- Creating a new environment when a branch is created or a merge request is opened.
- Rebuilding the environment when new code is pushed to GitLab.
- Deleting the environment when a merge request is merged.
Before you begin
To manage source integrations, you need to be a project admin. You also need a GitLab repository with working code.If your GitLab instance is not accessible from the public internet, configure a GitLab CI/CD pipeline that pushes code to Upsun and manages environments via the Upsun API. This method provides full deployment control while keeping your GitLab instance isolated.
1. Generate a token
To integrate your Upsun project with an existing GitLab repository, generate a project access token. Ensure the token has the following scopes:apito access your APIread_repositoryto read the repository
To create a project access token, you need to have a sufficient GitLab license tier.
If you don’t see Access Tokens under Settings, upgrade your GitLab tier.
Alternatively, you can create a personal access token,
but that’s attached to a specific user rather than the project as a whole
and grants more permissions.
2. Enable the integration
To enable the integration, use either the CLI or the Console.- Using the CLI
- In the Console
Run the following command:
PROJECT_IDis the ID of your Upsun project.PROJECT/SUBPROJECTis the name of your repository in GitLab.GITLAB_ACCESS_TOKENis the token you generated.GITLAB_URLis the base URL for your GitLab server if you self-host. If you use the publichttps://gitlab.com, omit the--base-urlflag when running the command.
https://gitlab.com/platformsh/platformsh-docs,
the command is similar to the following:| CLI flag | Default | Description |
|---|---|---|
fetch-branches | true | Whether to mirror and update branches on Upsun and create inactive environments from them. When enabled, merging on an Upsun environment isn’t possible. That is, merging environments must be done on the source repository rather than on the Upsun project. See note below for details related to this flag and synchronizing code from a parent environment. |
prune-branches | true | Whether to delete branches from Upsun that don’t exist in the GitLab repository. When enabled, branching (creating environments) must be done on the source repository rather than on the Upsun project. Branches created on Upsun that are not on the source repository will not persist and will be quickly pruned. Automatically disabled when fetching branches is disabled. |
build-merge-requests | true | Whether to track all merge requests and create active environments from them, which builds the merge request. |
build-wip-merge-requests | true | Whether to also track and build draft merge requests. Automatically disabled when merge requests aren’t built. |
merge-requests-clone-parent-data | true | Whether to clone data from the parent environment when creating a merge request environment. |
resources-init | false | To specify a resource initialization strategy for new containers. Once set, the strategy applies to all the deployments you launch through your source integration. See more information on available resource initialization strategies. |
fetch-branches and prune-branches options.
3. Validate the integration
Verify that your integration is functioning properly using the CLI:Add the webhook manually
If the integration was added with the correct permissions, the necessary webhook is added automatically. If you see a message that the webhook wasn’t added, add one manually. To configure a webhook on a GitLab repository, you need to have Maintainer or Owner user permissions.- Get the webhook URL by running this command:
upsun integration:get --property hook_url. - Copy the returned URL.
- In your GitLab repository, click Settings > Webhooks.
- In the URL field, paste the URL you copied.
- Under Trigger, select Push events and Merge request events.
- Click Add webhook.
Environment parent and status
When a branch is created in GitLab, an environment is created in Upsun with the default branch as its parent. It starts as an inactive environment with no data or services. When a merge request is opened in GitLab, an environment is created in Upsun with the merge request’s target branch as its parent. It starts as an active environment with a copy of its parent’s data.Source of truth
When you add an integration, your GitLab repository is considered to be the source of truth for the project. Your Upsun project is only a mirror of that repository and you can only push commits to GitLab. To clone your code, follow these steps:- Using the CLI
- Using Git
Run the following command:
Sync, fetch, and prune
An integration from your source repository to Upsun establishes that:- your source repository is the source of truth, where Git operations occur
- Upsun is a mirror of that repository, provisioning infrastructure according to configuration, and orchestrating environments according to the branch structure of the your source repository repository
fetch-branches (track branches on your source repository) and prune-branches (delete branches that don’t exist on your source repository) by default.
You can change these settings but it is recommended to keep them.
When enabled by default, you are limited by design as to what actions can be performed within the context of an Upsun project with a your source repository integration:
| Action | Observation | Recommendation |
|---|---|---|
| Branch from parent | Running environment:branch with the CLI, or selecting Branch in Console produces a new child environment, but it’s deleted shortly after automatically. | Contribute to the your source repository repository itself by creating a branch and pull request. When the PR has been opened, a new environment will be provisioned for it. |
| Merge in parent | Running environment:merge with the CLI fails locally, and the Merge option in Console is not clickable. | Review and merge pull requests and/or branches on the your source repository repository. |
| Merge into child (sync code) | Running environment:synchronize with the CLI fails locally, and the Sync option in Console won’t allow you to include code in that sync. | Perform the merge locally from a matching branch on your source repository. For example, clone the most recent parent (git pull origin parent-branch), switch to the pull request branch (git checkout ga-staging), and then merge the parent into the current branch (git merge main). |
Merge request URLs
When a merge request is deployed, the integration reports the primary URL for the deployed environment. So you get a link to the deployed environment right in the merge request. If you have multiple routes, ensure the correct one is reported by specifying the primary route.Optional: use a GitLab CI/CD pipeline
If your GitLab instance is not accessible from the internet (e.g. air-gapped or behind a firewall), the GitLab integration process outlined above, based on incoming webhooks, might not be the best option to use. Instead, set up a push-based GitLab CI/CD pipeline that pushes code to Upsun and manages environments using the Upsun API. This setup allows you to:- Deploy to production on
mainbranch updates - Create preview environments for Merge Requests
- Clean up environments when branches or MRs are removed
- Keep your GitLab instance fully private