Flow configuration examples
- Tier: Ultimate
- Add-on: GitLab Duo Core, Pro, or Enterprise, GitLab Duo with Amazon Q
- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
- Status: Experiment
Use the following examples to create your flow configuration. These examples contain the following variables:
AI_FLOW_CONTEXT: the JSON-serialized parent object, including:- In merge requests, the diff and comments (up to a limit)
- In issues or epics, the comments (up to a limit)
$AI_FLOW_EVENT: the type of flow event (for example,mention)$AI_FLOW_INPUT: the prompt the user enters as a comment in the merge request, issue, or epic
Integrated with GitLab
The following agents are integrated with GitLab and available on GitLab.com.
Amazon Q
Instead of hard-coding your AWS credentials, store them in the AWS Secrets Manager. Then you can reference them in your YAML file.
Create an IAM user that does not have console access.
Generate an access key pair for programmatic access.
In the same AWS account where GitLab Runner is hosted, create a secret in AWS Secrets Manager. Use the following JSON format:
{ "q-cli-access-token": {"AWS_ACCESS_KEY_ID": "AKIA...", "AWS_SECRET_ACCESS_KEY": "abc123..."} }Important: Replace the placeholder values with your actual access key ID and secret access key.
Grant the GitLab Runner IAM role permission to access AWS Secrets Manager.
Create a flow configuration file like the following.
image: node:22-slim
commands:
- echo "Installing glab"
- mkdir --parents ~/.aws/amazonq
- echo $MCP_CONFIG > ~/.aws/amazonq/mcp.json
- export GITLAB_TOKEN=$GITLAB_TOKEN_AMAZON_Q
- apt-get update --quiet && apt-get install --quiet --yes curl wget gpg git unzip && rm --recursive --force /var/lib/apt/lists/*
- curl --silent --show-error --location "https://raw.githubusercontent.com/upciti/wakemeops/main/assets/install_repository" | bash
- apt-get install --yes glab
- echo "Installing Python"
- curl --location --silent --show-error --fail "https://astral.sh/uv/install.sh" | sh
- export PATH="$HOME/.local/bin:$PATH"
- uv python install 3.12 --default
- TEMP_DIR=$(mktemp -d)
- cd "$TEMP_DIR"
- echo "Installing AWS cli"
- curl --proto '=https' --tlsv1.2 --silent --show-error --fail "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" --output "awscliv2.zip"
- unzip -qq awscliv2.zip
- ./aws/install
- echo "Installing jq"
- apt-get install --yes jq
- echo "Installing q client"
- curl --proto '=https' --tlsv1.2 --silent --show-error --fail "https://desktop-release.q.us-east-1.amazonaws.com/latest/q-x86_64-linux.zip" --output "q.zip"
- unzip -qq q.zip
- ./q/install.sh --force --no-confirm
- cd -
- rm -rf "$TEMP_DIR"
- echo "Getting AWS access token"
- |
if SECRET_JSON=$(aws secretsmanager get-secret-value --secret-id "$AWS_SECRET_NAME" --region "$AWS_REGION_NAME" --query SecretString --output text 2>/dev/null); then
export AWS_ACCESS_KEY_ID=$(echo "$SECRET_JSON" | jq -r '."q-cli-access-token" | fromjson | ."AWS_ACCESS_KEY_ID"' )
export AWS_SECRET_ACCESS_KEY=$(echo "$SECRET_JSON" | jq -r '."q-cli-access-token" | fromjson | ."AWS_SECRET_ACCESS_KEY"')
echo "Success to retrieve secret $AWS_SECRET_NAME"
else
echo "Failed to retrieve secret: $AWS_SECRET_NAME"
exit 1
fi
- echo "Configuring git"
- git config --global user.email "amazonq@gitlab.com"
- git config --global user.name "AmazonQ Code"
- git remote set-url origin https://gitlab-ci-token:$GITLAB_TOKEN_AMAZON_Q@$GITLAB_HOST/internal-test/q-words-demo.git
- echo "Running q"
- |
AMAZON_Q_SIGV4=1 q chat --trust-all-tools --no-interactive --verbose "
You are an AI assistant helping with GitLab operations.
Context: $AI_FLOW_CONTEXT
Task: $AI_FLOW_INPUT
Event: $AI_FLOW_EVENT
Please execute the requested task using the available GitLab tools.
Be thorough in your analysis and provide clear explanations.
<important>
Use the glab CLI to access data from GitLab. The glab CLI has already been authenticated. You can run the corresponding commands.
When you complete your work create a new Git branch, if you aren't already working on a feature branch, with the format of 'feature/<short description of feature>' and check in/push code.
When you check in and push code you will need to use the access token stored in GITLAB_TOKEN and the user AmazonQ Code.
Lastly, after pushing the code, if a MR doesn't already exist, create a new MR for the branch and link it to the issue using:
`glab mr create --title "<title>" --description "<desc>" --source-branch <branch> --target-branch <branch>`
If you are asked to summarize a merge request or issue, or asked to provide more information then please post back a note to the merge request / issue so that the user can see it.
</important>
"
variables:
- GITLAB_TOKEN_AMAZON_Q
- GITLAB_HOST
- AWS_SECRET_NAME
- AWS_REGION_NAME
- MCP_CONFIGAnthropic Claude
injectGatewayToken: true
image: node:22-slim
commands:
- echo "Installing claude"
- npm install --global @anthropic-ai/claude-code
- echo "Installing glab"
- export GITLAB_TOKEN=$GITLAB_TOKEN_CLAUDE
- apt-get update --quiet && apt-get install --yes curl wget gpg git && rm --recursive --force /var/lib/apt/lists/*
- curl --silent --show-error --location "https://raw.githubusercontent.com/upciti/wakemeops/main/assets/install_repository" | bash
- apt-get install --yes glab
- echo "Configuring git"
- git config --global user.email "claudecode@gitlab.com"
- git config --global user.name "Claude Code"
- echo "Configuring claude"
- export ANTHROPIC_AUTH_TOKEN=$AI_FLOW_AI_GATEWAY_TOKEN
- export ANTHROPIC_CUSTOM_HEADERS=$AI_FLOW_AI_GATEWAY_HEADERS
- export ANTHROPIC_BASE_URL="https://cloud.gitlab.com/ai/v1/proxy/anthropic"
- echo "Running claude"
- |
claude --debug --allowedTools="Bash(glab:*),Bash(git:*)" --permission-mode acceptEdits --verbose --output-format stream-json -p "
You are an AI assistant helping with GitLab operations.
Context: $AI_FLOW_CONTEXT
Task: $AI_FLOW_INPUT
Event: $AI_FLOW_EVENT
Please execute the requested task using the available GitLab tools.
Be thorough in your analysis and provide clear explanations.
<important>
Use the glab CLI to access data from GitLab. The glab CLI has already been authenticated. You can run the corresponding commands.
When you complete your work create a new Git branch, if you aren't already working on a feature branch, with the format of 'feature/<short description of feature>' and check in/push code.
When you check in and push code, you will need to use the access token stored in GITLAB_TOKEN and the user ClaudeCode.
Lastly, after pushing the code, if a merge request doesn't already exist, create a new merge request for the branch and link it to the issue using:
`glab mr create --title "<title>" --description "<desc>" --source-branch <branch> --target-branch <branch>`
If you are asked to summarize a merge request or issue, or asked to provide more information, then please post back a note to the merge request / issue so that the user can see it.
</important>
"
variables:
- GITLAB_TOKEN_CLAUDE
- GITLAB_HOSTOpenAI Codex
image: node:22-slim
injectGatewayToken: true
commands:
- echo "Installing codex"
- npm install --global @openai/codex
- echo "Installing glab"
- export OPENAI_API_KEY=$AI_FLOW_AI_GATEWAY_TOKEN
- export GITLAB_TOKEN=$GITLAB_TOKEN_CODEX
- apt-get update --quiet && apt-get install --yes curl wget gpg git && rm --recursive --force /var/lib/apt/lists/*
- curl --silent --show-error --location "https://raw.githubusercontent.com/upciti/wakemeops/main/assets/install_repository" | bash
- apt-get install --yes glab
- echo "Configuring git"
- git config --global user.email "codex@gitlab.com"
- git config --global user.name "OpenAI Codex"
- echo "Running Codex"
- |
# Parse AI_FLOW_AI_GATEWAY_HEADERS (newline-separated "Key: Value" pairs)
header_str="{"
first=true
while IFS= read -r line; do
# skip empty lines
[ -z "$line" ] && continue
key="${line%%:*}"
value="${line#*: }"
if [ "$first" = true ]; then
first=false
else
header_str+=", "
fi
header_str+="\"$key\" = \"$value\""
done <<< "$AI_FLOW_AI_GATEWAY_HEADERS"
header_str+="}"
codex exec \
--config 'model_provider="gitlab"' \
--config 'model_providers.gitlab.name="GitLab Managed Codex"' \
--config 'model_providers.gitlab.base_url="https://cloud.gitlab.com/ai/v1/proxy/openai/v1"' \
--config 'model_providers.gitlab.env_key="OPENAI_API_KEY"' \
--config 'model_providers.gitlab.wire_api="responses"' \
--config "model_providers.gitlab.http_headers=${header_str}" \
--config shell_environment_policy.ignore_default_excludes=true \
--dangerously-bypass-approvals-and-sandbox "
You are an AI assistant helping with GitLab operations.
Context: $AI_FLOW_CONTEXT
Task: $AI_FLOW_INPUT
Event: $AI_FLOW_EVENT
Please execute the requested task using the available GitLab tools.
Be thorough in your analysis and provide clear explanations.
<important>
Use the glab CLI to access data from GitLab. The glab CLI has already been authenticated. You can run the corresponding commands.
When you complete your work create a new Git branch, if you aren't already working on a feature branch, with the format of 'feature/<short description of feature>' and check in/push code.
When you check in and push code, you will need to use the access token stored in GITLAB_TOKEN and the user Codex.
Lastly, after pushing the code, if a merge request doesn't already exist, create a new merge request for the branch and link it to the issue using:
glab mr create --title \"<title>\" --description \"<desc>\" --source-branch \"<branch>\" --target-branch \"<branch>\"
If you are asked to summarize a merge request or issue, or asked to provide more information then please post back a note to the merge request / issue so that the user can see it.
</important>
"
variables:
- GITLAB_TOKEN_CODEX
- GITLAB_HOSTGoogle Gemini CLI
image: node:22-slim
commands:
- echo "Installing glab"
- export GITLAB_TOKEN=$GITLAB_TOKEN_GEMINI
- apt-get update --quiet && apt-get install --yes curl wget gpg git unzip && rm --recursive --force /var/lib/apt/lists/*
- curl --silent --show-error --location "https://raw.githubusercontent.com/upciti/wakemeops/main/assets/install_repository" | bash
- apt-get install --yes glab
- echo "Installing gemini client"
- npm install --global @google/gemini-cli
- echo $GOOGLE_CREDENTIALS > /root/credentials.json
- echo "Configuring git"
- git config --global user.email "gemini@gitlab.com"
- git config --global user.name "Gemini"
- echo "Running gemini"
- |
GOOGLE_GENAI_USE_VERTEXAI=true GOOGLE_APPLICATION_CREDENTIALS=/root/credentials.json gemini --yolo --debug --prompt "
You are an AI assistant helping with GitLab operations.
Context: $AI_FLOW_CONTEXT
Task: $AI_FLOW_INPUT
Event: $AI_FLOW_EVENT
Please execute the requested task using the available GitLab tools.
Be thorough in your analysis and provide clear explanations.
<important>
Use the glab CLI to access data from GitLab. The glab CLI has already been authenticated. You can run the corresponding commands.
When you complete your work create a new Git branch, if you aren't already working on a feature branch, with the format of 'feature/<short description of feature>' and check in/push code.
When you check in and push code you will need to use the access token stored in GITLAB_TOKEN and the user Gemini.
Lastly, after pushing the code, if a merge request doesn't already exist, create a new merge request for the branch and link it to the issue using:
`glab mr create --title "<title>" --description "<desc>" --source-branch <branch> --target-branch <branch>`
If you are asked to summarize a merge request or issue, or asked to provide more information then please post back a note to the merge request / issue so that the user can see it.
</important>
"
variables:
- GITLAB_TOKEN_GEMINI
- GITLAB_HOST
- GOOGLE_CREDENTIALS
- GOOGLE_CLOUD_PROJECT
- GOOGLE_CLOUD_LOCATIONBring your own keys
The following integrations require you to bring your own key to authenticate with your model from GitLab.
Opencode
image: node:22-slim
commands:
- echo "Installing opencode"
- npm install --global opencode-ai
- echo "Installing glab"
- export GITLAB_TOKEN=$GITLAB_TOKEN_OPENCODE
- apt-get update --quiet && apt-get install --yes curl wget gpg git && rm --recursive --force /var/lib/apt/lists/*
- curl --silent --show-error --location "https://raw.githubusercontent.com/upciti/wakemeops/main/assets/install_repository" | bash
- apt-get install --yes glab
- echo "Configuring glab"
- echo $GITLAB_HOST
- echo "Creating opencode auth configuration"
- echo "Configuring git"
- git config --global user.email "opencode@gitlab.com"
- git config --global user.name "Opencode"
- echo "Testing glab"
- glab issue list
- echo "Running Opencode"
- |
opencode run "
You are an AI assistant helping with GitLab operations.
Context: $AI_FLOW_CONTEXT
Task: $AI_FLOW_INPUT
Event: $AI_FLOW_EVENT
Please execute the requested task using the available GitLab tools.
Be thorough in your analysis and provide clear explanations.
<important>
Use the glab CLI to access data from GitLab. The glab CLI has already been authenticated. You can run the corresponding commands.
When you complete your work create a new Git branch, if you aren't already working on a feature branch, with the format of 'feature/<short description of feature>' and check in/push code.
When you check in and push code, you will need to use the access token stored in GITLAB_TOKEN and the user Opencode.
Lastly, after pushing the code, if a merge request doesn't already exist, create a new merge request for the branch and link it to the issue using:
`glab mr create --title "<title>" --description "<desc>" --source-branch <branch> --target-branch <branch>`
If you are asked to summarize a merge request or issue, or asked to provide more information then please post back a note to the merge request / issue so that the user can see it.
</important>
"
variables:
- ANTHROPIC_API_KEY
- GITLAB_TOKEN_OPENCODE
- GITLAB_HOSTCursor CLI
image: node:22-slim
commands:
- echo "Installing Cursor"
- apt-get update --quiet && apt-get install --yes curl wget gnupg2 gpg git && rm --recursive --force /var/lib/apt/lists/*
- curl --silent --show-error --location "https://cursor.com/install" | bash
- echo "Installing glab"
- export GITLAB_TOKEN=$GITLAB_TOKEN_CURSOR
- curl --silent --show-error --location "https://raw.githubusercontent.com/upciti/wakemeops/main/assets/install_repository" | bash
- apt-get install --yes glab
- echo "Configuring Git"
- git config --global user.email "cursor@gitlab.com"
- git config --global user.name "Cursor"
- echo "Running Cursor"
- |
$HOME/.local/bin/cursor-agent -p --force --output-format stream-json "--prompt "
You are an AI assistant helping with GitLab operations.
Context: $AI_FLOW_CONTEXT
Task: $AI_FLOW_INPUT
Event: $AI_FLOW_EVENT
Please execute the requested task using the available GitLab tools.
Be thorough in your analysis and provide clear explanations.
<important>
Use the glab CLI to access data from GitLab. The glab CLI has already been authenticated. You can run the corresponding commands.
When you complete your work create a new Git branch, if you aren't already working on a feature branch, with the format of 'feature/<short description of feature>' and check in/push code.
When you check in and push code you will need to use the access token stored in GITLAB_TOKEN and the user Cursor.
Lastly, after pushing the code, if a merge request doesn't already exist, create a new merge request for the branch and link it to the issue using:
`glab mr create --title "<title>" --description "<desc>" --source-branch <branch> --target-branch <branch>`
If you are asked to summarize a merge request or issue, or asked to provide more information then please post back a note to the merge request / issue so that the user can see it.
</important>
"
variables:
- GITLAB_TOKEN_CURSOR
- GITLAB_HOST
- CURSOR_API_KEY