CloudEvents bridge for Tekton Pipelines
Turn PipelineRun and
TaskRun events into commit
statuses, PR comments, labels, deployments and chat notifications — with CEL-based routing and Go-template
customization. No notification Tasks in your pipelines.
// Why
Reporting CI status means adding notification Tasks and finally blocks to every pipeline — duplicating credentials, API calls and formatting logic everywhere. Pipelines bloat with plumbing instead of build/test/deploy.
Pipelines stay clean: one deployment, one config. Routing decisions live in CEL expressions — not in pipeline YAML. Add or remove integrations without ever redeploying a pipeline.
// Configuration
commit status, filtered by CEL
scm: github: - name: main-instance enabled: true actions: - name: commit-status type: commit_status when: 'event.Resource == "pipelinerun" && event.Repo.Owner == "myorg"' filter: pipelines: allow: ["ci-pipeline", "release-pipeline"]
slack alert, production failures only
notifiers: slack: - name: production-alerts channel: "#production-alerts" when: 'event.Namespace == "production" && event.State == "failure"' template: | :rotating_light: *PRODUCTION FAILURE* *Pipeline:* {{.PipelineName}} *Commit:* `{{.CommitSHA}}`
// Integrations
Eight SCM actions across six providers — plus eight notification channels.
| Action | GitHub | GitLab | Gitea | Bitbucket | Azure DevOps | SourceHut |
|---|---|---|---|---|---|---|
commit_status | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
commit_comment | ✓ | ✓ | — | — | — | — |
pr_comment (+ upsert) | ✓ | ✓ | ✓ | ✓* | ✓ | — |
issue_comment | ✓ | — | ✓ | — | — | — |
discussion_comment | ✓ | — | — | — | — | — |
check_run | ✓ | — | — | — | — | — |
deployment_status | ✓ | ✓ | — | — | — | — |
label (add/remove) | ✓ | ✓ | ✓ | — | ✓ | — |
* Bitbucket Cloud supports mode: upsert; Bitbucket Server falls back to create. · Notifiers: Slack, Microsoft Teams, Discord, PagerDuty, Datadog, Grafana annotations, Sentry releases and generic webhooks.
// Production-ready by default
Exponential-backoff retries with jitter and Retry-After awareness, per-handler timeouts, HTTP 503 back-pressure, and a dead letter queue with replay.
Event deduplication, idempotent comments (mode: upsert), and pluggable state backends — memory, Valkey or Olric — for multi-replica deployments.
Hot configuration reload, rich /readyz probes, Prometheus metrics and OpenTelemetry tracing out of the box.
HMAC webhook validation with replay protection, native TLS with custom CA support, and Cosign-signed releases logged in Sigstore Rekor.
// Quickstart
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml kubectl create secret generic github-token \ --namespace tekton-events-relay \ --from-literal=token="ghp_your_personal_access_token"
helm install tekton-events-relay \
oci://ghcr.io/fabioluciano/charts/tekton-events-relay \
--namespace tekton-events-relay --create-namespace \
--set config.scm.github[0].enabled=true \
--set config.scm.github[0].auth.secretName=github-token Then point Tekton's CloudEvents sink at the relay and you're done — full walkthrough in the Quickstart guide.
// Documentation