Outgoing webhooks: GitLab commit statuses

Hello!

I’ve set up https://rootkea.me with Netlify whose repo is at https://gitlab.com/rootkea/rootkea.gitlab.io

I’m trying to set up Gitlab commit statuses as outgoing webhooks explained here: https://docs.netlify.com/site-deploys/notifications/#outgoing-webhooks-and-notifications

  1. It says “It requires a GitLab API token with access to the repository.”
    What kind of ‘access’ is required? While creating API token, Gitlab presents 5 different scopes: api, read_user, read_repository, write_repository and read_registry
    Which of these should be granted?

  2. Where exactly these commit statuses can be seen?
    I created GitLab API token with read_repository and write_repository scopes and tried watching commit statuses at https://gitlab.com/rootkea/rootkea.gitlab.io/pipelines but didn’t see any status.

Thanks!

CC @luke

Edit - removed other CCs

Hi @rootkea. Would you please try making and API token with the scope of api (instead of read_repository and write_repository) and let us know if that works?

3 Questions:

  1. Is the meta scope api really necessary? Can’t it be restricted to read_repository and write_repository for Netlify deploy notifications as Gitlab commit status?

  2. I created an access token with scope api and put it in API Access Token input box but when I select “Edit notification” to verify if the access token got saved properly or not it displays the blank box. How do I verify if the access token was saved or not?

  3. Where can I see these statuses? How do they look? Honestly, I have no idea. I already see “passed” and “failed” for Gitlab Pages and Vercel deploys (under the stage “external”) at https://gitlab.com/rootkea/rootkea.gitlab.io/pipelines

Thanks!

Hi @rootkea,

Not sure why we need that scope since I didn’t write the code and cannot understand it easily, but it will be a change we won’t get to soon to modify it (if possible), so you’ll need to use what is already requested today if you want to use this feature today. If you can find some docs about what GitLab needs, I’ll be happy to file a feature request for us to reduce the scope!

We don’t show your access token in the UI, but if you saved it successfully, it is stored in our system.

Our intention is that you can see the statuses right on the MR. Something like this, though it may look a bit different these days since this is a very old commit on an old repo but is the only gitlab sample I have handy (for a build that failed):

I’m not sure which scope (with the least permissions but accomplishing the job) to use out of these 7 scopes. https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#limiting-scopes-of-a-personal-access-token

I’m wondering how’s this a good UI.

The documentation for Gitlab commit status notifications says nothing about the MR. It says “This type of notification creates commit statuses in your GitLab repositories.” https://docs.netlify.com/site-deploys/notifications/#gitlab-commit-statuses

No wonder I was looking for commit status notifications in repository (master branch) and not MRs.

Thanks! I can see Netlify deploy notification on MR. Earlier I was looking in “repository” (master branch commits)

OK, my request to you was to determine the scope needed that would meet your desires, so I won’t be filing the feature request, but if you’d like to figure that out (since you are the first one to request a change), will be happy to do so in the future.

re: “good UI”, this is my understanding: since the token is associated with YOUR GitLab account, but your account teammates (maybe you don’t have any, but many people do) could see it - I think we made the decision to protect whomever set it up.

Finally re the confusing docs, I will work with the docs team to clarify that documentation, thanks so much for bringing it up!

1 Like

Oh! That makes complete sense now. And yes, I don’t have any teammates so api token privacy didn’t occur to me. Thanks!

Hey @rootkea,

Thanks for the valuable feedback and for understanding the UI decisions. We’ve got some changes to our docs in the pipeline based on this so, again, thank you.

1 Like