Using Gitlab with Replit

Replit has great support for GitHub, but as of now it has no built in support for GitLab. I had to do this recently so I thought I’d just make a tutorial on how I did it.

Gitlab has a couple ways to authenticate to a git repo:

HTTP:

SSH:

If you’re working by yourself, a PAT is by far the simplest solution. Put it in a secret and configure git like you would for any other HTTP based auth method with an env var: (replace <GITLAB USERNAME> and <ENV VAR NAME>)

[credential]
  helper = "!f() { echo \"username=<GITLAB USERNAME>\"; echo \"password=${<ENV VAR NAME>}\"; }; f"

If you’re working in a group (multiplayer repl) things get a little more complicated. Using a PAT would give everyone in the repl access to your entire GitLab account, and Project Access Tokens (scoped to one project) aren’t available on the free plan. The best solution I found was to set up SSH and use a deploy key.

  1. Add pkgs.openssh to replit.nix
  2. Generate an SSH keypair (preferably don’t do this on replit just in case deleted files can be recovered)
    • Run ssh-keygen -t ed25519 -f gitlab_key
    • Get the private key into a replit secret (I’ll use GITLAB_KEY). Make sure you preserve the newlines

      Paste the output of awk -v ORS='\\n' '1' gitlab_key into the secret JSON editor

    • Verify it worked: echo "$GITLAB_KEY" should print the key correctly with actual newlines
    • Upload the pubkey to GitLab (paste the contents of gitlab_key.pub into Settings > Repository > Deploy keys). Make sure to grant write perms
  3. Make the SSH agent start on repl boot: (add to .replit)
    onBoot = ["bash", "-c", "eval `/nix/store/mpaapj377c886qdfk90rhkm6q349w8dh-openssh-9.3p1/bin/ssh-agent`"]
    

    I wasn’t able to figure out how to not specify the full path here. Very few env vars are present at onBoot

  4. Create an SSH wrapper script that adds the key to the agent if necessary and makes ssh use said agent
`ssh-env.sh`
#!/bin/bash

# Find out where the SSH agent socket it
SSH_AUTH_SOCK=$(find /tmp/ -iwholename "/tmp/ssh-*/agent.*")

export SSH_AUTH_SOCK

# Make ssh dir
mkdir -p ~/.ssh

# Add ssh key from environment variable
# ssh-add -l returns non zero exit code if no keys are present
if ! ssh-add -l &> /dev/null; then
 echo "Adding SSH key to agent"
 ssh-add - &> /dev/null <<< "$GITLAB_KEY"
fi

# Add gitlab fingerprint
if [ ! -f ~/.ssh/known_hosts ]; then
 echo "Adding Gitlab fingerprint to known hosts"
 echo "gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf" > ~/.ssh/known_hosts
fi

# Forward to ssh
ssh "$@"
  1. Configure git to use this SSH wrapper instead of normal ssh:
    git config core.sshCommand "$REPL_HOME/env-ssh.sh"
  2. Add a remote: git remote add origin git@gitlab.com:group/project
  3. Run git fetch. If you get no output, everything worked! Commit and push like normal
4 Likes