Matching a PipelineRun to a Git provider Event #
A PipelineRun
can be matched to a Git provider event by using specific
annotations in the PipelineRun
metadata.
For example when you have these metadata in your PipelineRun
:
metadata:
name: pipeline-pr-main
annotations:
pipelinesascode.tekton.dev/on-target-branch: "[main]"
pipelinesascode.tekton.dev/on-event: "[pull_request]"
Pipelines-as-Code
will match the pipelinerun pipeline-pr-main
if the Git
provider events target the branch main
and it’s coming from a [pull_request]
Multiple target branches can be specified, separated by commas, e.g.:
pipelinesascode.tekton.dev/on-target-branch: [main, release-nightly]
You can match on pull_request
events as above, and you can as well match
pipelineRuns on push
events to a repository
For example this will match the pipeline when there is a push to a commit in the
main
branch :
metadata:
name: pipeline-push-on-main
annotations:
pipelinesascode.tekton.dev/on-target-branch: "[refs/heads/main]"
pipelinesascode.tekton.dev/on-event: "[push]"
You can specify the full refs like refs/heads/main
or the shortref like
main
. You can also specify globs, for example refs/heads/*
will match any
target branch or refs/tags/1.*
will match all the tags starting from 1.
.
A full example for a push of a tag :
metadata:
name: pipeline-push-on-1.0-tags
annotations:
pipelinesascode.tekton.dev/on-target-branch: "[refs/tags/1.0]"
pipelinesascode.tekton.dev/on-event: "[push]"
This will match the pipeline pipeline-push-on-1.0-tags
when you push the 1.0
tags into your repository.
Matching annotations are currently required; otherwise Pipelines-as-Code
will not
match your PipelineRun
.
If there are multiple pipelinerun matching an event, it will run all of them in parallel and posting the results to the provider as soon the PipelineRun finishes.
Payload matching only occurs for events thatPipelines-as-Code
supports, such as when aPull Request
is opened, updated, or when a branch receives aPush
.
Matching a PipelineRun to Specific Path Changes #
Matching a PipelineRun to specific path changes via annotation is a Technology Preview feature only. Technology Preview features are not currently supported and might not be functionally complete. We do not recommend using them in production. These features provide early access to an upcoming Pipelines-as-Code features, enabling you to test functionality and provide feedback during the development process.
To trigger a PipelineRun
based on specific path changes in an event, use the
annotation pipelinesascode.tekton.dev/on-path-change
.
Multiple paths can be specified, separated by commas. The first glob matching
the files changes in the PR will trigger the PipelineRun
. If you want to match
a file or path that has a comma you can html escape it with the ,
html
entity.
You still need to specify the event type and target branch. If you have a CEL
expression the on-path-change
annotation will be ignored
Example:
metadata:
name: pipeline-docs-and-manual
annotations:
pipelinesascode.tekton.dev/on-target-branch: "[main]"
pipelinesascode.tekton.dev/on-event: "[pull_request]"
pipelinesascode.tekton.dev/on-path-change: "[docs/**.md, manual/**.rst]"
This configuration will match and trigger the PipelineRun
named
pipeline-docs-and-manual
when a pull_request
event targets the main
branch
and includes changes to files with a .md
suffix in the docs
directory (and
its subdirectories) or files with a .rst
suffix in the manual
directory.
The patterns used are glob patterns, not regexp. Here are some examples from the library used for matching.
The
tkn pac
CLI provides a handy globbing command to test the glob pattern matching:tkn pac info globbing "[PATTERN]"
will match the files with
[PATTERN]
in the current directory.
Matching a PipelineRun by Ignoring Specific Path Changes #
Matching a PipelineRun to ignore specific path changes via annotation is a Technology Preview feature only. Technology Preview features are not currently supported and might not be functionally complete. We do not recommend using them in production. These features provide early access to an upcoming Pipelines-as-Code features, enabling you to test functionality and provide feedback during the development process.
Following the same principle as the on-path-change
annotation, you can use the
reverse annotation pipelinesascode.tekton.dev/on-path-change-ignore
to trigger
a PipelineRun
when the specified paths have not changed.
You still need to specify the event type and target branch. If you have a CEL
expression the on-path-change-ignore
annotation will be ignored
This PipelineRun will run when there are changes outside the docs folder:
metadata:
name: pipeline-not-on-docs-change
annotations:
pipelinesascode.tekton.dev/on-target-branch: "[main]"
pipelinesascode.tekton.dev/on-event: "[pull_request]"
pipelinesascode.tekton.dev/on-path-change-ignore: "[docs/***]"
Furthermore, you can combine on-path-change
and on-path-change-ignore
annotations:
metadata:
name: pipeline-docs-not-generated
annotations:
pipelinesascode.tekton.dev/on-target-branch: "[main]"
pipelinesascode.tekton.dev/on-event: "[pull_request]"
pipelinesascode.tekton.dev/on-path-change: "[docs/***]"
pipelinesascode.tekton.dev/on-path-change-ignore: "[docs/generated/***]"
This configuration triggers the PipelineRun
when there are changes in the
docs
directory but not in the docs/generated
directory.
The on-path-change-ignore
annotation will always take precedence over the
on-path-change
annotation, It means if you have these annotations:
metadata:
name: pipelinerun-go-only-no-markdown-or-yaml
pipelinesascode.tekton.dev/on-target-branch: "[main]"
pipelinesascode.tekton.dev/on-event: "[pull_request]"
pipelinesascode.tekton.dev/on-path-change: "[***.go]"
pipelinesascode.tekton.dev/on-path-change-ignore: "[***.md, ***.yaml]"
and you have a Pull Request
changing the files .tekton/pipelinerun.yaml
,
README.md
, and main.go
the PipelineRun
will not be triggered since the
on-path-change-ignore
annotation will ignore the ***.md
and ***.yaml
files.
Matching a PipelineRun on a Regexp in a comment #
Matching PipelineRun on regexp in comments is a Technology Preview feature only. Technology Preview features are not currently supported and might not be functionally complete. We do not recommend using them in production. These features provide early access to an upcoming Pipelines-as-Code features, enabling you to test functionality and provide feedback during the development process.
You can match a PipelineRun on a comment on a Pull Request with the annotation
pipelinesascode.tekton.dev/on-comment
.
The comment is a regexp and if a newly created comment has this regexp it will automatically match the PipelineRun and starts it.
For example:
---
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
name: "merge-pr"
annotations:
pipelinesascode.tekton.dev/on-comment: "^/merge-pr"
This will match the merge-pr PipelineRun
when a comment on a pull request
starts with /merge-pr
.
When the PipelineRun that has been triggered with the on-comment
annotation
gets started the template variable {{ trigger_comment }}
get set. See the
documentation here
Note that the on-comment
annotation will respect the pull_request
Policy rule,
so only users into the pull_request
policy will be able to trigger the
PipelineRun.
NOTE: The
on-comment
annotation is only supported on GitHub, Gitea and GitLab providers
Matching PipelineRun to a Pull Request labels #
Matching PipelineRun to a Pull-Request label is a Technology Preview feature only. Technology Preview features are not currently supported and might not be functionally complete. We do not recommend using them in production. These features provide early access to an upcoming Pipelines-as-Code features, enabling you to test functionality and provide feedback during the development process.
This feature is supported on the following providers
Git Provider Supported GitHub App ✅️ GitHub Webhook ✅️ Gitea ✅️ GitLab ✅️ Bitbucket Cloud ❌️ Bitbucket Server ❌️
Using the annotation pipelinesascode.tekton.dev/on-label
, you can match a
PipelineRun to a Pull Request label. For example, if you want to match the
PipelineRun bugs
whenever a Pull Request has the label bug
or defect
, you
can use this annotation:
metadata:
name: match-bugs-or-defect
annotations:
pipelinesascode.tekton.dev/on-label: [bug, defect]
The
on-label
annotation respects thepull_request
Policy rules.This annotation is currently supported only on GitHub, Gitea, and GitLab providers. Bitbucket Cloud and Bitbucket Server do not support adding labels to Pull Requests.
When you add a label to a Pull Request, the corresponding PipelineRun is triggered immediately, and no other PipelineRun matching the same Pull Request will be activated.
If you update the Pull Request by sending a new commit, the PipelineRun with a matching
on-label
annotation will be triggered again if the label is still present.You can access the
Pull Request
labels with the dynamic variable{{ pull_request_labels }}
. The labels are separated by a Unix newline\n
. For example with a shell script you can do this to print them:for i in $(echo -e "{{ pull_request_labels }}");do echo $i done
Advanced event matching using CEL #
If you need to do some advanced matching, Pipelines-as-Code
supports CEL
expression to do advanced filtering on the specific event you need to be matched.
If you have the pipelinesascode.tekton.dev/on-cel-expression
annotation in
your PipelineRun, the CEL expression will be used and the on-target-branch
or
on-event
annotations will be skipped.
This example will match a pull_request
event targeting the branch main
coming from a branch called wip
:
pipelinesascode.tekton.dev/on-cel-expression: |
event == "pull_request" && target_branch == "main" && source_branch == "wip"
The fields available are :
Field | Description |
---|---|
event | push , pull_request or incoming . |
target_branch | The branch we are targeting. |
source_branch | The branch where this pull_request comes from. (On push , this is the same as target_branch .) |
target_url | The URL of the repository we are targeting. |
source_url | The URL of the repository where this pull_request comes from. (On push , this is the same as target_url .) |
event_title | Matches the title of the event. For push , it matches the commit title. For PR, it matches the Pull/Merge Request title. (Only supported for GitHub , Gitlab , and BitbucketCloud providers.) |
body | The full body as passed by the Git provider. Example: body.pull_request.number retrieves the pull request number on GitHub. |
headers | The full set of headers as passed by the Git provider. Example: headers['x-github-event'] retrieves the event type on GitHub. |
.pathChanged | A suffix function to a string that can be a glob of a path to check if changed. (Supported only for GitHub and Gitlab providers.) |
files | The list of files that changed in the event (all , added , deleted , modified , and renamed ). Example: files.all or files.deleted . For pull requests, every file belonging to the pull request will be listed. |
CEL expressions lets you do more complex filtering compared to the simple on-target
annotation matching and enable more advanced scenarios.
For example if I want to have a PipelineRun
targeting a pull_request
but
not the experimental
branch you could have :
pipelinesascode.tekton.dev/on-cel-expression: |
event == "pull_request" && target_branch != experimental"
You can find more information about the CEL language spec here :
https://github.com/google/cel-spec/blob/master/doc/langdef.md
Matching a PipelineRun to a branch with a regexp #
In a CEL expression, you can match a field name using a regular expression. For
example if you want to trigger a PipelineRun
for thepull_request
event and
the source_branch
name containing the substring feat/
. you can use the
following expression:
pipelinesascode.tekton.dev/on-cel-expression: |
event == "pull_request" && source_branch.matches(".*feat/.*")
Matching PipelineRun by path change #
NOTE:
Pipelines-as-Code
supports two ways to match files changed in a particular event. The.pathChanged
suffix function supports glob pattern and does not support different types of “changes” i.e. added, modified, deleted and so on. The other option is to use thefiles.
property (files.all
,files.added
,files.deleted
,files.modified
,files.renamed
) which can target specific types of changed files and supports using CEL expressions i.e.files.all.exists(x, x.matches('renamed.go'))
.
If you want to have a PipelineRun running only if a path has
changed you can use the .pathChanged
suffix function with a glob
pattern. Here
is a concrete example matching every markdown files (as files who has the .md
suffix) in the docs
directory :
pipelinesascode.tekton.dev/on-cel-expression: |
event == "pull_request" && "docs/*.md".pathChanged()
This example will match any changed file (added, modified, removed or renamed) that was in the tmp
directory:
pipelinesascode.tekton.dev/on-cel-expression: |
files.all.exists(x, x.matches('tmp/'))
This example will match any added file that was in the src
or pkg
directory:
pipelinesascode.tekton.dev/on-cel-expression: |
files.added.exists(x, x.matches('src/|pkg/'))
This example will match modified files with the name of test.go:
pipelinesascode.tekton.dev/on-cel-expression: |
files.modified.exists(x, x.matches('test.go'))
Matching PipelineRun to a event (commit, pull_request) title #
This example will match all pull request starting with the title [DOWNSTREAM]
:
pipelinesascode.tekton.dev/on-cel-expression: |
event == "pull_request && event_title.startsWith("[DOWNSTREAM]")
The event title will be the pull request title on pull_request
and the
commit title on push
Matching PipelineRun on body payload #
Matching PipelineRun on body payload is a Technology Preview feature only. Technology Preview features are not currently supported and might not be functionally complete. We do not recommend using them in production. These features provide early access to an upcoming Pipelines-as-Code features, enabling you to test functionality and provide feedback during the development process.
The payload body as passed by the Git provider is available in the CEL
variable as body
and you can use this expression to do any filtering on
anything the Git provider is sending over:
For example this expression when run on GitHub:
pipelinesascode.tekton.dev/on-cel-expression: |
body.pull_request.base.ref == "main" &&
body.pull_request.user.login == "superuser" &&
body.action == "synchronize"
will only match if the pull request is targeting the main
branch, the author
of the pull request is called superuser
and the action is synchronize
(ie:
an update occurred on a pull request)
When matching the body payload in a Pull Request, the GitOps comments such as
/retest
won’t be working as expected.The payload body will become of the comment and not the original pull request payload.
Consequently, when a pull request event occurs, like opening or updating a pull request, the CEL body payload may not align with the defined specifications.
To be able to retest your Pull Request when using a CEL on bod payload, you can make a dummy update to the Pull Request by sending a new SHA with this git command:
# assuming you are on the branch you want to retest # and the upstream remote are set git commit --amend --no-edit && \ git push --force-with-lease
or close/open the pull request.
Matching a PipelineRun to a request header #
You can do some further filtering on the headers as passed by the Git provider
with the CEL variable headers
.
The headers are available as a list and are always in lower case.
For example this is how to make sure the event is a pull_request on GitHub:
pipelinesascode.tekton.dev/on-cel-expression: |
headers['x-github-event'] == "pull_request"
Matching a PipelineRun to a branch with comma #
If you want to match multiple branches but one branch has a comma in there you
will not be able to match it. In that case you can use the html escape entity
,
as comma in the name of the branch, for example if you want to match
main and the branch called release,nightly
you can do this:
pipelinesascode.tekton.dev/on-target-branch: [main, release,nightly]