×

Installing Pipelines as Code on an OpenShift Container Platform

Pipelines as Code is installed in the openshift-pipelines namespace when you install the Red Hat OpenShift Pipelines Operator. For more details, see Installing OpenShift Pipelines in the Additional resources section.

To disable the default installation of Pipelines as Code with the Operator, set the value of the enable parameter to false in the TektonConfig custom resource.

apiVersion: operator.tekton.dev/v1alpha1
kind: TektonConfig
metadata:
  name: config
spec:
  platforms:
    openshift:
      pipelinesAsCode:
        enable: false
        settings:
          application-name: Pipelines as Code CI
          auto-configure-new-github-repo: "false"
          bitbucket-cloud-check-source-ip: "true"
          hub-catalog-name: tekton
          hub-url: https://api.hub.tekton.dev/v1
          remote-tasks: "true"
          secret-auto-create: "true"
# ...

Optionally, you can run the following command:

$ oc patch tektonconfig config --type="merge" -p '{"spec": {"platforms": {"openshift":{"pipelinesAsCode": {"enable": false}}}}}'

To enable the default installation of Pipelines as Code with the Red Hat OpenShift Pipelines Operator, set the value of the enable parameter to true in the TektonConfig custom resource:

apiVersion: operator.tekton.dev/v1alpha1
kind: TektonConfig
metadata:
  name: config
spec:
  platforms:
    openshift:
      pipelinesAsCode:
        enable: true
        settings:
          application-name: Pipelines as Code CI
          auto-configure-new-github-repo: "false"
          bitbucket-cloud-check-source-ip: "true"
          hub-catalog-name: tekton
          hub-url: https://api.hub.tekton.dev/v1
          remote-tasks: "true"
          secret-auto-create: "true"
# ...

Optionally, you can run the following command:

$ oc patch tektonconfig config --type="merge" -p '{"spec": {"platforms": {"openshift":{"pipelinesAsCode": {"enable": true}}}}}'

Installing Pipelines as Code CLI

Cluster administrators can use the tkn pac and opc CLI tools on local machines or as containers for testing. The tkn pac and opc CLI tools are installed automatically when you install the tkn CLI for Red Hat OpenShift Pipelines.

You can install the tkn pac and opc version 1.15.0 binaries for the supported platforms:

Customizing Pipelines as Code configuration

To customize Pipelines as Code, cluster administrators can configure the following parameters in the TektonConfig custom resource, in the platforms.openshift.pipelinesAsCode.settings spec:

Table 1. Customizing Pipelines as Code configuration
Parameter Description Default

application-name

The name of the application. For example, the name displayed in the GitHub Checks labels.

"Pipelines as Code CI"

secret-auto-create

Indicates whether or not a secret should be automatically created using the token generated in the GitHub application. This secret can then be used with private repositories.

enabled

remote-tasks

When enabled, allows remote tasks from pipeline run annotations.

enabled

hub-url

The base URL for the Tekton Hub API.

https://hub.tekton.dev/

hub-catalog-name

The Tekton Hub catalog name.

tekton

tekton-dashboard-url

The URL of the Tekton Hub dashboard. Pipelines as Code uses this URL to generate a PipelineRun URL on the Tekton Hub dashboard.

NA

bitbucket-cloud-check-source-ip

Indicates whether to secure the service requests by querying IP ranges for a public Bitbucket. Changing the parameter’s default value might result into a security issue.

enabled

bitbucket-cloud-additional-source-ip

Indicates whether to provide an additional set of IP ranges or networks, which are separated by commas.

NA

max-keep-run-upper-limit

A maximum limit for the max-keep-run value for a pipeline run.

NA

default-max-keep-runs

A default limit for the max-keep-run value for a pipeline run. If defined, the value is applied to all pipeline runs that do not have a max-keep-run annotation.

NA

auto-configure-new-github-repo

Configures new GitHub repositories automatically. Pipelines as Code sets up a namespace and creates a custom resource for your repository. This parameter is only supported with GitHub applications.

disabled

auto-configure-repo-namespace-template

Configures a template to automatically generate the namespace for your new repository, if auto-configure-new-github-repo is enabled.

{repo_name}-pipelines

error-log-snippet

Enables or disables the view of a log snippet for the failed tasks, with an error in a pipeline. You can disable this parameter in the case of data leakage from your pipeline.

true

error-detection-from-container-logs

Enables or disables the inspection of container logs to detect error message and expose them as annotations on the pull request. This setting applies only if you are using the GitHub app.

true

error-detection-max-number-of-lines

The maximum number of lines inspected in the container logs to search for error messages. Set to -1 to inspect an unlimited number of lines.

50

secret-github-app-token-scoped

If set to true, the GitHub access token that Pipelines as Code generates using the GitHub app is scoped only to the repository from which Pipelines as Code fetches the pipeline definition. If set to false, you can use both the TektonConfig custom resource and the Repository custom resource to scope the token to additional repositories.

true

secret-github-app-scope-extra-repos

Additional repositories for scoping the generated GitHub access token.

Configuring additional Pipelines as Code controllers to support additional GitHub apps

By default, you can configure Pipelines as Code to interact with one GitHub app. In some cases you might need to use more than one GitHub app, for example, if you need to use different GitHub accounts or different GitHub instances such as GitHub Enterprise or GitHub SaaS. If you want to use more than one GitHub app, you must configure an additional Pipelines as Code controller for every additional GitHub app.

Procedure
  1. In the TektonConfig custom resource, add the additionalPACControllers section to the platforms.openshift.pipelinesAsCode spec, as in the following example:

    Example additionalPACControllers section
    apiVersion: operator.tekton.dev/v1
    kind: TektonConfig
    metadata:
      name: config
    spec:
      platforms:
        openshift:
          pipelinesAsCode:
            additionalPACControllers:
              pac_controller_2:  (1)
                enable: true    (2)
                secretName: pac_secret_2  (3)
                settings: #  (4)
    # ...
    1 The name of the controller. This name must be unique and not exceed 25 characters in length.
    2 This parameter is optional. Set this parameter to true to enable the additional controller or to false to disable the additional controller. The default vaule is true.
    3 Set this parameter to the name of a secret that you must create for the GitHub app.
    4 This section is optional. In this section, you can set any Pipelines as Code settings for this controller if the settings must be different from the main Pipelines as Code controller.
  2. Optional: If you want to use more than two GitHub apps, create additional sections under the pipelinesAsCode.additionalPACControllers spec to configure a Pipelines as Code controller for every GitHub instance. Use a unique name for every controller.