Connecting GitLab and Pantheon –– in 2023

Posted on by abitofbrit

I was tasked with connecting our GitLab repos to the Pantheon repos, and I came across this article: How to connect GitLab and Pantheon to streamline Drupal and WordPress workflows. Definitely a great how-to! I had to do a bit of reworking ’cause both GitLab and Pantheon have made some updates in the four years since this article was written… but I finally got it working! 🎉

Here are some of the adjustments I had to make:

  • This may seem rather small, but it tripped me up – GitLab’s default branch is now called main not master, so when I pushed the Pantheon dev code to my GitLab repo, it added a new branch. For consistency’s sake, I changed the master branch to my default branch.
  • In the before_script, before you can can run the ssh-agent and git commands, you need to install them. I also received an error that the permissions for my SSH_PRIVATE_KEY were too open, so I needed to change the permissions. Changed the permissions on the $HOME/.ssh directory, as well. Here’s where I landed for my full before_script:

    - 'which ssh-agent || ( apk update && apk add openssh )'
    - apk update && apk add git

    - eval $(ssh-agent -s)
    - mkdir -p $HOME/.ssh && echo "StrictHostKeyChecking no" >> "$HOME/.ssh/config"
    - chmod 700 $HOME/.ssh
    - chmod 600 $SSH_PRIVATE_KEY
    - ssh-add $SSH_PRIVATE_KEY

    - git config --global user.email "$GITLAB_USER_EMAIL"
    - git config --global user.name "Gitlab CI"

  • NOTE: GitLab variables default to Protected, and protected variables only work on protected branches and jobs, so for them to work with the deploy:multidev job, you can either disable the Protected flag on the variable or add a “protected” tag to the job. I legit spent 4+ hours hitting my head against the wall because of this!
  • When the runner starts the build, the latest commit detaches from HEAD, so you need to go back to your master branch before you can push to the master dev branch on Pantheon. The script now looks like this:

    - git checkout master
    - git remote add pantheon $PANTHEON_GIT_URL
    - git push pantheon master --force

  • Ran into a similar issue on deploy:multidev; I found out the hard way that too many commits creates a shallow branch, and Pantheon doesn’t permit pushing from a shallow branch. Needed to add git fetch --unshallow in the multidev-deploy.sh file before checking out my merge request source branch.
  • Last but not least, I updated the Dockerfile to have the latest version of composer and require the latest version of terminus, so it looks like this:

    # Use the official Composer image as a parent image
    FROM composer:2.5.1

    # Update/upgrade apk
    RUN apk update
    RUN apk upgrade

    # Make the Terminus directory
    RUN mkdir -p /usr/local/share/terminus

    # Install Terminus 3.x with Composer
    RUN /usr/bin/env COMPOSER_BIN_DIR=/usr/local/bin composer -n --working-dir=/usr/local/share/terminus require pantheon-systems/terminus:"^3"

Hope I could help a few folks! 😊