docs: Add blog post for using pac git auth secret to avoid rate limit #2190
+103
β0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chmouel
changed the title
There was a problem hiding this comment.
Pull Request Overview
This PR adds a comprehensive documentation guide explaining how to use Pipelines-as-Code's git_auth_secret variable to avoid rate limiting when fetching Git resources and accessing private repositories.
- Introduces a new blog post documenting the
git_auth_secretfeature and its usage patterns - Provides step-by-step instructions for implementing authenticated Git operations in Tekton pipelines
- Includes practical examples showing pipeline design and PipelineRun configuration
docs/content/docs/blog/using-pac-git-auth-secret-to-avoid-rate-limiting.md
Outdated
Show resolved
Hide resolved
docs/content/docs/blog/using-pac-git-auth-secret-to-avoid-rate-limiting.md
Outdated
Show resolved
Hide resolved
chmouel
changed the title
chmouel
force-pushed
the
docs-add-guide-for-git-authentication-secret-to-av
branch
from
7b28a50 to
c5a478e
Compare
* Added new blog post
`using-pac-git-auth-secret-to-avoid-rate-limiting.md`.
* Explained how to use PaC's `{{ git_auth_secret }}` for authenticated
Git
operations.
* Described how this mechanism helps prevent Git provider rate
limiting.
* Demonstrated accessing private Git resources securely within Tekton
pipelines.
* Updated `.gitignore` to exclude `.gemini` files.
Co-authored-by: Gemini - gemini-2.5-pro
Signed-off-by: Chmouel Boudjnah <chmouel@redhat.com>
chmouel
force-pushed
the
docs-add-guide-for-git-authentication-secret-to-av
branch
from
c5a478e to
e18cd46
Compare
praiskup
reviewed
Jul 30, 2025
|
|
||
| Pipelines-as-Code (PaC) solves this elegantly by automatically generating a temporary, scoped authentication token for each `PipelineRun`. This token is stored in a Kubernetes `Secret`, and its name is made available to your `PipelineRun` through the built-in `{{ git_auth_secret }}` variable. | ||
|
|
||
| This guide shows how to use `{{ git_auth_secret }}` to enable authenticated Git operations with the `git` resolver, helping you avoid rate-limiting and access private resources securely. |
There was a problem hiding this comment.
Why not to link this post with: https://github.com/tektoncd/community/blob/main/teps/0161-resolver-caching.md
praiskup
reviewed
Jul 30, 2025
|
|
||
| You do not need to create any secrets manually. Simply reference the PaC variable `{{ git_auth_secret }}` in your `PipelineRun` template file (e.g., `.tekton/pipelinerun.yaml`). | ||
|
|
||
| PaC will substitute this placeholder with the name of the auto-generated secret at runtime. |
There was a problem hiding this comment.
This has a big limitation; it means that both the referred pipeline/task , and the project being built share the Git forge, IOW that the generated PaC secret may be used to authenticate against both of the repositories.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
docs: Add guide for Git authentication secret to avoid rate limits
π Linked GitHub Issue
Fixes #
π¨π»β Linked Jira
π Type of Change
fix:)feat:)feat!:,fix!:)docs:)chore:)refactor:)enhance:)π§ͺ Testing Strategy
β Submitter Checklist
fix:,feat:) matches the "Type of Change" I selected above.make testandmake lintlocally to check for and fix anyissues. For an efficient workflow, I have considered installing
pre-commit and running
pre-commit installtoautomate these checks.