Add GitLab repo host support

[SkylarkGG]

Summary

• add GitLab OAuth account linking and unlinking so users can connect GitLab alongside GitHub
• treat GitLab as a supported repo host for project mapping, metadata sync, and leaderboard eligibility
• update the settings, home, projects, and leaderboard UI plus test coverage for the new provider flow

Validation

• docker compose exec web bin/rubocop
• docker compose exec web bin/rails zeitwerk:check
• docker compose exec web bin/brakeman --quiet --no-pager --exit-on-warn --exit-on-error
• docker compose exec web env RAILS_ENV=test bin/rails db:create db:schema:load
• docker compose exec web env RAILS_ENV=test bin/vite build
• docker compose exec web env RAILS_ENV=test bin/rails test test/controllers/sessions_controller_test.rb test/controllers/my/project_repo_mappings_controller_test.rb test/controllers/leaderboards_controller_test.rb test/models/repository_test.rb test/jobs/leaderboard_update_job_test.rb
• docker compose exec web env RAILS_ENV=test bin/rails test:system test/system/settings/integrations_settings_test.rb
• docker compose exec web bun run format:svelte:check

[greptile-apps]

Greptile Summary

This PR integrates GitLab as a second supported OAuth provider and repo host — adding account linking/unlinking, project-repo mapping validation, metadata sync via the new GitlabService, and leaderboard eligibility based on repo_host_connected?. The implementation closely mirrors the existing GitHub patterns and includes a well-factored UnlinkOAuthModal component (using Inertia's <Form>) that resolves the previous CSRF-handling concern.

All remaining findings are minor P2 suggestions.

Confidence Score: 5/5

Safe to merge — implementation is correct and consistent with existing patterns.

Both remaining findings are P2: one is a one-word blurb fix, the other is a note about deferred auto-scan functionality that is already acknowledged via commented-out code elsewhere in the repo. No blocking defects were found.

app/models/concerns/oauth_authentication.rb (no GitLab scan job on link) and app/javascript/pages/Users/Settings/types.ts (stale blurb text).

Important Files Changed

Filename	Overview
app/models/concerns/gitlab_integration.rb	New concern for GitLab user info; correctly memoizes the parsed JSON hash (not the raw HTTP response).
app/models/concerns/oauth_authentication.rb	Adds gitlab_authorize_url and from_gitlab_token; GitLab link does not trigger a repo auto-scan job unlike the GitHub path.
app/controllers/sessions_controller.rb	GitLab OAuth new/create/unlink actions closely mirror GitHub with correct nonce validation and PostHog capture.
app/services/repo_host/gitlab_service.rb	New GitLab service; correctly uses URL-encoded subgroup paths and fetches commit count via X-Total header.
app/models/project_repo_mapping.rb	Adds user_connected_to_repo_host validation and widens URL regex to support GitLab subgroup paths.
app/javascript/pages/Users/Settings/Integrations.svelte	GitLab section added cleanly; unlink modals now use the shared UnlinkOAuthModal component with Inertia <Form>.
app/javascript/pages/Users/Settings/components/UnlinkOAuthModal.svelte	New reusable modal using Inertia <Form> for CSRF-safe DELETE; resolves previous inline CSRF concern.
db/migrate/20260407003131_add_gitlab_fields_to_users.rb	Adds four GitLab columns and two indexes (uid, uid+token composite) matching the GitHub schema.
app/javascript/pages/Users/Settings/types.ts	GitLab types and paths added; integrations sidebar blurb not updated to mention GitLab.
app/jobs/sync_repo_metadata_job.rb	Correctly branches on host to pick a user with a GitLab token when syncing GitLab repo metadata.

Sequence Diagram

sequenceDiagram
    participant U as User
    participant App as Hackatime
    participant GL as GitLab OAuth

    U->>App: GET /auth/gitlab
    App->>App: Generate nonce, store in session
    App->>GL: Redirect to /oauth/authorize
    GL->>U: Show authorization page
    U->>GL: Approve
    GL->>App: GET /auth/gitlab/callback?code=&state=
    App->>App: Validate state nonce
    App->>GL: POST /oauth/token
    GL->>App: access_token
    App->>GL: GET /api/v4/user
    GL->>App: id, username, avatar_url
    App->>App: Clear other users with same gitlab_uid
    App->>App: Save gitlab_uid/username/token to current_user
    App->>U: Redirect to settings with success notice

Loading

Prompt To Fix All With AI

This is a comment left during a code review.
Path: app/javascript/pages/Users/Settings/types.ts
Line: 283

Comment:
**Stale sidebar blurb**

The `integrations` section blurb still reads `"Slack status, GitHub link, and email sign-in addresses."` — it doesn't mention GitLab, which is now a first-class integration on this page.

```suggestion
    blurb: "Slack status, GitHub and GitLab links, and email sign-in addresses.",
```

How can I resolve this? If you propose a fix, please make it concise.

---

This is a comment left during a code review.
Path: app/models/concerns/oauth_authentication.rb
Line: 228-229

Comment:
**No GitLab repo auto-scan on link**

`from_github_token` calls `ScanGithubReposJob.perform_later(current_user.id)` after linking, which auto-discovers project-repo mappings for the user's existing heartbeat projects. `from_gitlab_token` has no equivalent, so users who link GitLab won't get automatic mapping suggestions for their GitLab projects. The commented-out GitLab cases in `sync_user_events_job.rb` indicate this is deferred work — a brief comment here would clarify the intentional omission.

How can I resolve this? If you propose a fix, please make it concise.

_{Greploops — Automatically fix all review issues by running /greploops in Claude Code. It iterates: fix, push, re-review, repeat until 5/5 confidence.
Use the Greptile plugin for Claude Code to query reviews, search comments, and manage custom context directly from your terminal.}

_{Reviews (2): Last reviewed commit: "Address GitLab review feedback" | Re-trigger Greptile}

[skyfallwastaken]

@greptileai review