their repositories and set them up to prepare an analysis - similar to what we do for the other ALMs. The subtlety is that there is no organization concept on GitLab: repos are organized in groups and sub-groups. One of the challenges of this MMF will therefore be to know how to map groups/sub-groups to SC orgs.


      Use Cases

      The use cases are the same as what is done for the other ALMs. For instance, what is specified for Azure DevOps: MMF-1829.


      The main point of this solution is to keep things as simple as possible regarding groups and subgroups, and so that we are not closely tied to GitLab features that could evolve pretty fast.

      Binding of organizations:

      • Only top level GitLab groups will be able to import as a SonarCloud organization (subgroups are ignored)
        • This should be documented (UI and doc) so that users know what they should expect
      • When importing a new organization the user will see two fields
        • One for the GitLab key of the group he wants to import
        • One for personal token of a users part of that group (of a GitLab user of the group provided in the other field)
        • This is similar to what is done for Azure Devops in MMF-1829
      • Optional:
        • It's possible to have a better ux instead of the user having to manually enter the key of the group
        • We can list all groups the user is admin of using his OAuth token
        • The user would then just select the group he wants to import in a list or dropdown
        • Providing the personal token is still required

      Binding of projects:

      • The already existing UI for importing projects will be used
      • The personal token provided during the organization import is used to authenticate requests to GitLab
      • List all projects visible to the personal token under the group hierarchy
      • GitLab subgroups are ignored, we want to flatten the hierarchy
      • Generated project keys could still contain the subgroup name if any (they just need to be uniq, knowing that on GitLab side two projects in different subgroups can have the same key)
      • We should not be able to import a private GitLab projects inside a free SonarCloud organization
      • Importing a project should initialize all the information of the project like for other ALM
      • Importing a private GitLab projects inside a paid SonarCloud organization should create private project
      • If there are private repos in the GitLab group we should suggest the paid plan

      For a bound organization:

      • A small GitLab icon is displayed next to the organization name like for other ALM organizations
      • There is no members synchronization for now
      • A new entry in the organization settings to display the current state of the link with the GitLab group
        • Display to which group it is bound, with a link to the GitLab page of the group
        • Allow to change the bound group
        • Display the status of the personal token and allow to change it
        • This is similar to what is done for Azure Devops in MMF-1829

       For already existing unbound organizations:

      • Display the GitLab icon grayed out next to the organization name like for other ALM
      • A new entry in the organization settings to allow to bind existing organization to a GitLab group
        • The user has to provide the GitLab group key
        • and a personal token
        • Similar to the import of a new organization

      For bound projects:

      • Display the GitLab icon next to the project name like for other ALM
      • Display "Merge Request" instead of PR

      There should also be a "Getting Started with GitLab" doc page.




            • Assignee:
              fabrice.bellingard Fabrice Bellingard
              fabrice.bellingard Fabrice Bellingard
            • Votes:
              4 Vote for this issue
              6 Start watching this issue


              • Created: