Replit has great support for GitHub, but as of now it has no built in support for GitLab. I had to do this recently so I thought I’d just make a tutorial on how I did it.
Gitlab has a couple ways to authenticate to a git repo:
HTTP:
- Personal Access Tokens (PATs)
- Deploy Tokens (read only access to repo so not really useful)
- Project Access Tokens (not available on GitLab free plan)
SSH:
If you’re working by yourself, a PAT is by far the simplest solution. Put it in a secret and configure git like you would for any other HTTP based auth method with an env var: (replace <GITLAB USERNAME>
and <ENV VAR NAME>
)
[credential]
helper = "!f() { echo \"username=<GITLAB USERNAME>\"; echo \"password=${<ENV VAR NAME>}\"; }; f"
If you’re working in a group (multiplayer repl) things get a little more complicated. Using a PAT would give everyone in the repl access to your entire GitLab account, and Project Access Tokens (scoped to one project) aren’t available on the free plan. The best solution I found was to set up SSH and use a deploy key.
- Add
pkgs.openssh
toreplit.nix
- Generate an SSH keypair (preferably don’t do this on replit just in case deleted files can be recovered)
- Run
ssh-keygen -t ed25519 -f gitlab_key
- Get the private key into a replit secret (I’ll use
GITLAB_KEY
). Make sure you preserve the newlinesPaste the output of
awk -v ORS='\\n' '1' gitlab_key
into the secret JSON editor - Verify it worked:
echo "$GITLAB_KEY"
should print the key correctly with actual newlines - Upload the pubkey to GitLab (paste the contents of
gitlab_key.pub
into Settings > Repository > Deploy keys). Make sure to grant write perms
- Run
- Make the SSH agent start on repl boot: (add to .replit)
onBoot = ["bash", "-c", "eval `/nix/store/mpaapj377c886qdfk90rhkm6q349w8dh-openssh-9.3p1/bin/ssh-agent`"]
I wasn’t able to figure out how to not specify the full path here. Very few env vars are present at
onBoot
- Create an SSH wrapper script that adds the key to the agent if necessary and makes ssh use said agent
`ssh-env.sh`
#!/bin/bash
# Find out where the SSH agent socket it
SSH_AUTH_SOCK=$(find /tmp/ -iwholename "/tmp/ssh-*/agent.*")
export SSH_AUTH_SOCK
# Make ssh dir
mkdir -p ~/.ssh
# Add ssh key from environment variable
# ssh-add -l returns non zero exit code if no keys are present
if ! ssh-add -l &> /dev/null; then
echo "Adding SSH key to agent"
ssh-add - &> /dev/null <<< "$GITLAB_KEY"
fi
# Add gitlab fingerprint
if [ ! -f ~/.ssh/known_hosts ]; then
echo "Adding Gitlab fingerprint to known hosts"
echo "gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf" > ~/.ssh/known_hosts
fi
# Forward to ssh
ssh "$@"
- Configure git to use this SSH wrapper instead of normal ssh:
git config core.sshCommand "$REPL_HOME/env-ssh.sh"
- Add a remote:
git remote add origin git@gitlab.com:group/project
- Run
git fetch
. If you get no output, everything worked! Commit and push like normal