shipwright-io · IrvingMg · Mar 22, 2026
diff --git a/README.md b/README.md
@@ -41,6 +41,21 @@ spec:
 
 The operator will deploy Shipwright Builds in the provided `targetNamespace`.
 When `.spec.targetNamespace` is not set, the namespace will default to `shipwright-build`.
+
+To deploy [Shipwright Triggers](https://github.com/shipwright-io/triggers), add the `triggers` field:
+
+```yaml
+---
+apiVersion: operator.shipwright.io/v1alpha1
+kind: ShipwrightBuild
+metadata:
+  name: shipwright-operator
+spec:
+  targetNamespace: shipwright-build
+  triggers:
+    deployment: Enabled
+```
+
 Refer to the [ShipwrightBuild documentation](docs/shipwrightbuild.md) for more information about this custom resource.
 
 The operator handles differents environment variables to customize Shiprwright controller installation:
@@ -52,6 +67,7 @@ The operator handles differents environment variables to customize Shiprwright c
 - IMAGE_SHIPWRIGHT_BUNDLE_CONTAINER_IMAGE: defines the Shipwright Bundle Image to use
 - IMAGE_SHIPWRIGHT_WAITER_CONTAINER_IMAGE: defines the Shipwright Waiter Image to use
 - IMAGE_SHIPWRIGHT_SHIPWRIGHT_BUILD_WEBHOOK: defines the Shipwright Build Webhook Image to use
+- IMAGE_SHIPWRIGHT_SHIPWRIGHT_TRIGGERS: defines the Shipwright Triggers Image to use
 
 For more information about the function of these images, please consider the Shipwright Build doc https://github.com/shipwright-io/build/blob/main/docs/configuration.md
 

diff --git a/api/v1alpha1/shipwrightbuild_types.go b/api/v1alpha1/shipwrightbuild_types.go
@@ -8,10 +8,47 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+// TriggersDeployment indicates whether the Shipwright Triggers component
+// should be deployed.
+// +kubebuilder:validation:Enum=Enabled;Disabled
+type TriggersDeployment string
+
+const (
+	// TriggersDeploymentEnabled indicates that the Shipwright Triggers
+	// component should be deployed.
+	TriggersDeploymentEnabled TriggersDeployment = "Enabled"
+	// TriggersDeploymentDisabled indicates that the Shipwright Triggers
+	// component should not be deployed.
+	TriggersDeploymentDisabled TriggersDeployment = "Disabled"
+)
+
+// TriggersSpec defines the desired state of the Triggers component.
+type TriggersSpec struct {
+	// Deployment controls whether the triggers component is deployed.
+	// Defaults to "Disabled".
+	// +kubebuilder:default=Disabled
+	// +optional
+	Deployment TriggersDeployment `json:"deployment,omitempty"`
+}
+
 // ShipwrightBuildSpec defines the configuration of a Shipwright Build deployment.
 type ShipwrightBuildSpec struct {
 	// TargetNamespace is the target namespace where Shipwright's build controller will be deployed.
 	TargetNamespace string `json:"targetNamespace,omitempty"`
+
+	// Triggers configures the deployment of the Shipwright Triggers component.
+	// When omitted, triggers are not deployed.
+	// +optional
+	Triggers *TriggersSpec `json:"triggers,omitempty"`
+}
+
+// TriggersEnabled returns true if the Triggers component should be deployed.
+// Triggers are only deployed when spec.triggers.deployment is set to "Enabled".
+func (s *ShipwrightBuildSpec) TriggersEnabled() bool {
+	if s.Triggers == nil {
+		return false
+	}
+	return s.Triggers.Deployment == TriggersDeploymentEnabled
 }
 
 // ShipwrightBuildStatus defines the observed state of ShipwrightBuild

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/bundle/manifests/operator.shipwright.io_shipwrightbuilds.yaml b/bundle/manifests/operator.shipwright.io_shipwrightbuilds.yaml
@@ -45,6 +45,21 @@ spec:
                 description: TargetNamespace is the target namespace where Shipwright's
                   build controller will be deployed.
                 type: string
+              triggers:
+                description: |-
+                  Triggers configures the deployment of the Shipwright Triggers component.
+                  When omitted, triggers are not deployed.
+                properties:
+                  deployment:
+                    default: Disabled
+                    description: |-
+                      Deployment controls whether the triggers component is deployed.
+                      Defaults to "Disabled".
+                    enum:
+                    - Enabled
+                    - Disabled
+                    type: string
+                type: object
             type: object
           status:
             description: ShipwrightBuildStatus defines the observed state of ShipwrightBuild

diff --git a/bundle/manifests/shipwright-operator.clusterserviceversion.yaml b/bundle/manifests/shipwright-operator.clusterserviceversion.yaml
@@ -325,6 +325,17 @@ spec:
           - delete
           - patch
           - update
+        - apiGroups:
+          - ""
+          resourceNames:
+          - shipwright-triggers
+          resources:
+          - serviceaccounts
+          - services
+          verbs:
+          - delete
+          - patch
+          - update
         - apiGroups:
           - admissionregistration.k8s.io
           - admissionregistration.k8s.io/v1beta1
@@ -389,6 +400,16 @@ spec:
           - delete
           - patch
           - update
+        - apiGroups:
+          - apps
+          resourceNames:
+          - shipwright-triggers
+          resources:
+          - deployments
+          verbs:
+          - delete
+          - patch
+          - update
         - apiGroups:
           - apps
           resourceNames:
@@ -405,6 +426,14 @@ spec:
           - deployments/finalizers
           verbs:
           - update
+        - apiGroups:
+          - apps
+          resourceNames:
+          - shipwright-triggers
+          resources:
+          - deployments/finalizers
+          verbs:
+          - update
         - apiGroups:
           - cert-manager.io
           resourceNames:
@@ -505,6 +534,19 @@ spec:
           - delete
           - patch
           - update
+        - apiGroups:
+          - rbac.authorization.k8s.io
+          resourceNames:
+          - shipwright-triggers
+          resources:
+          - clusterrolebindings
+          - clusterroles
+          - rolebindings
+          - roles
+          verbs:
+          - delete
+          - patch
+          - update
         - apiGroups:
           - rbac.authorization.k8s.io
           resourceNames:
@@ -549,6 +591,50 @@ spec:
           - subjectaccessreviews
           verbs:
           - create
+        - apiGroups:
+          - shipwright.io
+          resources:
+          - buildruns
+          verbs:
+          - create
+          - get
+          - list
+          - update
+          - watch
+        - apiGroups:
+          - shipwright.io
+          resources:
+          - builds
+          verbs:
+          - get
+          - list
+          - watch
+        - apiGroups:
+          - tekton.dev
+          resources:
+          - customruns
+          verbs:
+          - get
+          - list
+          - watch
+        - apiGroups:
+          - tekton.dev
+          resources:
+          - customruns/finalizers
+          - customruns/status
+          verbs:
+          - patch
+          - update
+        - apiGroups:
+          - tekton.dev
+          resources:
+          - pipelineruns
+          verbs:
+          - get
+          - list
+          - patch
+          - update
+          - watch
         serviceAccountName: shipwright-operator
       deployments:
       - label:

diff --git a/config/crd/bases/operator.shipwright.io_shipwrightbuilds.yaml b/config/crd/bases/operator.shipwright.io_shipwrightbuilds.yaml
@@ -45,6 +45,21 @@ spec:
                 description: TargetNamespace is the target namespace where Shipwright's
                   build controller will be deployed.
                 type: string
+              triggers:
+                description: |-
+                  Triggers configures the deployment of the Shipwright Triggers component.
+                  When omitted, triggers are not deployed.
+                properties:
+                  deployment:
+                    default: Disabled
+                    description: |-
+                      Deployment controls whether the triggers component is deployed.
+                      Defaults to "Disabled".
+                    enum:
+                    - Enabled
+                    - Disabled
+                    type: string
+                type: object
             type: object
           status:
             description: ShipwrightBuildStatus defines the observed state of ShipwrightBuild

diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
@@ -20,3 +20,5 @@ resources:
 - shipwright_build_aggregate_role_binding.yaml
 - shipwright_build_webhook_role.yaml
 - shipwright_build_webhook_role_binding.yaml
+- shipwright_triggers_controller_role.yaml
+- shipwright_triggers_controller_role_binding.yaml
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -51,6 +51,17 @@ rules:
   - delete
   - patch
   - update
+- apiGroups:
+  - ""
+  resourceNames:
+  - shipwright-triggers
+  resources:
+  - serviceaccounts
+  - services
+  verbs:
+  - delete
+  - patch
+  - update
 - apiGroups:
   - admissionregistration.k8s.io
   - admissionregistration.k8s.io/v1beta1
@@ -115,6 +126,16 @@ rules:
   - delete
   - patch
   - update
+- apiGroups:
+  - apps
+  resourceNames:
+  - shipwright-triggers
+  resources:
+  - deployments
+  verbs:
+  - delete
+  - patch
+  - update
 - apiGroups:
   - apps
   resourceNames:
@@ -131,6 +152,14 @@ rules:
   - deployments/finalizers
   verbs:
   - update
+- apiGroups:
+  - apps
+  resourceNames:
+  - shipwright-triggers
+  resources:
+  - deployments/finalizers
+  verbs:
+  - update
 - apiGroups:
   - cert-manager.io
   resourceNames:
@@ -231,6 +260,19 @@ rules:
   - delete
   - patch
   - update
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resourceNames:
+  - shipwright-triggers
+  resources:
+  - clusterrolebindings
+  - clusterroles
+  - rolebindings
+  - roles
+  verbs:
+  - delete
+  - patch
+  - update
 - apiGroups:
   - rbac.authorization.k8s.io
   resourceNames:

diff --git a/config/rbac/shipwright_triggers_controller_role.yaml b/config/rbac/shipwright_triggers_controller_role.yaml
@@ -0,0 +1,20 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: triggers-controller
+rules:
+  - apiGroups: ['shipwright.io']
+    resources: ['buildruns']
+    verbs: ['create', 'get', 'list', 'update', 'watch']
+  - apiGroups: ['shipwright.io']
+    resources: ['builds']
+    verbs: ['get', 'list', 'watch']
+  - apiGroups: ['tekton.dev']
+    resources: ['customruns']
+    verbs: ['get', 'list', 'watch']
+  - apiGroups: ['tekton.dev']
+    resources: ['customruns/finalizers', 'customruns/status']
+    verbs: ['patch', 'update']
+  - apiGroups: ['tekton.dev']
+    resources: ['pipelineruns']
+    verbs: ['get', 'list', 'patch', 'update', 'watch']
diff --git a/config/rbac/shipwright_triggers_controller_role_binding.yaml b/config/rbac/shipwright_triggers_controller_role_binding.yaml
@@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: triggers-controller
+roleRef:
+  kind: ClusterRole
+  name: triggers-controller
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+- kind: ServiceAccount
+  name: operator
+  namespace: system