Skip to content

chore(deps): bump github.com/openshift-pipelines/pipelines-as-code from 0.45.0 to 0.46.0#3432

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/openshift-pipelines/pipelines-as-code-0.46.0
Open

chore(deps): bump github.com/openshift-pipelines/pipelines-as-code from 0.45.0 to 0.46.0#3432
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/openshift-pipelines/pipelines-as-code-0.46.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 19, 2026

Bumps github.com/openshift-pipelines/pipelines-as-code from 0.45.0 to 0.46.0.

Release notes

Sourced from github.com/openshift-pipelines/pipelines-as-code's releases.

v0.46.0

Pipelines as Code version v0.46.0

OpenShift Pipelines as Code v0.46.0 has been released 🥳

✨ Major changes and Features

  • Distributed tracing for webhook handling and PipelineRun timing: When tracing is enabled via the pipelines-as-code-config-observability ConfigMap, PaC emits OpenTelemetry trace spans for webhook event processing and PipelineRun lifecycle timing, with W3C trace context propagation.
  • Implement GetCommitStatuses on Forgejo: The Forgejo/Gitea provider now returns real commit statuses instead of nil, enabling the annotation matcher to correctly detect pruned-but-successful pipeline runs so /retest only re-runs failed pipelines.
  • Enable recursive .tekton dir retrieval for Forgejo: PipelineRuns nested in subdirectories under .tekton/ are now discovered and executed on Forgejo, instead of only top-level entries.
  • Handle Forgejo headers in CLI provider auto-detection: The tkn pac cel command now recognizes X-Forgejo-Event-Type headers for automatic Forgejo webhook provider detection.
  • Reduce informer cache memory usage: Added TransformFuncs to Repository and PipelineRun informers that strip large unnecessary fields (ManagedFields, Annotations, Status, Spec) before objects enter the cache.
  • Cache check-run lookups with retry: GitHub check-run API responses are now cached to avoid repeated paginated API calls during status updates, with concurrent goroutines sharing a single in-flight fetch.

🐛 Bug Fixes

  • Fix /ok-to-test not triggering CI on GitHub webhook PRs: The GitHub client was never initialized for webhook-based issue comment events, causing /ok-to-test from an admin to silently fail on unauthorized PRs.
  • Clear pending check on ok-to-test for GitHub webhook: The pending check run created for unauthorized PRs was never resolved after an admin commented /ok-to-test, leaving it stuck indefinitely.
  • Update /ok-to-test status to success for GitLab: Similar to Forgejo, GitLab now updates the "pending approval" commit status to success after /ok-to-test is posted on an unauthorized user's MR.
  • Pin GitLab commit statuses to the same pipeline: Caches the pipeline_id from the first SetCommitStatus response so all subsequent status updates for the same SHA stay on the same GitLab pipeline, preventing split statuses.
  • Map GitLab skipped status correctly: Use gitlab.Skipped state instead of gitlab.Canceled when the conclusion is skipped, so GitLab pipelines show the correct skipped status.
  • Restrict same-repo ACL permission to trusted context: Issue comment senders are no longer granted trust based solely on same-repo PR shape; they must pass collaborator, org-membership, or OWNERS checks.
  • Guard nil response and cap comment pagination in ACL checks: Prevents a panic when wrapAPI returns a nil response on transport-level failures, and caps comment pagination to avoid unbounded API calls.
  • Prevent duplicate Repository CR on trailing slash: The webhook admission controller now normalizes URLs before comparison, preventing bypass of uniqueness validation by appending a trailing slash.
  • Use provided target ref in GetFileInsideRepo: Fixed GetFileInsideRepo ignoring the caller-supplied target ref and substituting runevent.BaseBranch, which caused OWNERS ACL and remote task fetches to resolve against the wrong branch.
  • Resolve CEL expression failure on Bitbucket Cloud push events: Push events incorrectly set Event to a string instead of a JSON object, causing all CEL expressions to fail with an unmarshal error.
  • Truncate Bitbucket Cloud commit status key to 40-char limit: Bitbucket Cloud limits commit status keys to 40 characters; status keys are now properly truncated.
  • Use pull request number from issue comment payload: Use the PR number directly from the issue comment payload instead of parsing it from the pull request URL.
  • Fix skip-install option in bootstrap command: The bootstrap process now correctly allows users to bypass the installation check, preventing failures when Pipelines as Code is already installed.

📚 Documentation Updates

... (truncated)

Commits
  • 74b0d28 fix(github-webhook): clear pending check on ok-to-test
  • eda5331 fix(bitbucket-cloud): fix status key handling for build statuses
  • c37a213 fix: Use pull request number from issue comment payload
  • baf49e3 dep: update go-github dependency
  • b0bcbac fix(gitlab): pin commit statuses to same pipeline
  • e951778 fix: fix skip-install option to bootstrap command
  • 0948d88 docs: note about e2e permission in bb cloud docs
  • 357d970 Revert "chore: Use GHE fro github enterprise instead of second"
  • 88e8d39 chore: Use GHE fro github enterprise instead of second
  • 7c46558 perf(github): cache check-run lookups with retry
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump github.com/openshift-pipelines/pipelines-as-code
84b42f4 
Bumps [github.com/openshift-pipelines/pipelines-as-code](https://github.com/openshift-pipelines/pipelines-as-code) from 0.45.0 to 0.46.0.
- [Release notes](https://github.com/openshift-pipelines/pipelines-as-code/releases)
- [Commits](tektoncd/pipelines-as-code@v0.45.0...v0.46.0)

---
updated-dependencies:
- dependency-name: github.com/openshift-pipelines/pipelines-as-code
  dependency-version: 0.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. labels May 19, 2026
@tekton-robot
Copy link
Copy Markdown
Contributor

tekton-robot commented May 19, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign savitaashture after the PR has been reviewed.
You can assign the PR to them by writing /assign @savitaashture in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label May 19, 2026
@anithapriyanatarajan anithapriyanatarajan mentioned this pull request May 21, 2026
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anithapriyanatarajan anithapriyanatarajan Awaiting requested review from anithapriyanatarajan

@khrm khrm Awaiting requested review from khrm

Assignees

No one assigned

Labels

dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tekton-robot