Merge pull request #1969 from Mr-jing/fix/gitlab-private-deployment-401

Fix GitLab authentication for private deployments running GitLab 11.1.4 (401 Unauthorized error)

docs/docs/installation/gitlab.md

@@ -70,6 +70,7 @@ git clone https://github.com/qodo-ai/pr-agent.git
     2. In the secrets file/variables:
         - Set your AI model key in the respective section
         - In the [gitlab] section, set `personal_access_token` (with token from step 2) and `shared_secret` (with secret from step 3)
+        - **Authentication type**: Set `auth_type` to `"private_token"` for older GitLab versions (e.g., 11.x) or private deployments. Default is `"oauth_token"` for gitlab.com and newer versions.
 
 6. Build a Docker image for the app and optionally push it to a Docker repository. We'll use Dockerhub as an example:
 
@@ -85,6 +86,7 @@ CONFIG__GIT_PROVIDER=gitlab
 GITLAB__PERSONAL_ACCESS_TOKEN=<personal_access_token>
 GITLAB__SHARED_SECRET=<shared_secret>
 GITLAB__URL=https://gitlab.com
+GITLAB__AUTH_TYPE=oauth_token  # Use "private_token" for older GitLab versions
 OPENAI__KEY=<your_openai_api_key>
 ```
 

pr_agent/git_providers/gitlab_provider.py

@@ -36,11 +36,30 @@ class GitLabProvider(GitProvider):
         gitlab_access_token = get_settings().get("GITLAB.PERSONAL_ACCESS_TOKEN", None)
         if not gitlab_access_token:
             raise ValueError("GitLab personal access token is not set in the config file")
-        self.gl = gitlab.Gitlab(
-            url=gitlab_url,
-            oauth_token=gitlab_access_token,
-            ssl_verify=ssl_verify
-        )
+        # Authentication method selection via configuration
+        auth_method = get_settings().get("GITLAB.AUTH_TYPE", "oauth_token")
+        
+        # Basic validation of authentication type
+        if auth_method not in ["oauth_token", "private_token"]:
+            raise ValueError(f"Unsupported GITLAB.AUTH_TYPE: '{auth_method}'. "
+                           f"Must be 'oauth_token' or 'private_token'.")
+        
+        # Create GitLab instance based on authentication method
+        try:
+            if auth_method == "oauth_token":
+                self.gl = gitlab.Gitlab(
+                    url=gitlab_url,
+                    oauth_token=gitlab_access_token
+                    ssl_verify=ssl_verify
+                )
+            else:  # private_token
+                self.gl = gitlab.Gitlab(
+                    url=gitlab_url,
+                    private_token=gitlab_access_token
+                )
+        except Exception as e:
+            get_logger().error(f"Failed to create GitLab instance: {e}")
+            raise ValueError(f"Unable to authenticate with GitLab: {e}")
         self.max_comment_chars = 65000
         self.id_project = None
         self.id_mr = None
@@ -54,6 +73,7 @@ class GitLabProvider(GitProvider):
             r"^@@ -(\d+)(?:,(\d+))? \+(\d+)(?:,(\d+))? @@[ ]?(.*)")
         self.incremental = incremental
 
+
     def is_supported(self, capability: str) -> bool:
         if capability in ['get_issue_comments', 'create_inline_comment', 'publish_inline_comments',
             'publish_file_comments']: # gfm_markdown is supported in gitlab !
@@ -721,7 +741,7 @@ class GitLabProvider(GitProvider):
             get_logger().error(f"Repo URL: {repo_url_to_clone} is not a valid gitlab URL.")
             return None
         (scheme, base_url) = repo_url_to_clone.split("gitlab.")
-        access_token = self.gl.oauth_token
+        access_token = getattr(self.gl, 'oauth_token', None) or getattr(self.gl, 'private_token', None)
         if not all([scheme, access_token, base_url]):
             get_logger().error(f"Either no access token found, or repo URL: {repo_url_to_clone} "
                                f"is missing prefix: {scheme} and/or base URL: {base_url}.")