openshift-pipelines
diff --git a/‎docs/content/docs/guide/cli.md‎
Lines changed: 108 additions & 0 deletions b/‎docs/content/docs/guide/cli.md‎
Lines changed: 108 additions & 0 deletions
diff --git a/‎go.mod‎
Lines changed: 3 additions & 2 deletions b/‎go.mod‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎go.sum‎
Lines changed: 7 additions & 4 deletions b/‎go.sum‎
Lines changed: 7 additions & 4 deletions
diff --git a/‎pkg/cel/cel.go‎
Lines changed: 38 additions & 0 deletions b/‎pkg/cel/cel.go‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎pkg/cmd/tknpac/cel/bitbucketcloud.go‎
Lines changed: 10 additions & 0 deletions b/‎pkg/cmd/tknpac/cel/bitbucketcloud.go‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎pkg/cmd/tknpac/cel/bitbucketdatacenter.go‎
Lines changed: 10 additions & 0 deletions b/‎pkg/cmd/tknpac/cel/bitbucketdatacenter.go‎
Lines changed: 10 additions & 0 deletions
@@ -409,6 +409,114 @@ You can specify a different directory than the current one by using the -d/--dir
 
 {{< /details >}}
 
+{{< details "tkn pac cel" >}}
+
+### CEL Expression Evaluator
+
+{{< hint danger >}}
+The CEL evaluator is only useful for admins, since the payload and headers as seen by Pipelines-as-Code needs to be provided and is only available to the repository or GitHub app admins.
+{{< /hint >}}
+`tkn pac cel` — Evaluate CEL (Common Expression Language) expressions interactively with webhook payloads.
+
+This command allows you to test and debug CEL expressions as they would be evaluated by Pipelines-as-Code, using real webhook payloads and headers. It supports interactive and non-interactive modes, provider auto-detection, and persistent history.
+
+To be able to have the CEL evaluator working, you need to have the payload and the headers available in a file. The best way to do this is to go to the webhook configuration on your git provider and copy the payload and headers to different files.
+
+The payload is the JSON content of the webhook request, The headers file supports multiple formats:
+
+1. **Plain HTTP headers format** (as shown above)
+2. **JSON format**:
+
+   ```json
+   {
+     "X-GitHub-Event": "pull_request",
+     "Content-Type": "application/json",
+     "User-Agent": "GitHub-Hookshot/2d5e4d4"
+   }
+   ```
+
+3. **Gosmee-generated shell scripts**: The command automatically detects and parses shell scripts generated by [gosmee](https://github.com/chmouel/gosmee) which are generated when using the `--save` feature, extracting headers from curl commands with `-H` flags:
+
+   ```bash
+   #!/usr/bin/env bash
+   curl -X POST "http://localhost:8080/" \
+     -H "X-GitHub-Event: pull_request" \
+     -H "Content-Type: application/json" \
+     -H "User-Agent: GitHub-Hookshot/2d5e4d4" \
+     -d @payload.json
+   ```
+
+#### Usage
+
+```shell
+tkn pac cel -b <body.json> -H <headers.txt>
+```
+
+* `-b, --body`: Path to JSON body file (webhook payload)
+* `-H, --headers`: Path to headers file (plain text, JSON, or gosmee script)
+* `-p, --provider`: Provider (auto, github, gitlab, bitbucket-cloud, bitbucket-datacenter, gitea)
+
+#### Interactive Mode
+
+If run in a terminal, you'll get a prompt:
+
+```console
+CEL expression> 
+```
+
+* Use ↑/↓ arrows to navigate history.
+* History is saved and loaded automatically.
+* Press Enter on an empty line to exit.
+
+#### Non-Interactive Mode
+
+Pipe expressions via stdin:
+
+```shell
+echo 'event == "pull_request"' | tkn pac cel -b body.json -H headers.txt
+```
+
+#### Available Variables
+
+* **Direct variables** (top-level, as per PAC documentation):
+  * `event` — event type (push, pull_request)
+  * `target_branch` — target branch name
+  * `source_branch` — source branch name
+  * `target_url` — target repository URL
+  * `source_url` — source repository URL
+  * `event_title` — PR title or commit message
+
+* **Webhook payload** (`body.*`): All fields from the webhook JSON.
+* **HTTP headers** (`headers.*`): All HTTP headers.
+* **Files** (`files.*`): Always empty in CLI mode.  
+  **Note:** `fileChanged`, `fileDeleted`, `fileModified` and similar functions are **not implemented yet** in the CLI.
+* **PAC Parameters** (`pac.*`): All variables for backward compatibility.
+
+#### Example Expressions
+
+```text
+event == "pull_request" && target_branch == "main"
+event == "pull_request" && source_branch.matches(".*feat/.*")
+body.action == "synchronize"
+!body.pull_request.draft
+headers['x-github-event'] == "pull_request"
+event == "pull_request" && target_branch != "experimental"
+```
+
+#### Limitations
+
+* `files.*` variables are always empty in CLI mode.
+* Functions like `fileChanged`, `fileDeleted`, `fileModified` are **not implemented yet** in the CLI.
+
+#### Cross-Platform History
+
+* History is saved in a cache directory:
+  * Linux/macOS: `~/.cache/tkn-pac/cel-history`
+  * Windows: `%USERPROFILE%\.cache\tkn-pac\cel-history`
+* The directory is created automatically if it does not exist.
+
+{{< /details >}}
+
 ## Screenshot
 
 ![tkn-plug-in](/images/tkn-pac-cli.png)
@@ -9,6 +9,7 @@ require (
 	code.gitea.io/sdk/gitea v0.21.0
 	github.com/AlecAivazis/survey/v2 v2.3.7
 	github.com/bradleyfalzon/ghinstallation/v2 v2.15.0
+	github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e
 	github.com/cloudevents/sdk-go/v2 v2.16.0
 	github.com/fvbommel/sortorder v1.1.0
 	github.com/gobwas/glob v0.2.3
@@ -128,8 +129,8 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/crypto v0.37.0 // indirect
 	golang.org/x/net v0.39.0 // indirect
-	golang.org/x/sys v0.33.0 // indirect
-	golang.org/x/term v0.31.0 // indirect
+	golang.org/x/sys v0.35.0 // indirect
+	golang.org/x/term v0.34.0
 	golang.org/x/time v0.11.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
 	google.golang.org/api v0.231.0 // indirect
 
@@ -87,8 +87,11 @@ github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5OhCuC+XN+r/bBCmeuuJtjz+bCNIf8=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cloudevents/sdk-go/observability/opencensus/v2 v2.15.2 h1:AbtPqiUDzKup5JpTZzO297/QXgL/TAdpdXQCNwLzlaM=
@@ -685,8 +688,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
-golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
+golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -696,8 +699,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-golang.org/x/term v0.31.0 h1:erwDkOK1Msy6offm1mOgvspSkslFnIGsFnxOKoufg3o=
-golang.org/x/term v0.31.0/go.mod h1:R4BeIy7D95HzImkxGkTW1UQTtP54tio2RyHz7PwK0aw=
+golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4=
+golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 
@@ -55,12 +55,50 @@ func Value(query string, body any, headers, pacParams map[string]string, changed
 			decls.NewVariable("headers", mapStrDyn),
 			decls.NewVariable("pac", mapStrDyn),
 			decls.NewVariable("files", mapStrDyn),
+			// Direct variables as per documentation
+			decls.NewVariable("event", types.StringType),
+			decls.NewVariable("event_type", types.StringType),
+			decls.NewVariable("target_branch", types.StringType),
+			decls.NewVariable("source_branch", types.StringType),
+			decls.NewVariable("target_url", types.StringType),
+			decls.NewVariable("source_url", types.StringType),
+			decls.NewVariable("event_title", types.StringType),
+			decls.NewVariable("revision", types.StringType),
+			decls.NewVariable("repo_owner", types.StringType),
+			decls.NewVariable("repo_name", types.StringType),
+			decls.NewVariable("sender", types.StringType),
+			decls.NewVariable("repo_url", types.StringType),
+			decls.NewVariable("git_tag", types.StringType),
+			decls.NewVariable("target_namespace", types.StringType),
+			decls.NewVariable("trigger_comment", types.StringType),
+			decls.NewVariable("pull_request_labels", types.StringType),
+			decls.NewVariable("pull_request_number", types.StringType),
+			decls.NewVariable("git_auth_secret", types.StringType),
 		))
 	val, err := evaluate(query, celDec, map[string]any{
 		"body":    jsonMap,
 		"pac":     pacParams,
 		"headers": headers,
 		"files":   changedFiles,
+		// Direct variables - all from pacParams
+		"event":               pacParams["event"],
+		"event_type":          pacParams["event_type"],
+		"target_branch":       pacParams["target_branch"],
+		"source_branch":       pacParams["source_branch"],
+		"target_url":          pacParams["target_url"],
+		"source_url":          pacParams["source_url"],
+		"event_title":         pacParams["event_title"],
+		"revision":            pacParams["revision"],
+		"repo_owner":          pacParams["repo_owner"],
+		"repo_name":           pacParams["repo_name"],
+		"sender":              pacParams["sender"],
+		"repo_url":            pacParams["repo_url"],
+		"git_tag":             pacParams["git_tag"],
+		"target_namespace":    pacParams["target_namespace"],
+		"trigger_comment":     pacParams["trigger_comment"],
+		"pull_request_labels": pacParams["pull_request_labels"],
+		"pull_request_number": pacParams["pull_request_number"],
+		"git_auth_secret":     pacParams["git_auth_secret"],
 	})
 	if err != nil {
 		return nil, err
 
@@ -0,0 +1,10 @@
+package cel
+
+import (
+	"github.com/openshift-pipelines/pipelines-as-code/pkg/params/info"
+)
+
+// eventFromBitbucketCloud parses Bitbucket Cloud webhook payload for CEL evaluation.
+func eventFromBitbucketCloud(bodyBytes []byte, headers map[string]string) (*info.Event, error) {
+	return parseWebhookForCEL(bodyBytes, headers, &BitbucketCloudParser{})
+}
@@ -0,0 +1,10 @@
+package cel
+
+import (
+	"github.com/openshift-pipelines/pipelines-as-code/pkg/params/info"
+)
+
+// eventFromBitbucketDataCenter parses Bitbucket Data Center webhook payload for CEL evaluation.
+func eventFromBitbucketDataCenter(bodyBytes []byte, headers map[string]string) (*info.Event, error) {
+	return parseWebhookForCEL(bodyBytes, headers, &BitbucketDataCenterParser{})
+}