Policy on Pipelines-as-Code actions #
Pipelines-as-Code has the concepts of Policy to let you control an action allowed to be executed by a set of users belonging to a Team on an Organisation as defined on GitHub or other Git Providers (only GitHub and Gitea is supported at the moment).
List of actions supported #
pull_request- This action is triggering the CI on Pipelines-as-Code, specifying a team will only allow the members of the team to trigger the CI and will not allow other members regadless if they are Owners or Collaborators of the repository or the Organization. The OWNERS file is still taken into account and will as well allow the members of the OWNERS file to trigger the CI.
ok_to_test- This action will let a user belonging to the allowed team to issue a
/ok-to-testcomment on a Pull Request to trigger the CI on Pipelines-as-Code, this let running the CI on Pull Request contributed by a non collaborator of the repository or the organisation. This apply to the
/retestcommands as well. This take precendence on the
Configuring the Policy on the Repository CR #
To configure the Policy on the Repository CR you need to add the following to the setting of the Repository CR:
apiVersion: "pipelinesascode.tekton.dev/v1alpha1" kind: Repository metadata: name: repository1 spec: url: "https://github.com/org/repo" settings: policy: ok_to_test: - ci-admins pull_request: - ci-users
ci-admins team will be able to let other users run the CI on the pull
request and users in
ci-users team will be able to run the CI on their own
Configuring teams on GitHub #
You will need to configure the GitHub Apps on your organisation to use this feature.
See the documentation on GitHub to configure the teams:
Configuring teams on Gitea #
Teams on Gitea are configured on the Organization level. No documentation is available but you can look at the GitHub documentation to get an idea of how to configure it.