CloudEvents bridge for Tekton Pipelines

Tekton emits CloudEvents. Your platforms get updated. Automatically.

Turn PipelineRun and TaskRun events into commit statuses, PR comments, labels, deployments and chat notifications — with CEL-based routing and Go-template customization. No notification Tasks in your pipelines.

$ helm install tekton-events-relay oci://ghcr.io/fabioluciano/charts/tekton-events-relay

// Why

Keep notification logic out of your pipelines

Without the relay

Reporting CI status means adding notification Tasks and finally blocks to every pipeline — duplicating credentials, API calls and formatting logic everywhere. Pipelines bloat with plumbing instead of build/test/deploy.

With the relay

Pipelines stay clean: one deployment, one config. Routing decisions live in CEL expressions — not in pipeline YAML. Add or remove integrations without ever redeploying a pipeline.

// Configuration

Route events with CEL, format them with Go templates

commit status, filtered by CEL

scm:
  github:
    - name: main-instance
      enabled: true
      actions:
        - name: commit-status
          type: commit_status
          when: 'event.Resource == "pipelinerun"
                 && event.Repo.Owner == "myorg"'
          filter:
            pipelines:
              allow: ["ci-pipeline", "release-pipeline"]

slack alert, production failures only

notifiers:
  slack:
    - name: production-alerts
      channel: "#production-alerts"
      when: 'event.Namespace == "production"
             && event.State == "failure"'
      template: |
        :rotating_light: *PRODUCTION FAILURE*
        *Pipeline:* {{.PipelineName}}
        *Commit:* `{{.CommitSHA}}`

// Integrations

One relay, every platform your team looks at

Eight SCM actions across six providers — plus eight notification channels.

ActionGitHubGitLabGiteaBitbucketAzure DevOpsSourceHut
commit_status
commit_comment
pr_comment (+ upsert)✓*
issue_comment
discussion_comment
check_run
deployment_status
label (add/remove)

* Bitbucket Cloud supports mode: upsert; Bitbucket Server falls back to create.  ·  Notifiers: Slack, Microsoft Teams, Discord, PagerDuty, Datadog, Grafana annotations, Sentry releases and generic webhooks.

// Production-ready by default

Built like infrastructure, not a webhook script

ReliabilityFailures are expected, not fatal

Exponential-backoff retries with jitter and Retry-After awareness, per-handler timeouts, HTTP 503 back-pressure, and a dead letter queue with replay.

CorrectnessExactly the updates you meant

Event deduplication, idempotent comments (mode: upsert), and pluggable state backends — memory, Valkey or Olric — for multi-replica deployments.

OperationsBoring to run on purpose

Hot configuration reload, rich /readyz probes, Prometheus metrics and OpenTelemetry tracing out of the box.

SecurityVerifiable supply chain

HMAC webhook validation with replay protection, native TLS with custom CA support, and Cosign-signed releases logged in Sigstore Rekor.

// Quickstart

Running in three commands

1

Install Tekton Pipelines (if you haven't)

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
2

Create your provider secret

kubectl create secret generic github-token \
  --namespace tekton-events-relay \
  --from-literal=token="ghp_your_personal_access_token"
3

Install the relay via Helm

helm install tekton-events-relay \
  oci://ghcr.io/fabioluciano/charts/tekton-events-relay \
  --namespace tekton-events-relay --create-namespace \
  --set config.scm.github[0].enabled=true \
  --set config.scm.github[0].auth.secretName=github-token

Then point Tekton's CloudEvents sink at the relay and you're done — full walkthrough in the Quickstart guide.

// Documentation

Everything is documented