ScriptsApr 16, 2026·3 min read

Concourse — Container-Native CI/CD with Pipelines as Code

Build reliable CI/CD pipelines with Concourse. Every step runs in an isolated container, pipelines are declarative YAML, and the resource model makes dependencies explicit and reproducible.

Script Depot
Script Depot · Community
TL;DR
Concourse runs every CI/CD task in an isolated container with declarative YAML pipelines and explicit dependencies.
§01

What it is

Concourse is an open-source CI/CD system where every task runs in its own OCI container. Pipelines are defined in declarative YAML, and the resource model makes dependencies between jobs explicit and reproducible. Unlike Jenkins or GitHub Actions, Concourse treats pipelines as first-class code with no implicit state.

Concourse is for DevOps teams and platform engineers who need reproducible, auditable CI/CD pipelines. Its container-per-task model ensures that builds run identically regardless of where the worker runs.

§02

How it saves time or tokens

Concourse's resource model eliminates hidden dependencies. Every input and output is declared explicitly, so you never encounter 'works on my machine' pipeline failures. When a pipeline breaks, you know exactly which resource changed.

The container-per-task isolation means no shared state between jobs. You do not need to clean workspaces, manage tool versions on shared runners, or worry about one job corrupting another's environment.

§03

How to use

  1. Start Concourse with Docker Compose:
curl -O https://concourse-ci.org/docker-compose.yml
docker-compose up -d
  1. Log in with the fly CLI:
fly -t local login -c http://localhost:8080 -u test -p test
  1. Define a pipeline in YAML and set it:
# pipeline.yml
resources:
- name: repo
  type: git
  source:
    uri: https://github.com/org/app.git
    branch: main

jobs:
- name: test
  plan:
  - get: repo
    trigger: true
  - task: run-tests
    config:
      platform: linux
      image_resource:
        type: registry-image
        source: { repository: node, tag: '20' }
      inputs:
      - name: repo
      run:
        path: sh
        args: ['-c', 'cd repo && npm ci && npm test']
fly -t local set-pipeline -p my-pipeline -c pipeline.yml
fly -t local unpause-pipeline -p my-pipeline
§04

Example

A multi-stage pipeline with build, test, and deploy:

jobs:
- name: build
  plan:
  - get: repo
    trigger: true
  - task: compile
    config:
      platform: linux
      image_resource:
        type: registry-image
        source: { repository: golang, tag: '1.22' }
      inputs: [{ name: repo }]
      outputs: [{ name: binary }]
      run:
        path: sh
        args: ['-c', 'cd repo && go build -o ../binary/app .']
  - put: artifact-bucket
    params: { file: binary/app }
§05

Related on TokRepo

§06

Common pitfalls

  • Concourse has a steeper learning curve than GitHub Actions or GitLab CI. The resource model is powerful but requires understanding inputs, outputs, and triggers before writing your first pipeline.
  • Worker scaling is manual. Unlike cloud CI services, you manage your own Concourse workers. Under-provisioned workers cause queued builds.
  • Concourse does not have built-in secret management. Integrate with Vault, AWS Secrets Manager, or CredHub for secure credential handling.

Frequently Asked Questions

How does Concourse compare to Jenkins?+

Concourse runs every task in a fresh container with no shared state. Jenkins runs tasks on shared agents with plugins that accumulate state over time. Concourse pipelines are declarative YAML; Jenkins uses Groovy-based Jenkinsfiles. Concourse is simpler but less extensible than Jenkins.

What is a Concourse resource?+

A resource is an external entity that Concourse tracks and interacts with -- a Git repository, an S3 bucket, a Docker image, or a Slack channel. Resources have get (input), put (output), and check (detect changes) operations. The resource model is what makes pipelines explicit and reproducible.

Can Concourse run on Kubernetes?+

Yes. Concourse provides a Helm chart for Kubernetes deployment. Workers run as pods, and the web UI and ATC (Air Traffic Controller) run as Kubernetes services. This is the recommended production deployment method.

Does Concourse support parallel jobs?+

Yes. Jobs with no dependencies run in parallel by default. You can also use the in_parallel step within a job to run multiple tasks concurrently. Worker capacity determines the actual parallelism.

How does Concourse handle secrets?+

Concourse integrates with external secret managers: HashiCorp Vault, AWS Secrets Manager, and CredHub. Secrets are referenced in pipeline YAML using double-parenthesis syntax like ((aws-access-key)) and resolved at runtime from the configured secret backend.

Citations (3)
Related on TokRepo
DevOps AI toolsAutomation toolsFeatured workflows

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

doctest — The Fastest Feature-Rich C++ Testing Framework

doctest is a single-header C++ testing framework designed for minimal compile-time overhead and maximum speed.

Script Depot

Chai — BDD/TDD Assertion Library for Node.js

Chai is a flexible assertion library for Node.js and browsers that supports expect, should, and assert styles.

Script Depot

Supertest — HTTP Assertion Library for Node.js APIs

Supertest provides a high-level API for testing HTTP servers in Node.js with fluent assertion chaining.

Script Depot
Home🔍Search👤Me