Skip to content

chore(deps): bump github.com/openshift-pipelines/pipelines-as-code from 0.43.0 to 0.45.0#3393

Merged
tekton-robot merged 1 commit into
mainfrom
dependabot/go_modules/github.com/openshift-pipelines/pipelines-as-code-0.45.0
May 5, 2026
Merged

chore(deps): bump github.com/openshift-pipelines/pipelines-as-code from 0.43.0 to 0.45.0#3393
tekton-robot merged 1 commit into
mainfrom
dependabot/go_modules/github.com/openshift-pipelines/pipelines-as-code-0.45.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 4, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps github.com/openshift-pipelines/pipelines-as-code from 0.43.0 to 0.45.0.

Release notes

Sourced from github.com/openshift-pipelines/pipelines-as-code's releases.

v0.45.0

Pipelines as Code version v0.45.0

OpenShift Pipelines as Code v0.45.0 has been released 🥳

✨ Major changes and Features

  • Implement GraphQL batch fetching for .tekton files: Introduced GraphQL-based batch fetching for .tekton directory files, significantly reducing GitHub API calls and improving performance for repositories with many pipeline files.

🐛 Bug Fixes

  • Restore relative task path resolution for repository paths: Fixed a regression where relative task paths were not resolved correctly when using repository-based path references.
  • Fix watcher secret creation log and OpenShift console link: Corrected watcher secret creation logging output and fixed the OpenShift console link generation.
  • Populate DefaultBranch for incoming webhooks: Fixed missing DefaultBranch field population when processing incoming webhook events, ensuring correct branch detection.

📚 Documentation Updates

  • Rearrange events in GitHub App docs: Reorganized the events section in GitHub App documentation for improved readability and discoverability.

⚙️ Chores

  • Move secret creation to reconciler: Refactored secret creation logic to the reconciler for improved code organization and separation of concerns.
  • Cache getPullRequest result in GitHub provider: Added internal caching of getPullRequest results in the GitHub provider to reduce redundant API calls.
  • Replace real time.Sleep with clockwork in unit tests: Substituted real time.Sleep calls with a fake clockwork clock in unit tests, reducing overall test execution time by 10–13 seconds.
  • Use ok-to-test action for E2E permission checks: Updated E2E CI pipeline to use the ok-to-test GitHub Action for safer permission handling.
  • Fix test execution and improve assertions: Fixed test execution issues and strengthened test assertions for better reliability.
  • Add zizmor and fix GitHub Actions security findings: Integrated the zizmor security scanner and resolved identified GitHub Actions security issues.
  • Update ok-to-test action commit SHA: Pinned the ok-to-test action to a specific commit SHA for improved CI security.
  • Bump github.com/go-jose/go-jose/v3 from 3.0.4 to 3.0.5: Updated go-jose/v3 dependency to the latest patch release.
  • Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4: Updated go-jose/v4 dependency to the latest patch release.
  • Bump jaxxstorm/action-install-gh-release from 2.1.0 to 3.0.0: Updated jaxxstorm/action-install-gh-release GitHub Action to major version 3.
  • Bump actions/setup-go from 6.3.0 to 6.4.0: Updated actions/setup-go GitHub Action to the latest version.

... (truncated)

Commits
  • 92a3273 fix(ci): pass smee URL env vars to e2e test runner step
  • 501ba3b fix(ci): allow actions token write permission on PR
  • a387d41 fix: populate DefaultBranch for incoming webhooks
  • d78ef4e ci(gha): fix zizmor security findings in workflows
  • 8c1e41e docs: rearrange events in gh app docs
  • a8db555 fix: PR close condition in e2e tests
  • cb4296f chore(deps): bump jaxxstorm/action-install-gh-release
  • 6779bd3 chore(deps): bump actions/setup-go from 6.3.0 to 6.4.0
  • a2f56e8 chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.4 to 3.0.5
  • 010acfd chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. labels May 4, 2026
@tekton-robot tekton-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label May 4, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/openshift-pipelines/pipelines-as-code-0.45.0 branch from 1844f85 to 7faf402 Compare May 5, 2026 05:44
@dependabot
chore(deps): bump github.com/openshift-pipelines/pipelines-as-code
692c38b 
Bumps [github.com/openshift-pipelines/pipelines-as-code](https://github.com/openshift-pipelines/pipelines-as-code) from 0.43.0 to 0.45.0.
- [Release notes](https://github.com/openshift-pipelines/pipelines-as-code/releases)
- [Commits](tektoncd/pipelines-as-code@v0.43.0...v0.45.0)

---
updated-dependencies:
- dependency-name: github.com/openshift-pipelines/pipelines-as-code
  dependency-version: 0.45.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/openshift-pipelines/pipelines-as-code-0.45.0 branch from 7faf402 to 692c38b Compare May 5, 2026 05:48
@anithapriyanatarajan

anithapriyanatarajan commented May 5, 2026

Copy link
Copy Markdown
Contributor

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label May 5, 2026
@anithapriyanatarajan

anithapriyanatarajan commented May 5, 2026

Copy link
Copy Markdown
Contributor

/approve

@tekton-robot

tekton-robot commented May 5, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: anithapriyanatarajan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:
  • OWNERS [anithapriyanatarajan]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 5, 2026
@tekton-robot tekton-robot merged commit 0680028 into main May 5, 2026
16 checks passed
@dependabot dependabot Bot deleted the dependabot/go_modules/github.com/openshift-pipelines/pipelines-as-code-0.45.0 branch May 5, 2026 07:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anithapriyanatarajan anithapriyanatarajan Awaiting requested review from anithapriyanatarajan

@PuneetPunamiya PuneetPunamiya Awaiting requested review from PuneetPunamiya

Assignees

@anithapriyanatarajan anithapriyanatarajan

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. lgtm Indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@anithapriyanatarajan @tekton-robot