From b927bafe6888bf75e46e84a7e70d9bad65b72f11 Mon Sep 17 00:00:00 2001
From: Kabiru Mwenja <hey@akabiru.me>
Date: Fri, 1 Mar 2024 17:21:20 +0300
Subject: [PATCH] [Op#53021] Define Gitlab CE local docker compose setup with
 TLS (#14846)

* Ops[Op#53021]: Define Gitlab community edition docker compose

https://community.openproject.org/work_packages/53021

Co-authored-by: Andreas Pfohl <a.pfohl@openproject.com>

* chore[Op#53021]: Allow for override in case of MacOS setup

* chore[Op#53021]: Include aliases in tls docker compose override

* docs[Op#53021]: Add some documentation for running the gitlab docker service

* docs[Op#53021]: amend typos

* docs[Op#53021]: Add helper documentation on resetting root password

---------

Co-authored-by: Andreas Pfohl <a.pfohl@openproject.com>
---
 docker/dev/gitlab/.gitignore                  |  1 +
 docker/dev/gitlab/docker-compose.yml          | 37 +++++++++++++++++++
 .../tls/docker-compose.override.example.yml   |  2 +
 .../development-environment-docker/README.md  | 37 ++++++++++++++++++-
 4 files changed, 75 insertions(+), 2 deletions(-)
 create mode 100644 docker/dev/gitlab/.gitignore
 create mode 100644 docker/dev/gitlab/docker-compose.yml

diff --git a/docker/dev/gitlab/.gitignore b/docker/dev/gitlab/.gitignore
new file mode 100644
index 000000000000..7376571d14b8
--- /dev/null
+++ b/docker/dev/gitlab/.gitignore
@@ -0,0 +1 @@
+docker-compose.override.yml
diff --git a/docker/dev/gitlab/docker-compose.yml b/docker/dev/gitlab/docker-compose.yml
new file mode 100644
index 000000000000..7389f4ed4ebc
--- /dev/null
+++ b/docker/dev/gitlab/docker-compose.yml
@@ -0,0 +1,37 @@
+version: "3.9"
+
+services:
+  gitlab:
+    image: gitlab/gitlab-ce:latest
+    restart: no
+    volumes:
+      - gitlab-etc:/etc/gitlab
+      - gitlab-logs:/var/log/gitlab
+      - gitlab-opt:/var/opt/gitlab
+      # Linux
+      - /etc/ssl/certs:/etc/ssl/certs:ro
+      - /usr/local/share/ca-certificates:/usr/local/share/ca-certificates:ro
+      # In case of MacOS, you need to mount the certs from the host machine
+      # having them previously bundled via `sudo update-ca-certificates`
+      #
+      # - ~/.step/certs:/etc/ssl/certs
+      # - ~/.step/certs:/usr/local/share/ca-certificates
+    networks:
+      - external
+    extra_hosts:
+      - "openproject.local:host-gateway"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.gitlab.rule=Host(`gitlab.local`)"
+      - "traefik.http.routers.gitlab.entrypoints=websecure"
+      - "traefik.http.services.gitlab.loadbalancer.server.port=80"
+
+volumes:
+  gitlab-etc:
+  gitlab-logs:
+  gitlab-opt:
+
+networks:
+  external:
+    name: gateway
+    external: true
diff --git a/docker/dev/tls/docker-compose.override.example.yml b/docker/dev/tls/docker-compose.override.example.yml
index c269a76de13b..5fb18ee2c47c 100644
--- a/docker/dev/tls/docker-compose.override.example.yml
+++ b/docker/dev/tls/docker-compose.override.example.yml
@@ -8,3 +8,5 @@ services:
           # by connecting to them, and we'd like it to go through traefik, instead
           # of calling the service containers directly.
           - openproject.local
+          - nextcloud.local
+          - gitlab.local
diff --git a/docs/development/development-environment-docker/README.md b/docs/development/development-environment-docker/README.md
index 29e670610120..ffa759efbe7a 100644
--- a/docs/development/development-environment-docker/README.md
+++ b/docs/development/development-environment-docker/README.md
@@ -99,7 +99,7 @@ cp docker-compose.override.example.yml docker-compose.override.yml
 # and will install all required server dependencies
 docker compose run --rm backend setup
 
-# This will install the web dependencies 
+# This will install the web dependencies
 docker compose run --rm frontend npm install
 ```
 
@@ -307,7 +307,7 @@ On Debian, you need to add the generated root CA to system certificates bundle.
 docker compose --project-directory docker/dev/tls cp \
  step:/home/step/certs/root_ca.crt /usr/local/share/ca-certificates/OpenProject_Development_Root_CA.crt
 
-# Create symbolic link   
+# Create symbolic link
 ln -s /usr/local/share/ca-certificates/OpenProject_Development_Root_CA.crt /etc/ssl/certs/OpenProject_Development_Root_CA.pem
 
 # Update certificate bundle
@@ -394,6 +394,39 @@ docker compose --project-directory docker/dev/tls down
 docker compose --project-directory docker/dev/tls up -d
 ```
 
+## GitLab CE Service
+
+Within `docker/dev/gitlab` a compose file is provided for running local Gitlab instance with TLS support. This provides
+a production like environment for testing the OpenProject GitLab integration against a community edition GitLab instance
+accessible on `https://gitlab.local`.
+
+> NOTE: Configure [TLS Support](#tls-support) first before starting the GitLab service
+
+See [Install GitLab using Docker Compose](https://docs.gitlab.com/ee/install/docker.html#install-gitlab-using-docker-compose)
+official GitLab documentation.
+
+### Running the GitLab Instance
+
+Start up the docker compose service for gitlab as follows:
+
+```shell
+docker compose --project-directory docker/dev/gitlab up -d
+```
+
+### Initial password
+
+Once the GitLab service is started and running, you can access the initial `root` user password as follows:
+
+```shell
+docker compose --project-directory docker/dev/gitlab exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
+```
+
+Should you need to reset your root password, execute the following command:
+
+```shell
+docker compose --project-directory docker/dev/gitlab exec -it gitlab gitlab-rake "gitlab:password:reset[root]"
+```
+
 ## Local files
 
 Running the docker images will change some of your local files in the mounted code directory. The