GitLab CLI Skills

Comprehensive GitLab CLI (glab) command reference and workflows.

Quick start

CODEBLOCK0

Multi-agent identity note

When you want different agents to appear as different GitLab users, give each agent its own GitLab bot/service account. Multiple personal access tokens on the same GitLab user still act as that same visible identity.

Use the Actor identity for actor-authored GitLab comments, replies, approvals, and other writes. Use an agent identity only when the GitLab action is explicitly that agent's own work product. Choose the intended visible actor before the first GitLab write.

Treat shell identity as sticky and unsafe by default. If another env file was sourced earlier in the same shell/session, glab may still write as that previously loaded identity unless you deliberately switch and verify first.

A practical pattern is one env file per actor, for example ~/.config/openclaw/env/gitlab-actor.env, ~/.config/openclaw/env/gitlab-reviewer.env, and ~/.config/openclaw/env/gitlab-release.env. Keep these env files outside version control, restrict their permissions (for example chmod 600), be mindful of backup exposure, and use least-privilege bot/service-account tokens. In a reused shell, clear stale GitLab auth vars first or start a fresh shell. If those files use plain KEY=value lines, load them with exported vars before running glab:

CODEBLOCK1

Plain source updates the current shell but may not export variables to child processes such as glab. If the token/host vars are not exported, glab may silently fall back to shared stored auth from ~/.config/glab-cli/config.yml, which can make the wrong account appear to perform the action.

Required pre-flight before any GitLab write

Run this immediately before any GitLab write, including glab mr note, review replies/approvals, and any glab api POST/PATCH/PUT/DELETE call:

CODEBLOCK2

This assumes the target actor env file set GITLAB_HOST for the exact GitLab instance you intend to modify. Do not write until both commands clearly show the intended visible actor on that host.

Wrong-identity remediation

If a comment or reply was posted under the wrong identity:

1. 1. Stop posting.
2. Delete the mistaken comment or reply if cleanup is needed.
3. INLINECODE18 or start a fresh shell.
4. Source the correct env file with set -a; source ...; set +a.
5. Rerun glab auth status --hostname "$GITLAB_HOST" and glab api --hostname "$GITLAB_HOST" user.
6. Repost under the correct actor.
7. Verify the thread no longer shows the wrong visible author for the replacement message.

If the wrong-identity write changed state beyond a comment or reply, do not treat the comment cleanup steps as sufficient. Re-auth as above, then use the matching GitLab reversal for that write under the correct actor and host, such as unapproving an MR or sending the compensating glab api --hostname "$GITLAB_HOST" mutation for the exact resource that was changed.

Skill organization

This skill routes to specialized sub-skills by GitLab domain:

Core Workflows:

• - glab-mr - Merge requests: create, review, approve, merge
• INLINECODE24 - Issues: create, list, update, close, comment
• INLINECODE25 - CI/CD: pipelines, jobs, logs, artifacts
• INLINECODE26 - Repositories: clone, create, fork, manage

Project Management:

• - glab-milestone - Release planning and milestone tracking
• INLINECODE28 - Sprint/iteration management
• INLINECODE29 - Label management and organization
• INLINECODE30 - Software releases and versioning

Authentication & Config:

• - glab-auth - Login, logout, Docker registry auth
• INLINECODE32 - CLI configuration and defaults
• INLINECODE33 - SSH key management
• INLINECODE34 - GPG keys for commit signing
• INLINECODE35 - Personal and project access tokens
• INLINECODE36 - Personal GitLab to-do triage and completion (added v1.92.0)

CI/CD Management:

• - glab-job - Individual job operations
• INLINECODE38 - Scheduled pipelines and cron jobs
• INLINECODE39 - CI/CD variables and secrets
• INLINECODE40 - Secure files for pipelines
• INLINECODE41 - Runner management: list, assign/unassign, inspect jobs/managers, pause/unpause, delete (added v1.87.0; expanded in v1.90.0)
• INLINECODE42 - Runner controller, scope, and token management (EXPERIMENTAL, admin-only)

Collaboration:

• - glab-user - User profiles and information
• INLINECODE44 - Code snippets (GitLab gists)
• INLINECODE45 - Incident management
• INLINECODE46 - Work items: tasks, OKRs, key results, next-gen epics (added v1.87.0)

Advanced:

• - glab-api - Direct REST API calls
• INLINECODE48 - Kubernetes cluster integration
• INLINECODE49 - Deploy keys for automation
• INLINECODE50 - GitLab slash command quick actions for batching state changes
• INLINECODE51 - Stacked/dependent merge requests
• INLINECODE52 - Terraform/OpenTofu state management

Utilities:

• - glab-alias - Custom command aliases
• INLINECODE54 - Shell autocompletion
• INLINECODE55 - Command help and documentation
• INLINECODE56 - Version information
• INLINECODE57 - Update checker
• INLINECODE58 - Changelog generation
• INLINECODE59 - Software supply chain security
• INLINECODE60 - GitLab Duo AI assistant
• INLINECODE61 - Model Context Protocol server for AI assistant integration (EXPERIMENTAL)

v1.92.0 Updates

Key user-facing changes in glab v1.92.0 that affect this skill set:

• - glab-todo: adds glab todo list and glab todo done for personal to-do triage from the CLI.
• glab-auth: re-login now clears stale credentials when switching from OAuth to token auth; troubleshooting should prefer a fresh glab auth login when stored credentials appear stuck after auth-method changes.

v1.91.0 Updates

Key user-facing changes in glab v1.91.0 that affect this skill set:

• - glab-api: adds multipart/form-data request support via --form for endpoints that expect file uploads or multipart fields.
• glab-auth: improves diagnostics when an exported env token fails authentication; troubleshooting should explicitly check env-token precedence before assuming stored login is broken.
• glab-duo: current user-facing surface is glab duo ask and glab duo cli; older glab duo update guidance is stale and should not be recommended.

v1.90.0 Updates

Key user-facing changes in glab v1.90.0 that affect this skill set:

• - glab-auth: glab auth login adds --web, --container-registry-domains, and --ssh-hostname; CI auto-login is now GA.
• glab-mr: glab mr create adds --auto-merge; glab mr note now has list, resolve, and reopen subcommands in addition to note-posting flags.
• glab-runner: adds jobs, managers, and update --pause|--unpause.
• glab-runner-controller: adds get and shifts runner scope management under scope list|create|delete.

v1.89.0 Updates

v1.89.0+: 18 commands across 12 sub-skills now support --output json / -F json for structured output — raw GitLab API responses ideal for agent/automation parsing. Affected sub-skills: glab-release, glab-ci, glab-milestone, glab-schedule, glab-mr, glab-repo, glab-label, glab-deploy-key, glab-ssh-key, glab-gpg-key, glab-cluster, glab-opentofu.

Other v1.89.0 changes:

• - glab-auth: glab auth login now prompts for SSH hostname separately from API hostname on self-hosted instances
• glab-stack: glab stack sync --update-base flag added to rebase stack onto updated base branch
• glab-release: --notes / --notes-file are now optional for glab release create and INLINECODE118

When to use glab vs web UI

Use glab when:

• - Automating GitLab operations in scripts
• Working in terminal-centric workflows
• Batch operations (multiple MRs/issues)
• Integration with other CLI tools
• CI/CD pipeline workflows
• Faster navigation without browser context switching

Use web UI when:

• - Complex diff review with inline comments
• Visual merge conflict resolution
• Configuring repo settings and permissions
• Advanced search/filtering across projects
• Reviewing security scanning results
• Managing group/instance-level settings

Common workflows

Daily development

CODEBLOCK3

Code review

CODEBLOCK4

CI/CD debugging

CODEBLOCK5

Decision Trees

"Should I create an MR or work on an issue first?"

CODEBLOCK6

Use glab issue create + glab mr for when:

• - Work needs discussion/approval before coding
• Tracking feature requests or bugs
• Sprint planning and assignment
• Want issue to auto-close when MR merges

Use glab mr create directly when:

• - Quick fixes or typos
• Working from existing issue
• Hotfixes or urgent changes

"Which CI command should I use?"

CODEBLOCK7

Quick reference:

• - Pipeline-level: glab ci status, glab ci view, INLINECODE124
• Job-level: glab ci trace, glab job retry, INLINECODE127
• Artifacts: glab ci artifact (by pipeline) or job artifacts via INLINECODE129

"Clone or fork?"

CODEBLOCK8

Fork when:

• - You don't have write access to the original repo
• Contributing to open source projects
• Experimenting without affecting the original
• Need your own copy for long-term work

Clone when:

• - You're a project member with write access
• Working on organization/team repositories
• No need for a personal copy

"Project vs group labels?"

CODEBLOCK9

Group-level labels:

• - Consistent labeling across organization
• Examples: priority::high, type::bug, status::blocked
• Managed centrally, inherited by projects

Project-level labels:

• - Project-specific workflows
• Examples: needs-ux-review, deploy-to-staging
• Managed by project maintainers

Related Skills

MR and Issue workflows:

• - Start with glab-issue to create/track work
• Use glab-mr to create MR that closes issue
• Script: scripts/create-mr-from-issue.sh automates this

CI/CD debugging:

• - Use glab-ci for pipeline-level operations
• Use glab-job for individual job operations
• Script: scripts/ci-debug.sh for quick failure diagnosis

Repository operations:

• - Use glab-repo for repository management
• Use glab-auth for authentication setup
• Script: scripts/sync-fork.sh for fork synchronization

Configuration:

• - Use glab-auth for initial authentication
• Use glab-config to set defaults and preferences
• Use glab-alias for custom shortcuts