Multiple GitHub Applications Support

Multi-GitHub Application Configuration #

Multi-GitHub Apps Support is a Technology Preview feature only. Technology Preview features are not currently supported and might not be functionally complete. We do not recommend using them in production. These features provide early access to an upcoming Pipelines-as-Code features, enabling you to test functionality and provide feedback during the development process.

Pipelines-as-Code allows multiple GitHub applications to operate on the same cluster, enabling integration with different GitHub instances (e.g., public GitHub and GitHub Enterprise Server).

Deployment Architecture #

Each GitHub application requires:

  1. Dedicated controller deployment
  2. Associated Service resource
  3. Network exposure via Ingress (Kubernetes) or Route (OpenShift) or smee.io for webhook tunneling
  4. Unique configuration through:
    • Secret containing GitHub App credentials (private key, application_id, webhook_secret)
    • ConfigMap for application-specific settings

Controller Configuration Parameters #

Environment VariableDescriptionExample
PAC_CONTROLLER_LABELUnique identifier for the controller instancegithub-enterprise
PAC_CONTROLLER_SECRETSecret containing GitHub App credentialsgh-enterprise-secret
PAC_CONTROLLER_CONFIGMAPConfigMap with application settingsgh-enterprise-config
Note: While each GitHub application requires its own controller, only one status reconciler (“watcher”) component is needed cluster-wide.

Deployment Automation Script #

The second-controller.py script makes it easy to generate the deployment yaml:

Location: ./hack/second-controller.py in the Pipelines-as-Code repository

Basic Usage #

python3 hack/second-controller.py <LABEL> | kubectl apply -f -

Advanced Options #

Usage: second-controller.py [-h] [--configmap CONFIGMAP]
                            [--ingress-domain INGRESS_DOMAIN]
                            [--secret SECRET]
                            [--controller-image CONTROLLER_IMAGE]
                            [--gosmee-image GOSMEE_IMAGE]
                            [--smee-url SMEE_URL] [--namespace NAMESPACE]
                            [--openshift-route]
                            LABEL

Key Options #

OptionDescription
--configmapConfigMap name (default: <LABEL>-configmap)
--secretSecret name (default: <LABEL>-secret)
--ingress-domainCreate Ingress with specified domain (Kubernetes)
--openshift-routeCreate OpenShift Route instead of Ingress
--controller-imageCustom controller image (use ko for local builds)
--smee-urlDeploy Gosmee sidecar for webhook tunneling
--namespaceTarget namespace (default: pipelines-as-code)

Example Scenarios #

  • Basic Kubernetes Deployment
# Generate and apply configuration for GitHub Enterprise
python3 hack/second-controller.py ghe \
  --ingress-domain "ghe.example.com" \
  --namespace pipelines-as-code | kubectl apply -f -
  • OpenShift Deployment with Custom Config
# Create configuration with custom secret and route
python3 hack/second-controller.py enterprise \
  --openshift-route \
  --secret my-custom-secret \
  --configmap enterprise-config | oc apply -f -
  • Local Development with Ko
# Build and deploy controller image using ko
export KO_DOCKER_REPO=quay.io/your-username
ko apply -f <(
  python3 hack/second-controller.py dev \
  --controller-image=ko \
  --namespace pipelines-as-code
)

4. Webhook Tunneling with Smee.io

The tunneling avoid using a ingress route that is not accessible from the internet.

# Deploy with webhook tunneling for local testing
python3 hack/second-controller.py test \
  --smee-url https://smee.io/your-channel | kubectl apply -f -

Environment Variables #

The script respects these environment variables for customization:

PAC_CONTROLLER_LABEL      Controller identifier
PAC_CONTROLLER_TARGET_NS  Target namespace (default: pipelines-as-code)
PAC_CONTROLLER_SECRET     Secret name (default: <LABEL>-secret)
PAC_CONTROLLER_CONFIGMAP  ConfigMap name (default: <LABEL>-configmap)
PAC_CONTROLLER_SMEE_URL   Smee.io URL for webhook tunneling
PAC_CONTROLLER_IMAGE      Controller image (default: ghcr.io/openshift-pipelines/pipelines-as-code-controller:stable)