Contents

terraform-provider-gitlabci: Register GitLab CI Runners

Easy runner registration via terraform

I’m a huge fan of terraform, so when I needed to build out cloud infrastructure for GitLab CI/CD it was the first thing I reached for. The native terraform-provider-gitlab was very useful, but left out one critical detail: it was not possible to register a runner.

Ouch. 💢

This left a rather annoyingly awkward gap in my terraform configurations, as I’d need to provision a runner token outside of terraform. I messed around with this, coming up with a couple… interesting approaches, but ultimately I realized that the only proper solution to this (read: that wasn’t just a giant hack) would require writing a provider.

terraform-provider-gitlabci

Recently I’ve had some free time, so I cleaned it up a bit and published it.

A quick example

Documentation and the like can be found over at the terraform registry, but here’s a quick example with only a minimum of hand-wavey:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
terraform {
  required_providers {
    gitlabci = {
      source = "registry.terraform.io/rsrchboy/gitlabci"
    }
    gitlab = {
      source = "registry.terraform.io/gitlabhq/gitlab"
    }
  }
}

provider "gitlabci" { }
provider "gitlab"   { }

data "gitlab_project" "this" {
  id = "rsrchboy/terraform-provider-gitlabci"
}

resource "gitlabci_runner_token" "this" {
  registration_token = data.gitlab_project.this.runners_token
  locked             = true
  tags = [
    "jinx",
    "powder",
    "cupcake",
  ]
}

output "token" {
  sensitive = true
  value     = gitlabci_runner_token.this.token
}

Note how, using both the gitlab and gitlabci providers we can now register GitLab runners. The example shows us using a registration token obtained from a project data source, but terraform-provider-gitlabci doesn’t care if it’s a project, group, or even instance registration token. Additionally, while the gitlab provider does require API access, the gitlabci provider only requires a valid registration token.

Enjoy!