openshift-pipelines
diff --git a/‎docs/content/docs/guide/customparams.md‎
Lines changed: 66 additions & 0 deletions b/‎docs/content/docs/guide/customparams.md‎
Lines changed: 66 additions & 0 deletions
diff --git a/‎docs/content/docs/guide/matchingevents.md‎
Lines changed: 1 addition & 0 deletions b/‎docs/content/docs/guide/matchingevents.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎pkg/matcher/annotation_matcher.go‎
Lines changed: 64 additions & 1 deletion b/‎pkg/matcher/annotation_matcher.go‎
Lines changed: 64 additions & 1 deletion
@@ -122,3 +122,69 @@ and a pull request event.
 - [GitHub Documentation for webhook events](https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads?actionType=auto_merge_disabled#pull_request)
 - [GitLab Documentation for webhook events](https://docs.gitlab.com/ee/user/project/integrations/webhook_events.html)
 {{< /hint >}}
+
+### Using custom parameters in CEL matching expressions
+
+In addition to template expansion (`{{ param }}`), custom parameters defined in the Repository CR are available as CEL variables in the `on-cel-expression` annotation. This allows you to control which PipelineRuns are triggered based on repository-specific configuration.
+
+For example, with this Repository CR configuration:
+
+```yaml
+apiVersion: "pipelinesascode.tekton.dev/v1alpha1"
+kind: Repository
+metadata:
+  name: my-repo
+spec:
+  url: "https://github.com/owner/repo"
+  params:
+    - name: enable_ci
+      value: "true"
+    - name: environment
+      value: "staging"
+```
+
+You can use these parameters directly in your PipelineRun's CEL expression:
+
+```yaml
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  name: my-pipeline
+  annotations:
+    pipelinesascode.tekton.dev/on-cel-expression: |
+      event == "push" && enable_ci == "true" && environment == "staging"
+spec:
+  # ... pipeline spec
+```
+
+This approach is particularly useful for:
+
+- **Conditional CI**: Enable or disable CI for specific repositories without changing PipelineRun files
+- **Environment-specific matching**: Run different pipelines based on environment configuration
+- **Feature flags**: Control which pipelines run using repository-level feature flags
+
+Custom parameters from secrets are also available:
+
+```yaml
+spec:
+  params:
+    - name: api_key
+      secret_ref:
+        name: my-secret
+        key: key
+```
+
+```yaml
+
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  name: my-pipeline-with-secret
+  annotations:
+    pipelinesascode.tekton.dev/on-cel-expression: |
+      event == "push" && api_key != ""
+spec:
+  # ... pipeline spec
+```
+
+For more information on CEL expressions and event matching, see the [Advanced event matching using CEL]({{< relref "/docs/guide/matchingevents#advanced-event-matching-using-cel" >}}) documentation.
@@ -309,6 +309,7 @@ The fields available are:
 | `headers`         | The full set of headers as passed by the Git provider. Example: `headers['x-github-event']` retrieves the event type on GitHub.  |
 | `.pathChanged`    | A suffix function to a string that can be a glob of a path to check if changed. (Supported only for `GitHub` and `GitLab` providers.) |
 | `files`           | The list of files that changed in the event (`all`, `added`, `deleted`, `modified`, and `renamed`). Example: `files.all` or `files.deleted`. For pull requests, every file belonging to the pull request will be listed. |
+| Custom params     | Any [custom parameters]({{< relref "/docs/guide/customparams" >}}) defined in the Repository CR `spec.params` are available as CEL variables. Example: `enable_ci == "true"`. See [Using custom parameters in CEL matching expressions]({{< relref "/docs/guide/customparams#using-custom-parameters-in-cel-matching-expressions" >}}) for details. |
 
 CEL expressions let you do more complex filtering compared to the simple `on-target` annotation matching and enable more advanced scenarios.
 
 
@@ -9,9 +9,11 @@ import (
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/apis/pipelinesascode"
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/apis/pipelinesascode/keys"
 	apipac "github.com/openshift-pipelines/pipelines-as-code/pkg/apis/pipelinesascode/v1alpha1"
+	"github.com/openshift-pipelines/pipelines-as-code/pkg/customparams"
 	pacerrors "github.com/openshift-pipelines/pipelines-as-code/pkg/errors"
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/events"
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/formatting"
+	"github.com/openshift-pipelines/pipelines-as-code/pkg/kubeinteraction"
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/opscomments"
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/params"
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/params/info"
@@ -210,6 +212,9 @@ func MatchPipelinerunByAnnotation(ctx context.Context, logger *zap.SugaredLogger
 	}
 	logger.Info(infomsg)
 
+	// Cache for custom params resolution per repository (to avoid repeated resolution)
+	customParamsCache := make(map[string]map[string]string)
+
 	celValidationErrors := []*pacerrors.PacYamlValidations{}
 	for _, prun := range pruns {
 		prMatch := Match{
@@ -280,7 +285,30 @@ func MatchPipelinerunByAnnotation(ctx context.Context, logger *zap.SugaredLogger
 		if celExpr, ok := prun.GetObjectMeta().GetAnnotations()[keys.OnCelExpression]; ok {
 			checkPipelineRunAnnotation(prun, eventEmitter, repo)
 
-			out, err := celEvaluate(ctx, celExpr, event, vcx)
+			// Determine the effective repository for this PipelineRun
+			effectiveRepo := repo
+			if prMatch.Repo != nil {
+				effectiveRepo = prMatch.Repo
+			}
+
+			// Resolve custom params for the effective repository (with caching)
+			var customParams map[string]string
+			if effectiveRepo != nil {
+				cacheKey := effectiveRepo.GetNamespace() + "/" + effectiveRepo.GetName()
+				if cached, found := customParamsCache[cacheKey]; found {
+					customParams = cached
+				} else {
+					customParams = resolveCustomParamsForCEL(ctx, effectiveRepo, event, cs, vcx, eventEmitter, logger)
+					customParamsCache[cacheKey] = customParams
+					if len(customParams) > 0 {
+						logger.Debugf("resolved %d custom params from repo %s for CEL", len(customParams), cacheKey)
+					}
+				}
+			} else {
+				customParams = map[string]string{}
+			}
+
+			out, err := celEvaluate(ctx, celExpr, event, vcx, customParams)
 			if err != nil {
 				logger.Errorf("there was an error evaluating the CEL expression, skipping: %v", err)
 				if checkIfCELEvaluateError(err) {
@@ -508,3 +536,38 @@ func MatchRunningPipelineRunForIncomingWebhook(eventType, incomingPipelineRun st
 	}
 	return nil
 }
+
+// resolveCustomParamsForCEL resolves custom parameters from the Repository CR for use in CEL expressions.
+// It returns a map of parameter names to values, excluding reserved keywords.
+// All parameters are returned as strings, including those from secret_ref.
+func resolveCustomParamsForCEL(ctx context.Context, repo *apipac.Repository, event *info.Event, cs *params.Run, vcx provider.Interface, eventEmitter *events.EventEmitter, logger *zap.SugaredLogger) map[string]string {
+	if repo == nil || repo.Spec.Params == nil {
+		return map[string]string{}
+	}
+
+	// Create kubeinteraction interface
+	kinteract, err := kubeinteraction.NewKubernetesInteraction(cs)
+	if err != nil {
+		logger.Warnf("failed to create kubernetes interaction for custom params: %s", err.Error())
+		return map[string]string{}
+	}
+
+	// Use existing customparams package to resolve all params
+	cp := customparams.NewCustomParams(event, repo, cs, kinteract, eventEmitter, vcx)
+	allParams, _, err := cp.GetParams(ctx)
+	if err != nil {
+		eventEmitter.EmitMessage(repo, zap.WarnLevel, "CustomParamsCELError",
+			fmt.Sprintf("failed to resolve custom params for CEL: %s", err.Error()))
+		return map[string]string{}
+	}
+
+	// Filter to only include params defined in repo.Spec.Params (not standard PAC params)
+	result := make(map[string]string)
+	for _, param := range *repo.Spec.Params {
+		if value, ok := allParams[param.Name]; ok {
+			result[param.Name] = value
+		}
+	}
+
+	return result
+}