GitLab Enforcer

Spring Boot application with GitLab System Hook listener which enforces certain configuration rules on newly created GitLab groups and projects:

• Group
  • Share with group lock
  • Member Lock
  • Auto DevOps
  • Default project-creation level
  • Default subgroup-creation level
• Project
  • Protected Branches
  • Push Rules
  • Removal of shares with groups from user projects

These rules are defined in src/main/resources/config/application.yml

rules:
  - rule: org.vaulttec.gitlab.enforcer.rule.GroupSettingsRule
    use: once
    config:
      membership_lock: true
      share_with_group_lock: true
      auto_devops_enabled: false
      project_creation_level: maintainer
      subgroup_creation_level: owner
  - rule: org.vaulttec.gitlab.enforcer.rule.ProtectedBranchRule
    use: always
    config:
      skipUserProjects: true
      keepStricterAccessLevel: true
      name: master
      push_access_level: 30
      merge_access_level: 30
  - rule: org.vaulttec.gitlab.enforcer.rule.ProtectedBranchRule
    use: always
    config:
      skipUserProjects: true
      keepStricterAccessLevel: true
      name: release/*
      push_access_level: 40
      merge_access_level: 40
  - rule: org.vaulttec.gitlab.enforcer.rule.PushRulesRule
    use: always
    config:
      skipUserProjects: true
      member_check: true
  - rule: org.vaulttec.gitlab.enforcer.rule.UserProjectSettingsRule
    use: always
    config:
      removeSharedGroups: true

All the rules marked with the configuration property use: always are automatically re-enforced at a specified interval (msec)

enforcer:
  scheduler:
    enabled: true
    rate: 300000  # 5 min

Install Maven Wrapper

cd /path/to/project
mvn -N io.takari:maven:wrapper

Run the project with

./mvnw clean spring-boot:run -Dspring-boot.run.profiles=test

Open browser to http://localhost:8080/

To package the project run

./mvnw clean package