diff --git a/images/Dockerfile_ansible-podman b/images/Dockerfile_ansible-podman
new file mode 100644
index 0000000..5848b0f
--- /dev/null
+++ b/images/Dockerfile_ansible-podman
@@ -0,0 +1,4 @@
+FROM quay.io/podman/stable:v4.2.1
+
+RUN dnf update && \
+    dnf install -y ansible git
\ No newline at end of file
diff --git a/notes.md b/notes.md
index eb09d86..a411a2d 100644
--- a/notes.md
+++ b/notes.md
@@ -44,6 +44,22 @@ Restart k3s.
 
 Apply rest of the CRDs.
 
+# SSH Secrets
+
+1. `ssh-keygen -t ecdsa -f ./deploy_key`
+2. `ssh-keyscan packages.jpace121.net > ./deploy_known_hosts`
+3. `cat deploy-credentials.yaml`
+   ```
+    apiVersion: v1
+    kind: Secret
+    metadata:
+        name: deploy-credentials
+    type: Opaque
+    data:
+        id_ecdsa: <base64 -w 0 .. >
+        known_hosts: <base64 -w 0 ..>
+  ```
+
 
 # Bad Ideas
 
diff --git a/pipelines/dev-contain-pipeline.yaml b/pipelines/dev-contain-pipeline.yaml
new file mode 100644
index 0000000..1f1b254
--- /dev/null
+++ b/pipelines/dev-contain-pipeline.yaml
@@ -0,0 +1,52 @@
+# A pipeline to build and deploy dev_contain packages.
+# Steps:
+#   Clone the dev_contain repo from gitea and checkout packaging branch.
+#   Call ansible play to build.
+#   Optionally, call play to deploy
+---
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: dev-contain-pipeline
+spec:
+  description: "Build and deploy dev_contain packages."
+  params:
+  - name: branch
+    type: string
+    description: The branch in the repo to call the build script in.
+  - name: deploy
+    type: string
+    description: "'true' if we should deploy the image using ansible."
+  workspaces:
+  - name: shared-data
+    description: Shared data.
+  - name: git-credentials
+    description: tekton git credentials
+  - name: deploy-credentials
+    description: tekton credentials to deployment server
+  tasks:
+  - name: fetch-repo
+    workspaces:
+    - name: output
+      workspace: shared-data
+    - name: ssh-directory
+      workspace: git-credentials
+    params:
+    - name: url
+      value: ssh://git@git.jpace121.net:2222/packaging/dev_contain.git
+    - name: branch
+      value: $(params.branch)
+    taskRef:
+      name: j7s-git-clone
+  - name: build
+    runAfter: ["fetch-repo"]
+    workspaces:
+    - name: source
+      workspace: shared-data
+    - name: ssh-directory
+      workspace: deploy-credentials
+    params:
+    - name: deploy
+      value: $(params.deploy)
+    taskRef:
+      name: j7s-ansible-build
\ No newline at end of file
diff --git a/runs/dev-contain-debian.yaml b/runs/dev-contain-debian.yaml
new file mode 100644
index 0000000..38d70cc
--- /dev/null
+++ b/runs/dev-contain-debian.yaml
@@ -0,0 +1,27 @@
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: dev-contain-debian
+spec:
+  pipelineRef:
+    name: dev-contain-pipeline
+  workspaces:
+  - name: shared-data
+    volumeClaimTemplate:
+      spec:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 1Gi
+  - name: git-credentials
+    secret:
+      secretName: git-credentials
+  - name: deploy-credentials
+    secret:
+      secretName: deploy-credentials
+  params:
+  - name: branch
+    value: "packaging/debian"
+  - name: deploy
+    value: "true"
\ No newline at end of file
diff --git a/runs/dev-contain-rpm.yaml b/runs/dev-contain-rpm.yaml
new file mode 100644
index 0000000..9833bbf
--- /dev/null
+++ b/runs/dev-contain-rpm.yaml
@@ -0,0 +1,27 @@
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: dev-contain-rpm
+spec:
+  pipelineRef:
+    name: dev-contain-pipeline
+  workspaces:
+  - name: shared-data
+    volumeClaimTemplate:
+      spec:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 1Gi
+  - name: git-credentials
+    secret:
+      secretName: git-credentials
+  - name: deploy-credentials
+    secret:
+      secretName: deploy-credentials
+  params:
+  - name: branch
+    value: "packaging/fedora"
+  - name: deploy
+    value: "true"
\ No newline at end of file
diff --git a/tasks/j7s-ansible-build.yaml b/tasks/j7s-ansible-build.yaml
new file mode 100644
index 0000000..7968e5c
--- /dev/null
+++ b/tasks/j7s-ansible-build.yaml
@@ -0,0 +1,27 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: j7s-ansible-build
+spec:
+  workspaces:
+  - name: source
+  - name: ssh-directory
+  params:
+  - name: deploy
+  steps:
+  - image: 192.168.1.128:8443/ansible-podman:latest
+    securityContext:
+      privileged: true
+    script: |
+      #!/usr/bin/env bash
+      set -ex
+      cp -r $(workspaces.ssh-directory.path) ~/.ssh
+      chmod 700 ~/.ssh
+      chmod -R 400 ~/.ssh/*
+
+      cd $(workspaces.source.path)
+      ansible-playbook -vvvv --skip-tags deploy -i inventory.yaml build.yaml
+
+      if [[ $(params.deploy) == "true" ]]; then
+        ansible-playbook -vvvv --tags deploy -i inventory.yaml build.yaml
+      fi
\ No newline at end of file