v0.41.1

Pipelines as Code v0.41.1

OpenShift Pipelines as Code v0.41.1 has been released.

Security Fix

• GitLab Security: Enforce mandatory webhook secret and token validation. 9a230ff.

Important

You may be affected if you did not set a webhook via a secret on your GitLab repository CR. If it is already configured according to the documentation, no changes are required.

Bug Fixes

• Performance: Major performance optimization for Bitbucket Cloud commit info lookup. 555aeb0 | SRVKP-10617
• UI/UX: Stabilize sorting logic for task logs and status. 667fd80
• UI/UX: Ensure deterministic PipelineRun sorting by name. b7b421f

Misc / Chores

• Testing: Update E2E test matrix for improved provider coverage. 5a5f4e8
• Docs: Update developer documentation for uv and release process. 384976b
• pr-ci Script Update: Refactor scripts to be executable directly with uv run.5f515b9
• CI Scaling: Divide Gitea tests equally across jobs. 41a632b
• Linter: Configure Tekton linter to skip revert commits.eb39d14
• Gitea: Split E2E tests for granular testing.ce269cc
• Deps: Bump actions/cache from 4 to 5. a541f27
• Workflow: Prevent E2E matrix jobs from cancelling on failure.65ece3f
• Logs: Redirect gosmee output and organize CI logs.8d7c9b1
• Maintenance: Rename GitHub PR test function for categorization. 9c30b5d
• Performance: Add ko build cache to E2E workflow. 7605c5a
• Deps: Update vendored Python dependencies.48a7720
• Tooling: Adopt uv for second-controller.py. 055e68a

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.41.1/release.yaml

Kubernetes

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.41.1/release.k8s.yaml

Documentation

The documentation for this release is available here :

https://release-v0-41-1.pipelines-as-code.pages.dev

Full Changelog

• a541f27: chore(deps): bump actions/cache from 4 to 5 (@dependabot[bot])
• 7605c5a: chore: Add ko cache to e2e workflow (@chmouel)
• 8d7c9b1: chore: Redirect gosmee output and organize logs (@chmouel)
• eb39d14: chore: Skip revert commits in linter (@chmouel)
• 48a7720: chore: Update vendored dependencies (@chmouel)
• 055e68a: chore: Use uv for second-controller.py (@chmouel)
• 41a632b: chore: divide Gitea tests in equall number in 3 jobs (@zakisk)
• 65ece3f: ci: prevent e2e matrix jobs from cancelling on failure (@theakshaypant)
• 5f515b9: feat: Move pr-ci scripts to be executable with uv (@chmouel)
• 555aeb0: fix(bitbucketcloud): optimize commit info fetch (@zakisk)
• 9a230ff: fix: Enforce mandatory webhook secret for GitLab validation (@chmouel)
• b7b421f: fix: Stabilize pipeline run sorting by name when start times are equal (@chmouel)
• 667fd80: fix: Stabilize sorting logic for task logs and status (@chmouel)
• 5a5f4e8: fix: Update E2E test matrix and script (@chmouel)
• 384976b: fix: update dev docs for uv and release process (@chmouel)
• 9c30b5d: refactor: Rename github pull request test function (@chmouel)

v0.39.4

Pipelines as Code version v0.39.4

OpenShift Pipelines as Code v0.39.4 has been released 🥳

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.39.4/release.yaml

Kubernetes

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.39.4/release.k8s.yaml

Documentation

The documentation for this release is available here :

https://release-v0-39-4.pipelines-as-code.pages.dev

Changelog

• 798eba6: Release yaml generated from 6043174 for release v0.39.3 ( <>)
• 8dd8542: fix(bitbucketcloud): optimize commit info fetch (@zakisk)
• afb202b: fix: Enforce mandatory webhook secret for GitLab validation (@chmouel)

v0.37.5

Pipelines as Code version v0.37.5

OpenShift Pipelines as Code v0.37.5 has been released 🥳

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.37.5/release.yaml

Kubernetes

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.37.5/release.k8s.yaml

Documentation

The documentation for this release is available here :

https://release-v0-37-5.pipelines-as-code.pages.dev

Changelog

• 7c8fb46: Release yaml generated from f0420c5 for release v0.37.4 ( <>)
• 02cb1b7: fix(bitbucketcloud): optimize commit info fetch (@zakisk)
• 7427b70: fix: Enforce mandatory webhook secret for GitLab validation (@chmouel)

v0.41.0

Pipelines as Code version v0.41.0

OpenShift Pipelines as Code v0.41.0 has been released 🥳

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.41.0/release.yaml

Kubernetes

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.41.0/release.k8s.yaml

✨ Features

• 🛡️ Enhanced CEL Expressions: Added direct access to custom parameter variables within CEL expressions, allowing for more flexible pipeline logic. e95b4e7

• 🌐 Advanced Token Scoping: Introduced glob pattern support for repositories when defining token scopes in GitHub. 18413b1

• 🧠 Flexible Logic Support: Added support for arbitrary CEL expressions using the new cel: prefix for complex event matching. 751f931

🐛 Bug Fixes

• 🔄 Merge Commit Reliability: Implemented an exponential backoff retry mechanism for PR lookups to handle GitHub API indexing delays on merge commits. 618fac5

• 🛑 Accurate Lifecycle Reporting: Fixed an issue where deleted PipelineRuns remained stuck in pending; the controller now explicitly reports a cancelled status upon deletion. c690b58

• 🏷️ Improved Event Matching: Resolved a bug in the matcher to prevent CEL from unintentionally matching label events. 1a3b241

• 💬 Smarter GitLab Feedback: Reduced Merge Request noise by skipping comments for non-permission-related errors. 6a956e4

• 🏗️ Concurrency Stability: Improved test reliability by ensuring PipelineRuns are correctly filtered by SHA in concurrency test suites. 9b8d81f

• 🔗 GitLab Provider Routing: Fixed an issue where the GitLab provider failed to retrieve URLs when hosted on the same host. bafda32

• 📡 Gitea/Forgejo Stability: Added retry logic for Gitea status updates and migrated Gitea integration to use the Forgejo SDK. 7a00a56, 152ce93

• 🧹 Catalog Cleanup: Removed the deprecated public Tekton Hub as a built-in catalog to favor modern repository standards. 882c31b

• 📊 Status Sync: Corrected logic to ensure pending and running commit statuses are accurately synchronized with the provider platform. 7ca0bd9

• 🧩 Safety Checks: Added handling for nil bodies in CEL evaluations to prevent controller crashes during specific event processing. 8b8ddda

• 🚨 Linting Fixes: Resolved prealloc and other golangci-lint errors to maintain code quality standards. d6d9f48, d5d71cf

🧰 Misc / Maintenance

• 🤖 Agent Migration: Moved project skills and documentation to the new AGENTS.md and Claude-based format. 01dfc83

• 🏗️ Architecture Refactoring: Renamed internal Gitea structures to Forgejo and migrated secondary controller installation to use startpaac. fba88e7, 8aee3e7

• 📦 Go Version Bump: Updated Golang versions in Tekton configurations for improved performance and security. 4961902

• 🧹 Repo Hygiene: Updated .gitignore to include temporary directories and removed obsolete local CI development scripts. c26acc7, 4376b32

• 🔒 Security Hardening: Integrated minica CA certificates into E2E workflows and added necessary secrets to environment workflows. b82a29b, c84902d45a5e14763fdbd727b338844ddcf7904b

• 🧪 E2E Tooling: Integrated gosmee for the main controller and Gitea in E2E tests to improve webhook replay capabilities. 6b4af55, c8ab303

• 📝 Style Guide: Updated Vale style guide links to maintain documentation consistency. cff5590

• 🐳 Modernized Base Images: Upgraded project base images to UBI 10 to ensure the latest security patches and runtime compliance. 63bd2d9

• 🛠️ Infrastructure Upgrades: Updated the CI workflow and Kind configurations to improve development environment reliability. 032d13c

• ⚡ Optimized E2E Testing: Enabled parallel binary building during end-to-end tests to significantly reduce CI wait times. 6addfb3

• 🐍 Dependency Update: bump pyasn1 from 0.6.1 to 0.6.2 in /hack/pr-ci 582d56d

• 🐍 Dependency Update: bump urllib3 from 2.6.2 to 2.6.3 in /hack/pr-ci 177abe3

• 📦 Dependency Update: Update dependencies f98d1d5

• 📦 Dependency Update: Update python dependencies b681ad5

• 🚮 Cleanup: Remove code.gitea.io/gitea 0a22413

Documentation

The documentation for this release is available here :

https://release-v0-41-0.pipelines-as-code.pages.dev

Changelog

• bcdb85f: Revert "fix: Increase loop max in concurrent PR test" (@chmouel)
• 582d56d: chore(deps): bump pyasn1 from 0.6.1 to 0.6.2 in /hack/pr-ci (@dependabot[bot])
• 177abe3: chore(deps): bump urllib3 from 2.6.2 to 2.6.3 in /hack/pr-ci (@dependabot[bot])
• 0a22413: chore(deps): remove code.gitea.io/gitea (@theakshaypant)
• 6b4af55: chore: Add gosmee for main controller E2E test (@chmouel)
• c84902d: chore: Add secrets to the env workflows (@chmouel)
• c26acc7: chore: Add temporary directories to gitignore (@chmouel)
• a92013e: chore: Fix makefile ignore when collecting files (@chmouel)
• b82a29b: chore: Install minica CA certificate in e2e workflow (@chmouel)
• 7ea8473: chore: Migrate CI to forgejo (@chmouel)
• cff5590: chore: Update Vale style guide links (@chmouel)
• f98d1d5: chore: Update dependencies (@chmouel)
• 4961902: chore: Update golang version in Tekton configurations (@chmouel)
• b681ad5: chore: Update python dependencies (@chmouel)
• 01dfc83: chore: move to Claude skills and AGENTS.md (@chmouel)
• e95b4e7: feat(cel): add direct custom param variable access in expressions (@theakshaypant)
• 18413b1: feat(github): add glob pattern support for token scope repos (@theakshaypant)
• 6addfb3: feat: Build binaries in parallel in e2e (@chmouel)
• 751f931: feat: Support arbitrary CEL expressions with cel: prefix (@chmouel)
• 032d13c: feat: Update CI workflow and Kind configuration (@chmouel)
• 63bd2d9: feat: Update base images to UBI 10 (@chmouel)
• 1a3b241: fix(matcher): prevent CEL from matching label events unintentionally (@theakshaypant)
• c8ab303: fix: Add gosmee replay for Gitea controller (@chmouel)
• 7a00a56: fix: Add retry logic for Gitea status updates (@chmouel)
• 618fac5: fix: Add retry logic for PR lookup on merge commits (@zakisk)
• 9b8d81f: fix: Filter PipelineRuns by SHA in concurrency tests (@chmouel)
• bafda32: fix: GitLab provider getting a URL on same host (@chmouel)
• fda8d68: fix: Increase loop max in concurrent PR test (@chmouel)
• 3b30e03: fix: Remove redundant gosmee client setup for Gitea (@chmouel)
• 152ce93: fix: Update Gitea to use Forgejo SDK (@chmouel)
• 7ca0bd9: fix: correctly update pending and running commit status (#2341) (@ab-ghosh)
• 8b8ddda: fix: handle nil body in CEL eval (@chmouel)
• d6d9f48: fix: prealloc error in golangci-lint (@zakisk)
• 882c31b: fix: remove deprecated public Tekton Hub as built-in catalog (@chmouel)
• c690b58: fix: report cancelled status when PipelineRun is deleted (@zakisk)
• 6a956e4: fix: skip MR comment for non-permission errors (#2340) (@ab-ghosh)
• 4376b32: refactor: Remove old local ci dev scripts (@chmouel)
• fba88e7: refactor: Rename Gitea structs to forgejostructs (@chmouel)
• 8aee3e7: refactor: Use startpaac to install second controller (@chmouel)
• d5d71cf: refactor: reenable prealloc and fix it properly (@chmouel)

v0.40.0

OpenShift Pipelines as Code v0.40.0 has been released 🥳

✨ Features

• ✨ Require explicit body and headers flags for CEL expressions, making webhook CEL evaluation stricter and more explicit
  🔗 1eabf1c

• ⚡ Cache vcs.GetFiles() results to reduce redundant VCS API calls, significantly improving performance on large repositories
  🔗 9175257

• ⏭️ Add support for a “skip CI” command, allowing users to explicitly bypass CI execution from commit or PR commands
  🔗 222e82b

🐛 Bug Fixes

• 🧪 Disable retry logic in the GitLab test client, reducing GitLab provider test runtime from ~60s to under 1s
  🔗 ebd538b

• 🔐 Fix GitLab permission checks to respect the remember-ok-to-test setting, aligning authorization behavior with configuration
  🔗 6a0d179

• 📄 Ensure GitLab GetFiles and CreateComment correctly page through API results, preventing missing files or comments
  🔗 9d60ff7

• 🧩 Add nil checks in CEL webhook parsers, preventing panics on malformed or incomplete payloads
  🔗 605306d

• 🏷️ Assign unique status names for Bitbucket Cloud checks, avoiding collisions in status reporting
  🔗 fba42f2

• 🧾 Lower log level for GitHub skip messages from error to info, reducing log noise for expected behavior
  🔗 5b4173f

• 🔄 Do not return an error when PipelineRun patching fails, improving controller robustness during transient failures
  🔗 420f4c0

• 🧭 Automatically detect Tekton Hub type when catalog type is empty, fixing task resolution edge cases
  🔗 063c543

• 📝 Fix markdownlint failures introduced by newer markdownlint versions, restoring CI stability
  🔗 5b220d7

🧰 Misc / Maintenance

• 📦 Bump actions/checkout from v5 to v6 to align CI with the latest GitHub Actions runtime
  🔗 565420c

• 📦 Bump actions/upload-artifact from v5 to v6, moving CI artifacts to Node.js 24
  🔗 e6870e6

• 🔐 Update golang.org/x/crypto dependency, pulling in upstream security and correctness fixes
  🔗 c8dc5d4

• 🧹 Refine golangci-lint configuration, scoping revive exclusions and enforcing exhaustive switch defaults
  🔗 4d75ddc
  🔗 2be7e0b

• 📚 CLI documentation cleanup, reformatting curl examples for clarity
  🔗 610dd2c

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.40.0/release.yaml

Kubernetes

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.40.0/release.k8s.yaml

Documentation

The documentation for this release is available here :

https://release-v0-40-0.pipelines-as-code.pages.dev

Changelog

• 565420c: chore(deps): bump actions/checkout from 5 to 6 (@dependabot[bot])
• e6870e6: chore(deps): bump actions/upload-artifact from 5 to 6 (@dependabot[bot])
• c8dc5d4: chore(deps): bump golang.org/x/crypto from 0.42.0 to 0.45.0 (@dependabot[bot])
• 4d75ddc: chore(lint): scope revive var-naming exclusion to specific packages (@theakshaypant)
• 2be7e0b: chore(lint): set golangci default switch case as exhaustive (@aThorp96)
• 610dd2c: docs(cli): reformat curl command example to single line (@theakshaypant)
• 1eabf1c: feat(cel): require body and headers flags (@theakshaypant)
• 9175257: feat(perf): cache vcs.GetFiles() to reduce redundant VCS API volume (@aThorp96)
• 222e82b: feat: add skip CI command support (@theakshaypant)
• fba42f2: fix(bitbucket-cloud): assign unique statue name in Bitbucket Cloud (@zakisk)
• 605306d: fix(cel): add nil checks to prevent panics in webhook parsers (@theakshaypant)
• 5b4173f: fix(github): change skip log level from error to info (@infernus01)
• 6a0d179: fix(gitlab): check permission according to RememberOkToTest setting (@zakisk)
• ebd538b: fix(gitlab): disable retry logic in test client (@infernus01)
• 9d60ff7: fix(gitlab): ensure GetFiles and CreateComment pages over API results (@aThorp96)
• 420f4c0: fix: Do not return error when PipelineRun patching is failed (#2338) (@zakisk)
• 063c543: fix: auto-detect hub type when catalog type is empty (@zakisk)
• 5b220d7: fix: markdownlint error happening due to new version (@zakisk)

]

v0.39.3

Pipelines as Code version v0.39.3

OpenShift Pipelines as Code v0.39.3 has been released 🥳

this is bug fix release, most notable fix is 1dad6db which fixes the hub type detection issue.

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.39.3/release.yaml

Kubernetes

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.39.3/release.k8s.yaml

Documentation

The documentation for this release is available here :

https://release-v0-39-3.pipelines-as-code.pages.dev

Changelog

• 083b027: Release yaml generated from 2386222 for release v0.39.2 ( <>)
• 6043174: chore(lint): scope revive var-naming exclusion to specific packages (@theakshaypant)
• 1dad6db: fix: auto-detect hub type when catalog type is empty (@zakisk)
• 7efa29d: fix: markdownlint error happening due to new version (@zakisk)

v0.37.4

Pipelines as Code version v0.37.4

OpenShift Pipelines as Code v0.37.4 has been released 🥳
this is bug fix release, most notable fix is 18c59c0 which fix the hub type detection issue.

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.37.4/release.yaml

Kubernetes

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.37.4/release.k8s.yaml

Documentation

The documentation for this release is available here :

https://release-v0-37-4.pipelines-as-code.pages.dev

Changelog

• 10dee4f: Release yaml generated from 7e14293 for release v0.37.3 ( <>)
• f0420c5: chore(lint): scope revive var-naming exclusion to specific packages (@theakshaypant)
• 18c59c0: fix: auto-detect hub type when catalog type is empty (@zakisk)
• f503409: fix: markdownlint error happening due to new version (@zakisk)

v0.35.4

Pipelines as Code version v0.35.4

OpenShift Pipelines as Code v0.35.4 has been released 🥳
This is a bug fix release, most notable fix is 2aec6e9 reverting a commit which was causing wrong value of revision dynamic variable.

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.35.4/release.yaml

Kubernetes

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.35.4/release.k8s.yaml

Documentation

The documentation for this release is available here :

https://release-v0-35-4.pipelines-as-code.pages.dev

Changes Since v0.35.3

🐛 Bug Fixes

• Revert on-path-change on pr merge in bitbucket: Reverted a change that caused the {{ revision }} variable to fetch incorrect commit IDs for Bitbucket merge commits, restoring expected behavior. (#2247)

• A deadlock in the concurrency tryAcquire method has been prevented. (#2173)

• Fixed an issue where unauthorized users’ builds awaiting /ok-to-test were incorrectly marked as “running” instead of showing a “pending” status. (#2214)

Changelog

• 2aec6e9: Revert on-path-change on pr merge in bitbucket (@zakisk)
• 7008c72: fix(ci): use exec.CommandContext to satisfy noctx linter (@zakisk)
• dbf46dc: fix: Prevent deadlock in tryAcquire method (@chmouel)
• 453e501: fix: commit status for unauthorized user in Bitbucket Data Center (@zakisk)
• 66c87f9: fix: fix remaining CI failure for build tag (@zakisk)
• e599434: fix: markdownlint error happening due to new version (@zakisk)
• 0acdac2: refactor: Migrate build tags from +build to //go:build directives (@chmouel)

v0.39.2

Pipelines as Code version v0.39.2

OpenShift Pipelines as Code v0.39.2 has been released 🥳

This minor release add a feature for a setting to force users to add the commit SHA after /ok-to-test on e2e test, this helps to mitigate race conditions where a malicious actor could
push a commit after the /ok-to-test comment is made but before the CI
runs. #2321

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.39.2/release.yaml

Kubernetes

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.39.2/release.k8s.yaml

Documentation

The documentation for this release is available here :

https://release-v0-39-2.pipelines-as-code.pages.dev

Changelog

• 2386222: feat: Require SHA for /ok-to-test comments (@chmouel)

v0.39.1

Pipelines as Code version v0.39.1

OpenShift Pipelines as Code v0.39.1 has been released 🥳

Changes

This is a bugfix release, the most notable fix is cd576b1 fixing a crash of the controller when the gitlab token is invalid.

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.39.1/release.yaml

Kubernetes

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.39.1/release.k8s.yaml

Documentation

The documentation for this release is available here :

https://release-v0-39-1.pipelines-as-code.pages.dev

Changelog

• a8212d3: chore: increase logs lines to check for string in e2e (@zakisk)
• 76770ef: docs(resolver): Reorganize in-repo pipeline and task documentation (@aThorp96)
• 2946d77: enhance: add PipelineRun name in pr json marshalling (@zakisk)
• f1112fd: fix: Update Gemini model to non-preview version (@chmouel)
• cd576b1: fix: crash on gl provider when token is invalid (@chmouel)
• f8992de: test(gitlab): add comprehensive ACL test coverage (@theakshaypant)