Installing and configuring Pipelines as Code | Pipelines as Code

Installing Pipelines as Code on an OpenShift Container Platform
Installing Pipelines as Code CLI
Customizing Pipelines as Code configuration
Configuring additional Pipelines as Code controllers to support additional GitHub apps
Additional resources

You can install Pipelines as Code as a part of Red Hat OpenShift Pipelines installation.

Installing Pipelines as Code on an OpenShift Container Platform

Pipelines as Code is installed in the openshift-pipelines namespace when you install the Red Hat OpenShift Pipelines Operator. For more details, see Installing OpenShift Pipelines in the Additional resources section.

To disable the default installation of Pipelines as Code with the Operator, set the value of the enable parameter to false in the TektonConfig custom resource.

apiVersion: operator.tekton.dev/v1alpha1
kind: TektonConfig
metadata:
  name: config
spec:
  platforms:
    openshift:
      pipelinesAsCode:
        enable: false
        settings:
          application-name: Pipelines as Code CI
          auto-configure-new-github-repo: "false"
          bitbucket-cloud-check-source-ip: "true"
          hub-catalog-name: tekton
          hub-url: https://api.hub.tekton.dev/v1
          remote-tasks: "true"
          secret-auto-create: "true"
# ...

Optionally, you can run the following command:

$ oc patch tektonconfig config --type="merge" -p '{"spec": {"platforms": {"openshift":{"pipelinesAsCode": {"enable": false}}}}}'

To enable the default installation of Pipelines as Code with the Red Hat OpenShift Pipelines Operator, set the value of the enable parameter to true in the TektonConfig custom resource:

apiVersion: operator.tekton.dev/v1alpha1
kind: TektonConfig
metadata:
  name: config
spec:
  platforms:
    openshift:
      pipelinesAsCode:
        enable: true
        settings:
          application-name: Pipelines as Code CI
          auto-configure-new-github-repo: "false"
          bitbucket-cloud-check-source-ip: "true"
          hub-catalog-name: tekton
          hub-url: https://api.hub.tekton.dev/v1
          remote-tasks: "true"
          secret-auto-create: "true"
# ...

Optionally, you can run the following command:

$ oc patch tektonconfig config --type="merge" -p '{"spec": {"platforms": {"openshift":{"pipelinesAsCode": {"enable": true}}}}}'

Installing Pipelines as Code CLI

Cluster administrators can use the tkn pac and opc CLI tools on local machines or as containers for testing. The tkn pac and opc CLI tools are installed automatically when you install the tkn CLI for Red Hat OpenShift Pipelines.

You can install the tkn pac and opc version 1.16.0 binaries for the supported platforms:

Customizing Pipelines as Code configuration

To customize Pipelines as Code, cluster administrators can configure the following parameters in the TektonConfig custom resource, in the platforms.openshift.pipelinesAsCode.settings spec:

Table 1. Customizing Pipelines as Code configuration
Parameter	Description	Default
`application-name`	The name of the application. For example, the name displayed in the GitHub Checks labels.	`"Pipelines as Code CI"`
`secret-auto-create`	Indicates whether or not a secret should be automatically created using the token generated in the GitHub application. This secret can then be used with private repositories.	`enabled`
`remote-tasks`	When enabled, allows remote tasks from pipeline run annotations.	`enabled`
`hub-url`	The base URL for the Tekton Hub API.	`https://hub.tekton.dev/`
`hub-catalog-name`	The Tekton Hub catalog name.	`tekton`
`tekton-dashboard-url`	The URL of the Tekton Hub dashboard. Pipelines as Code uses this URL to generate a `PipelineRun` URL on the Tekton Hub dashboard.	NA
`bitbucket-cloud-check-source-ip`	Indicates whether to secure the service requests by querying IP ranges for a public Bitbucket. Changing the parameter’s default value might result into a security issue.	`enabled`
`bitbucket-cloud-additional-source-ip`	Indicates whether to provide an additional set of IP ranges or networks, which are separated by commas.	NA
`max-keep-run-upper-limit`	A maximum limit for the `max-keep-run` value for a pipeline run.	NA
`default-max-keep-runs`	A default limit for the `max-keep-run` value for a pipeline run. If defined, the value is applied to all pipeline runs that do not have a `max-keep-run` annotation.	NA
`auto-configure-new-github-repo`	Configures new GitHub repositories automatically. Pipelines as Code sets up a namespace and creates a custom resource for your repository. This parameter is only supported with GitHub applications.	`disabled`
`auto-configure-repo-namespace-template`	Configures a template to automatically generate the namespace for your new repository, if `auto-configure-new-github-repo` is enabled.	`{repo_name}-pipelines`
`error-log-snippet`	Enables or disables the view of a log snippet for the failed tasks, with an error in a pipeline. You can disable this parameter in the case of data leakage from your pipeline.	`true`
`error-detection-from-container-logs`	Enables or disables the inspection of container logs to detect error message and expose them as annotations on the pull request. This setting applies only if you are using the GitHub app.	`true`
`error-detection-max-number-of-lines`	The maximum number of lines inspected in the container logs to search for error messages. Set to `-1` to inspect an unlimited number of lines.	50
`secret-github-app-token-scoped`	If set to `true`, the GitHub access token that Pipelines as Code generates using the GitHub app is scoped only to the repository from which Pipelines as Code fetches the pipeline definition. If set to `false`, you can use both the `TektonConfig` custom resource and the `Repository` custom resource to scope the token to additional repositories.	`true`
`secret-github-app-scope-extra-repos`	Additional repositories for scoping the generated GitHub access token.

Configuring additional Pipelines as Code controllers to support additional GitHub apps

By default, you can configure Pipelines as Code to interact with one GitHub app. In some cases you might need to use more than one GitHub app, for example, if you need to use different GitHub accounts or different GitHub instances such as GitHub Enterprise or GitHub SaaS. If you want to use more than one GitHub app, you must configure an additional Pipelines as Code controller for every additional GitHub app.

Procedure

In the TektonConfig custom resource, add the additionalPACControllers section to the platforms.openshift.pipelinesAsCode spec, as in the following example:

Example additionalPACControllers section

apiVersion: operator.tekton.dev/v1
kind: TektonConfig
metadata:
  name: config
spec:
  platforms:
    openshift:
      pipelinesAsCode:
        additionalPACControllers:
          pac_controller_2:  (1)
            enable: true    (2)
            secretName: pac_secret_2  (3)
            settings: #  (4)
# ...

1	The name of the controller. This name must be unique and not exceed 25 characters in length.
2	This parameter is optional. Set this parameter to `true` to enable the additional controller or to `false` to disable the additional controller. The default vaule is `true`.
3	Set this parameter to the name of a secret that you must create for the GitHub app.
4	This section is optional. In this section, you can set any Pipelines as Code settings for this controller if the settings must be different from the main Pipelines as Code controller.

Optional: If you want to use more than two GitHub apps, create additional sections under the pipelinesAsCode.additionalPACControllers spec to configure a Pipelines as Code controller for every GitHub instance. Use a unique name for every controller.

Additional resources