GitLab Integration
Add signed approval checks to GitLab merge requests using OAuth and commit statuses.
The GitLab integration connects your GitLab instance (gitlab.com or self-managed) to SignedApproval via OAuth. When a merge request targets a configured branch, a commit status is created that blocks merging until a human provides cryptographic approval.
GitLab connections, project configs, and commit status mappings are stored in signedapproval_gitlab_connections, signedapproval_gitlab_repo_configs, and signedapproval_gitlab_commit_statuses.
Connect your GitLab account
Go to Dashboard → Settings → Integrations → GitLab and click Connect GitLab. You'll be redirected to GitLab's OAuth authorization page.
Grant SignedApproval the requested permissions (API access for commit statuses and merge requests).
Select projects
After connecting, your GitLab projects will be listed. Select which projects require SignedApproval checks and configure per-project settings:
- Branch patterns — Which target branches require approval
- Auto-merge — Automatically merge MRs after all approvals are received
- Quorum — Number of approvals required
Configure GitLab merge checks
In GitLab's project settings under Merge requests, enable "Pipelines must succeed" and ensure SignedApproval's external status is included. This prevents merging without a valid approval.
Merge Request Flow
- Developer creates or updates a merge request.
- GitLab sends a webhook event to SignedApproval.
- SignedApproval sets a "pending" commit status on the MR's head SHA.
- An approval request is created, and the approver is notified.
- The approver authenticates and decides.
- The commit status is updated to "success" or "failed".
Self-Managed GitLab
If you run a self-managed GitLab instance, SignedApproval can connect to it as long as your instance is accessible from the internet (for webhooks). Configure the GitLab OAuth application on your instance with the redirect URI pointing to https://signedapproval.net/api/v1/integrations/gitlab/callback.