In the project selector in the top bar, select your Google Cloud project.
ClickCreate host connectionto connect a new host to Cloud Build.
On the left panel, selectGitLabas your source provider.
In theConfigure Connectionsection, enter the following information:
Region: Select a region for your connection.
Name: Enter a name for your connection.
In theHost detailssection, select or enter the following
information:
GitLab provider: SelectGitLab.comas your provider.
In thePersonal access tokenssection, enter the following information:
API access token: Enter the token with theapiscope access. This
token is used for connecting and disconnecting repositories.
Read API access token: Enter the token with theread_apiscope
access. Cloud Build triggers use this token to access source
code in repositories.
ClickConnect.
After clicking theConnectbutton, your personal access tokens are securely stored in Secret Manager. Following
host connection, Cloud Build also creates a webhook secret
on your behalf. You can view and manage your secrets on theSecret Managerpage.
You have now successfully created a GitLab connection.
gcloud
Prior to connecting your GitLab host to Cloud Build,
complete the following steps to store your credentials:
If you store your secrets in a different Google Cloud project than the one you plan
to use to create a host connection, enter the following command to grant your project
access to the Cloud Build service agent:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis guide explains the process of connecting a GitLab host to Cloud Build, enabling automated build processes.\u003c/p\u003e\n"],["\u003cp\u003eBefore connecting, you must enable the Cloud Build and Secret Manager APIs, and in GitLab, create personal access tokens with \u003ccode\u003eapi\u003c/code\u003e and \u003ccode\u003eread_api\u003c/code\u003e scopes.\u003c/p\u003e\n"],["\u003cp\u003eYou can connect your GitLab host through the Google Cloud console by providing necessary details such as connection name, region, GitLab provider, and personal access tokens.\u003c/p\u003e\n"],["\u003cp\u003eAlternatively, use the \u003ccode\u003egcloud\u003c/code\u003e command-line tool to connect by storing your credentials in Secret Manager and running the \u003ccode\u003egcloud builds connections create gitlab\u003c/code\u003e command with required parameters.\u003c/p\u003e\n"],["\u003cp\u003eAfter establishing the connection, you can proceed to connect a GitLab repository and integrate Cloud Build with your GitLab pipeline for CI/CD workflows.\u003c/p\u003e\n"]]],[],null,["# Connect to a GitLab host\n\nThis page explains how to connect a [GitLab](https://about.gitlab.com/) host\nto Cloud Build.\n\nBefore you begin\n----------------\n\n-\n\n\n Enable the Cloud Build and Secret Manager APIs.\n\n\n [Enable the APIs](https://console.cloud.google.com/flows/enableapi?apiid=cloudbuild.googleapis.com,secretmanager.googleapis.com&redirect=https://cloud.google.com/build/docs/automating-builds/gitlab/connect-host-gitlab)\n\nConnect to a GitLab host\n------------------------\n\nBefore creating a host connection for your GitLab instance,\nyou must create personal access tokens in GitLab by completing the following steps:\n\n1. Log into your GitLab instance.\n\n2. On the GitLab page for your instance, click your avatar in the upper-right corner.\n\n3. Click **Edit profile**.\n\n4. On the left sidebar, select **Access tokens**.\n\n You see the [Personal Access Tokens](https://gitlab.com/-/profile/personal_access_tokens) page.\n5. Create an access token with the `api` scope to use for connecting and disconnecting repositories.\n\n6. Create an access token with the `read_api` scope\n to ensure Cloud Build repositories can access source code in repositories.\n\n | **Note:** In addition to [personal access tokens](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html), you can also use [project access tokens](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html). If your GitLab version is 14.2 or higher, you can also use [group access tokens](https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html). If you use project or group access tokens, select the `Maintainer` role to ensure a successful connection.\n\n### Console\n\nTo connect your GitLab host to Cloud Build:\n\n1. Open the **Repositories** page in the Google Cloud console.\n\n [Open the Repositories page](https://console.cloud.google.com/cloud-build/repositories)\n\n You see the **Repositories** page.\n2. At the top of the page, select the **2nd gen** tab.\n\n3. In the project selector in the top bar, select your Google Cloud project.\n\n4. Click **Create host connection** to connect a new host to Cloud Build.\n\n5. On the left panel, select **GitLab** as your source provider.\n\n6. In the **Configure Connection** section, enter the following information:\n\n 1. **Region**: Select a region for your connection.\n\n | **Note:** You must specify a region. Your connection cannot exist globally.\n 2. **Name**: Enter a name for your connection.\n\n7. In the **Host details** section, select or enter the following\n information:\n\n 1. **GitLab provider** : Select **GitLab.com** as your provider.\n8. In the **Personal access tokens** section, enter the following information:\n\n 1. **API access token** : Enter the token with the `api` scope access. This\n token is used for connecting and disconnecting repositories.\n\n 2. **Read API access token** : Enter the token with the `read_api` scope\n access. Cloud Build triggers use this token to access source\n code in repositories.\n\n9. Click **Connect**.\n\n After clicking the **Connect** button, your personal access tokens are securely stored in Secret Manager. Following\n host connection, Cloud Build also creates a webhook secret\n on your behalf. You can view and manage your secrets on the\n [Secret Manager](https://console.cloud.google.com/security/secret-manager) page.\n\nYou have now successfully created a GitLab connection.\n\n### gcloud\n\nPrior to connecting your GitLab host to Cloud Build,\ncomplete the following steps to store your credentials:\n\n1. [Store your token in Secret Manager](/../secret-manager/docs/creating-and-accessing-secrets).\n\n2. [Create a webhook secret in Secret Manager](/build/docs/automate-builds-webhook-events) by running\n the following command:\n\n cat /proc/sys/kernel/random/uuid | tr -d '\\n' | gcloud secrets create my-gle-webhook-secret --data-file=-\n\n3. If you store your secrets in a different Google Cloud project than the one you plan\n to use to create a host connection, enter the following command to grant your project\n access to the Cloud Build service agent:\n\n PN=$(gcloud projects describe \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e --format=\"value(projectNumber)\")\n CLOUD_BUILD_SERVICE_AGENT=\"service-${PN}@gcp-sa-cloudbuild.iam.gserviceaccount.com\"\n gcloud projects add-iam-policy-binding \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e \\\n --member=\"serviceAccount:${CLOUD_BUILD_SERVICE_AGENT}\" \\\n --role=\"roles/secretmanager.admin\"\n\n Where:\n - \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e is your Google Cloud project ID.\n\nYou can now proceed to connect your GitLab host to\nCloud Build.\n\nComplete the following steps:\n\nTo connect your GitLab host to Cloud Build:\n\n1. Enter the following command to create a GitLab connection:\n\n gcloud builds connections create gitlab \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-n\"\u003eCONNECTION_NAME\u003c/span\u003e\u003c/var\u003e \\\n --host-uri=\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-n\"\u003eHOST_URI\u003c/span\u003e\u003c/var\u003e \\\n --project=\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-n\"\u003ePROJECT_ID\u003c/span\u003e\u003c/var\u003e \\\n --region=\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-n\"\u003eREGION\u003c/span\u003e\u003c/var\u003e \\\n --authorizer-token-secret-version=projects/\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-n\"\u003ePROJECT_ID\u003c/span\u003e\u003c/var\u003e/secrets/\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-n\"\u003eAPI_TOKEN\u003c/span\u003e\u003c/var\u003e/versions/\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-n\"\u003eSECRET_VERSION\u003c/span\u003e\u003c/var\u003e \\\n --read-authorizer-token-secret-version=projects/\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-n\"\u003ePROJECT_ID\u003c/span\u003e\u003c/var\u003e/secrets/\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-n\"\u003eREAD_TOKEN\u003c/span\u003e\u003c/var\u003e/versions/\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-n\"\u003eSECRET_VERSION\u003c/span\u003e\u003c/var\u003e \\\n --webhook-secret-secret-version=projects/\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-n\"\u003ePROJECT_ID\u003c/span\u003e\u003c/var\u003e/secrets/\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-n\"\u003eWEBHOOK_SECRET\u003c/span\u003e\u003c/var\u003e/versions/\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-n\"\u003eSECRET_VERSION\u003c/span\u003e\u003c/var\u003e\n\n Where:\n - \u003cvar translate=\"no\"\u003eCONNECTION_NAME\u003c/var\u003e is a name for your GitLab host connection in Cloud Build.\n - \u003cvar translate=\"no\"\u003eHOST_URI\u003c/var\u003e is the URI of your GitLab instance. For example, `https://my-gle-server.net`.\n - \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e is your Google Cloud project ID.\n - \u003cvar translate=\"no\"\u003eREGION\u003c/var\u003e is the [region](/build/docs/locations) for your connection.\n - \u003cvar translate=\"no\"\u003eAPI_TOKEN\u003c/var\u003e is the name of your token with `api`scope.\n - \u003cvar translate=\"no\"\u003eREAD_TOKEN\u003c/var\u003e is the name of your token with `read_api`scope.\n - \u003cvar translate=\"no\"\u003eSECRET_VERSION\u003c/var\u003e is the version of your secret.\n - \u003cvar translate=\"no\"\u003eWEBHOOK_SECRET\u003c/var\u003e is your webhook secret.\n\nYou have now successfully created a GitLab connection.\n\nWhat's next\n-----------\n\n- Learn how to [connect a GitLab repository](/build/docs/automating-builds/gitlab/connect-repo-gitlab).\n- Learn how to build and deploy your workloads to Google Cloud using Google-managed CI/CD components in your GitLab pipeline. See [GitLab on Google Cloud](/docs/gitlab)."]]
