Skip to content

sudo-terraform-modules/terraform-gitlab-projects

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
examples
examples
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

GitLab Projects Terraform Module

A security-first Terraform module for creating and managing GitLab projects. It is designed for quick project creation using only name and namespace_id, while applying secure defaults across visibility, access levels, CI/CD, and feature toggles.

Features

  • Security-first defaults for access levels, visibility, and CI/CD policies
  • Full project configuration via optional variables
  • Project membership management with simple lists or advanced custom members
  • Push rules support (enabled by default)
  • Optional branch protection management
  • Comprehensive outputs for easy integration

Usage

Minimal (security-first defaults)

module "secure_project" {
  source  = "sudo-terraform-modules/projects/gitlab"
  version = "0.1.0"

  name         = "platform-api"
  namespace_id = 12345
}

With Members

module "project_with_members" {
  source  = "sudo-terraform-modules/projects/gitlab"
  version = "0.1.0"

  name         = "backend-service"
  namespace_id = 12345

  owners      = [101]
  maintainers = [201, 202]
  developers  = [301, 302]
  reporters   = [401]
  guests      = [501]

  members = {
    contractor_1 = {
      user_id      = 600
      access_level = "developer"
      expires_at   = "2026-12-31"
    }
  }
}

Advanced Security Overrides

module "hardened_project" {
  source  = "sudo-terraform-modules/projects/gitlab"
  version = "0.1.0"

  name         = "payment-processing"
  namespace_id = 12345

  visibility_level = "private"
  forking_access_level = "disabled"
  shared_runners_enabled = false
  emails_enabled = false

  push_rules = {
    prevent_secrets         = true
    commit_committer_check  = true
    member_check            = true
    reject_unsigned_commits = true
    deny_delete_tag         = true
  }

  enable_default_branch_protection = true
  default_branch_protection = {
    push_access_level  = "maintainer"
    merge_access_level = "maintainer"
  }
}

Security-First Defaults

When only name and namespace_id are provided, the module defaults to:

  • Private visibility
  • Forking disabled
  • Wiki/snippets/pages disabled
  • Shared runners disabled
  • Email notifications disabled
  • Merge requires successful pipeline and resolved discussions
  • Push rules enabled (secrets protection, member checks, unsigned commit rejection)

Inputs & Outputs

This module exposes most gitlab_project attributes. See the full list in:

Branch Protection Note

GitLab creates default branch protection automatically. If you set enable_default_branch_protection = true, ensure that default protection is managed or removed to avoid conflicts.

Requirements

  • Terraform >= 1.3.0
  • GitLab Provider ~> 18.6

License

Apache-2.0. See LICENSE.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

Release v0.1.0 Latest
Feb 5, 2026

Packages

 
 
 

Contributors

Languages