GitLab
Overview
GitLab integration requires two things:
- An OAuth application for user authentication
- Webhooks per project or group for merge request events
Unlike GitHub Apps, GitLab also requires users to provide an access token (group, project, or personal) for repository access. Users are asked to add this in the dashboard when adding a GitLab organization.
Create OAuth Application
The OAuth application can be created as a user-level, group-level, or instance-level application depending on your setup:
- User: gitlab.com/-/profile/applications
- Group:
Settings > Applicationsin your GitLab group - Instance (self-hosted):
Admin > Applications
| Setting | Value |
|---|---|
| Name | Reviewate |
| Redirect URI | https://your-domain.com/api/auth/callback/gitlab |
| Confidential | Yes |
| Scopes | read_user, read_api |
After creating the application, note the Application ID and Secret. These are used for OAuth authentication — users log into the Reviewate dashboard via GitLab.
Configure Webhooks
Webhooks can be set up per project, per group (applies to all projects in the group), or as system hooks on self-hosted instances.
Per Project
Go to Settings > Webhooks in your GitLab project:
| Setting | Value |
|---|---|
| URL | https://your-domain.com/webhooks/gitlab/mr |
| Secret token | Generate a random string |
| Trigger | Merge request events |
Per Group
Go to Settings > Webhooks in your GitLab group to cover all projects:
| Setting | Value |
|---|---|
| URL | https://your-domain.com/webhooks/gitlab/mr |
| Secret token | Use the same secret as above |
| Trigger | Merge request events |
System Hooks (Self-Hosted GitLab)
On self-hosted GitLab instances, system hooks (Admin > System Hooks) can also be used. This is commonly used on self-hosted instances to cover all projects without configuring individual webhooks.
Configure Environment Variables
Add to your .env:
GITLAB_CLIENT_ID=<application ID>
GITLAB_CLIENT_SECRET=<application secret>
GITLAB_WEBHOOK_SECRET=<your webhook secret>
# Default: https://gitlab.com/api/v4
# For self-hosted GitLab, set your instance API URL:
# GITLAB_API_URL=https://gitlab.yourcompany.com/api/v4
Self-Hosted GitLab
For self-hosted GitLab instances, set the API URL:
GITLAB_API_URL=https://gitlab.yourcompany.com/api/v4
Access Token Requirement
Each user who connects a GitLab repository needs to provide an access token. This can be a group token, project token, or personal access token with:
- Scope:
api(read and write) - Role: at least Reporter
- Suggested name:
Reviewate
This is required because GitLab OAuth tokens don't provide sufficient repository access for code review. Users will be prompted to add their token when they first connect a GitLab repository in the dashboard.