fix: include branch filter in CEL expression for release trigger

[vdemeester]

Changes

The on-cel-expression annotation takes precedence over on-event and
on-target-branch annotations in Pipelines-as-Code. The previous CEL
expression only checked body.created == true, which matched any
newly created branch push (e.g. fix/CVE-* branches), not just
release-v* branches.

This caused spurious release PipelineRuns to be created when non-release
branches were pushed to the repo.

Include the branch filter directly in the CEL expression:

pipelinesascode.tekton.dev/on-cel-expression: >
  body.created == true && pac.target_branch.startsWith("refs/heads/release-v")

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

• Run make test lint before submitting a PR
• Includes tests (if functionality changed/added)
• Includes docs (if user facing)
• Commit messages follow commit message best practices

See the contribution guide for more details.

Release Notes

NONE

/kind bug

[tekton-as-code]

Caution

There are some errors in your PipelineRun template.

PipelineRun	Error
release-pipeline	CEL expression evaluation error: expression "body.created == true" failed to evaluate: no such key: created

[jkhelil]

/approve

[jkhelil]

/lgtm

[tekton-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jkhelil

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [jkhelil]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jkhelil]

/cherry-pick release-v0.79.x
/cherry-pick release-v0.78.x
/cherry-pick release-v0.77.x
/cherry-pick release-v0.71.x

[tekton-robot]

❌ Cherry-pick to release-v0.79.x failed!

The automatic cherry-pick to release-v0.79.x failed.

Output:

🤖 Starting cherry-pick process...
Fetching PR #3335 information...
Found merge commit: 43d2c0dde412625c70426003336145adcf30fc5d
PR title: fix: include branch filter in CEL expression for release trigger
Fetching target branch: release-v0.79.x...
From https://github.com/tektoncd/operator
 * branch                release-v0.79.x -> FETCH_HEAD
Checking for existing cherry-pick PR...
Creating cherry-pick branch: cherry-pick-3335-to-release-v0.79.x...
Switched to a new branch 'cherry-pick-3335-to-release-v0.79.x'
branch 'cherry-pick-3335-to-release-v0.79.x' set up to track 'origin/release-v0.79.x'.
Fetching commits from PR #3335...
Found 1 commit(s) to cherry-pick
Fetching PR ref to make fork commits available locally...
From https://github.com/tektoncd/operator
 * branch                refs/pull/3335/head -> FETCH_HEAD
Cherry-picking commit 1/1: 66711fda7c285dd25122c28558563ecaa27db84d...
CONFLICT (modify/delete): .tekton/release.yaml deleted in HEAD and modified in 66711fda7 (fix: include branch filter in CEL expression for release trigger).  Version 66711fda7 (fix: include branch filter in CEL expression for release trigger) of .tekton/release.yaml left in tree.
error: could not apply 66711fda7... fix: include branch filter in CEL expression for release trigger
hint: After resolving the conflicts, mark them with
hint: "git add/rm <pathspec>", then run
hint: "git cherry-pick --continue".
hint: You can instead skip this commit with "git cherry-pick --skip".
hint: To abort and get back to the state before "git cherry-pick",
hint: run "git cherry-pick --abort".
hint: Disable this message with "git config set advice.mergeConflict false"
❌ ERROR: Cherry-pick failed for commit 66711fda7c285dd25122c28558563ecaa27db84d due to conflicts or other errors

Next steps:

• Check the action logs for complete details
• If the PR is not merged, merge it first and try again
• If there are conflicts, you'll need to manually cherry-pick this PR

[vdemeester]

@jkhelil not required to cherry pick (but we will need tektoncd/pipelines-as-code#2647 to get the patch release work)