Merge branch 'main' into fix/issue-2652-silent-skip-edited-comments

Author: chmouel

.claude/skills/release-notes/references/release-notes-format.md

@@ -60,7 +60,7 @@ kubectl apply -f https://github.com/{owner}/{repo}/releases/download/{tag}/relea
 
 The documentation for this release is available here :
 
-https://release-{tag_dashed}.pipelines-as-code.pages.dev
+https://docs.pipelinesascode.com/{tag}
 ```
 
 Where `{tag_dashed}` is the tag with dots replaced by dashes (e.g., `v0.31.0` → `v0-31-0`).
@@ -125,7 +125,7 @@ kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releas
 
 The documentation for this release is available here :
 
-https://release-v0-31-0.pipelines-as-code.pages.dev
+https://docs.pipelinesascode.com/v0.31.0
 
 ## What's Changed
 <!-- GitHub auto-generated changelog goes here -->

.github/workflows/e2e.yaml

@@ -110,12 +110,12 @@ jobs:
       TEST_BITBUCKET_CLOUD_TOKEN: ${{ secrets.BITBUCKET_CLOUD_TOKEN }}
       TEST_BITBUCKET_CLOUD_USER: cboudjna
 
-      # Bitbucket Server
-      TEST_BITBUCKET_SERVER_API_URL: ${{ secrets.BITBUCKET_SERVER_API_URL }}
-      TEST_BITBUCKET_SERVER_E2E_REPOSITORY: PAC/pac-e2e-tests
-      TEST_BITBUCKET_SERVER_TOKEN: ${{ secrets.BITBUCKET_SERVER_TOKEN }}
-      TEST_BITBUCKET_SERVER_USER: pipelines
-      TEST_BITBUCKET_SERVER_WEBHOOK_SECRET: ${{ secrets.BITBUCKET_SERVER_WEBHOOK_SECRET }}
+      # Bitbucket Data Center
+      TEST_BITBUCKET_DATA_CENTER_API_URL: ${{ secrets.BITBUCKET_DATA_CENTER_API_URL }}
+      TEST_BITBUCKET_DATA_CENTER_E2E_REPOSITORY: PAC/pac-e2e-tests
+      TEST_BITBUCKET_DATA_CENTER_TOKEN: ${{ secrets.BITBUCKET_DATA_CENTER_TOKEN }}
+      TEST_BITBUCKET_DATA_CENTER_USER: pipelines
+      TEST_BITBUCKET_DATA_CENTER_WEBHOOK_SECRET: ${{ secrets.BITBUCKET_DATA_CENTER_WEBHOOK_SECRET }}
       TESTRR_URL: https://testrr.pipelinesascode.com
       TESTRR_PROJECT: pipelinesascode
       TESTRR_USERNAME: pac
@@ -135,6 +135,7 @@ jobs:
         if: github.event_name == 'pull_request_target'
         uses: pipelines-as-code/ok-to-test@25881c6245695bd81a22df9f2ebdd9569b420581 # v1
         with:
+          github-token: ${{ secrets.GH_TOKEN }}
           team-slugs: ${{ env.TARGET_TEAM_SLUGS }}
 
       - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
@@ -295,12 +296,12 @@ jobs:
           TEST_BITBUCKET_CLOUD_TOKEN: ${{ secrets.BITBUCKET_CLOUD_TOKEN }}
           TEST_BITBUCKET_CLOUD_USER: cboudjna
 
-          # Bitbucket Server
-          TEST_BITBUCKET_SERVER_API_URL: ${{ secrets.BITBUCKET_SERVER_API_URL }}
-          TEST_BITBUCKET_SERVER_E2E_REPOSITORY: PAC/pac-e2e-tests
-          TEST_BITBUCKET_SERVER_TOKEN: ${{ secrets.BITBUCKET_SERVER_TOKEN }}
-          TEST_BITBUCKET_SERVER_USER: pipelines
-          TEST_BITBUCKET_SERVER_WEBHOOK_SECRET: ${{ secrets.BITBUCKET_SERVER_WEBHOOK_SECRET }}
+          # Bitbucket Data Center
+          TEST_BITBUCKET_DATA_CENTER_API_URL: ${{ secrets.BITBUCKET_DATA_CENTER_API_URL }}
+          TEST_BITBUCKET_DATA_CENTER_E2E_REPOSITORY: PAC/pac-e2e-tests
+          TEST_BITBUCKET_DATA_CENTER_TOKEN: ${{ secrets.BITBUCKET_DATA_CENTER_TOKEN }}
+          TEST_BITBUCKET_DATA_CENTER_USER: pipelines
+          TEST_BITBUCKET_DATA_CENTER_WEBHOOK_SECRET: ${{ secrets.BITBUCKET_DATA_CENTER_WEBHOOK_SECRET }}
         if: ${{ github.event_name == 'workflow_dispatch' && inputs.debug_enabled }}
         with:
           detached: true
@@ -376,15 +377,22 @@ jobs:
           TEST_GITLAB_TOKEN: ${{ secrets.GITLAB_TOKEN }}
           TEST_GITLAB_SECOND_TOKEN: ${{ secrets.TEST_GITLAB_SECOND_TOKEN }}
           TEST_GITLAB_SECOND_GROUP: ${{ vars.TEST_GITLAB_SECOND_GROUP }}
-          TEST_BITBUCKET_SERVER_TOKEN: ${{ secrets.BITBUCKET_SERVER_TOKEN }}
-          TEST_BITBUCKET_SERVER_API_URL: ${{ secrets.BITBUCKET_SERVER_API_URL }}
-          TEST_BITBUCKET_SERVER_WEBHOOK_SECRET: ${{ secrets.BITBUCKET_SERVER_WEBHOOK_SECRET }}
+          TEST_BITBUCKET_DATA_CENTER_TOKEN: ${{ secrets.BITBUCKET_DATA_CENTER_TOKEN }}
+          TEST_BITBUCKET_DATA_CENTER_API_URL: ${{ secrets.BITBUCKET_DATA_CENTER_API_URL }}
+          TEST_BITBUCKET_DATA_CENTER_WEBHOOK_SECRET: ${{ secrets.BITBUCKET_DATA_CENTER_WEBHOOK_SECRET }}
           TEST_GITEA_SMEEURL: ${{ steps.gosmee-url.outputs.url }}
           TEST_GITLAB_SMEEURL: ${{ steps.gosmee-gitlab-url.outputs.url }}
           TEST_GITHUB_SECOND_WEBHOOK_SMEE_URL: ${{ steps.gosmee-ghe-webhook-url.outputs.url }}
         run: |
           ./hack/gh-workflow-ci.sh run_e2e_tests
 
+      - name: Generate GitHub Step Summary
+        if: ${{ always() }}
+        env:
+          TEST_PROVIDER: ${{ matrix.provider }}
+        run: |
+          ./hack/gh-workflow-ci.sh generate_github_summary
+
       - name: Collect logs
         if: ${{ always() }}
         env:
@@ -401,7 +409,7 @@ jobs:
 
       - name: Upload artifacts
         if: ${{ always() }}
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: logs-e2e-tests-${{ matrix.provider }}
           path: /tmp/logs

.golangci.yml

@@ -90,6 +90,8 @@ linters:
         path: _test\.go
       - path: pkg/resolve/resolve.go
         text: don't use `init` function
+      - path: pkg/llm/providers/
+        text: don't use `init` function
       - linters:
           - revive
         path: pkg/errors/

.tekton/linter.yaml

@@ -281,7 +281,7 @@ spec:
                   target=x86_64-unknown-linux-gnu
                 fi
                 version=$(curl -H "Authorization: Bearer ${HUB_TOKEN}" -L -s https://api.github.com/repos/zizmorcore/zizmor/releases/latest | python3 -c 'import sys, json; print(json.load(sys.stdin)["tag_name"])')
-                curl -sH "Authorization: Bearer ${HUB_TOKEN}" -L "https://github.com/zizmorcore/zizmor/releases/download/${version}/zizmor-${target}.tar.gz" | tar -xz -C /tmp/ --strip-components=1 -f-
+                curl -sH "Authorization: Bearer ${HUB_TOKEN}" -L "https://github.com/zizmorcore/zizmor/releases/download/${version}/zizmor-${target}.tar.gz" | tar -xz -C /tmp/ -f-
                 /tmp/zizmor .github/workflows/
 
             - name: ruff-lint

Makefile

@@ -5,6 +5,7 @@ GOLANGCI_LINT=golangci-lint
 GOFUMPT=gofumpt
 TKN_BINARY_NAME := tkn
 TKN_BINARY_URL := https://tekton.dev/docs/cli/\#installation
+DEFAULT_GOTESTSUM_FORMAT ?= testdox
 LDFLAGS=
 OUTPUT_DIR=bin
 GO           = go
@@ -68,7 +69,7 @@ test-unit: ## Run unit tests
 	@mkdir -p tmp/
 	@echo "Running unit tests..."
 	@if command -v gotestsum >/dev/null 2>&1; then \
-		gotestsum --format testdox -- $(DEFAULT_GO_TEST_FLAGS) $(GO_TEST_FLAGS) -timeout $(TIMEOUT_UNIT) ./pkg/...; \
+		gotestsum --format ${DEFAULT_GOTESTSUM_FORMAT} -- $(DEFAULT_GO_TEST_FLAGS) $(GO_TEST_FLAGS) -timeout $(TIMEOUT_UNIT) ./pkg/...; \
 	else \
 		$(GO) test $(DEFAULT_GO_TEST_FLAGS) $(GO_TEST_FLAGS) -timeout $(TIMEOUT_UNIT) ./pkg/...; \
 	fi

config/300-repositories.yaml

@@ -398,8 +398,8 @@ spec:
                                   Model specifies which LLM model to use for this role (optional).
                                   You can specify any model supported by your provider.
                                   If not specified, provider-specific defaults are used:
-                                  - OpenAI: gpt-5-mini
-                                  - Gemini: gemini-2.5-flash-lite
+                                  - OpenAI: gpt-5.4-mini
+                                  - Gemini: gemini-3.1-flash-lite-preview
                                 type: string
                               name:
                                 description: Name is a unique identifier for this analysis role

docs/content/docs/api/settings.md

@@ -264,8 +264,8 @@ Defines the base prompt template that Pipelines-as-Code sends to the LLM.
 {{< param name="roles[].model" type="string" id="param-roles-model" >}}
 Specifies the LLM model for this role. If omitted, Pipelines-as-Code uses provider-specific defaults:
 
-- OpenAI: `gpt-5-mini`
-- Gemini: `gemini-2.5-flash-lite`
+- OpenAI: `gpt-5.4-mini`
+- Gemini: `gemini-3.1-flash-lite-preview`
 {{< /param >}}
 
 {{< param name="roles[].on_cel" type="string" id="param-roles-on-cel" >}}

docs/content/docs/guides/gitops-commands/push-commands.md

@@ -5,7 +5,7 @@ weight: 1
 
 This page explains how to trigger GitOps commands on pushed commits. Use these commands when you want to retest or cancel PipelineRuns triggered by push events rather than pull requests.
 
-{{< support_matrix github_app="true" github_webhook="true" forgejo="false" gitlab="true" bitbucket_cloud="false" bitbucket_server="false" >}}
+{{< support_matrix github_app="true" github_webhook="true" forgejo="false" gitlab="true" bitbucket_cloud="false" bitbucket_datacenter="false" >}}
 
 You can trigger GitOps commands on a pushed commit by including them in your commit messages. Pipelines-as-Code supports two scopes:
 
@@ -80,7 +80,7 @@ The following sections show how to add a GitOps comment on a pushed commit in ea
 
 ## Triggering PipelineRuns on Git Tags
 
-{{< support_matrix github_app="true" github_webhook="true" forgejo="false" gitlab="true" bitbucket_cloud="false" bitbucket_server="false" >}}
+{{< support_matrix github_app="true" github_webhook="true" forgejo="false" gitlab="true" bitbucket_cloud="false" bitbucket_datacenter="false" >}}
 
 **What it does:** You can retrigger a PipelineRun against a specific Git tag by commenting on the tagged commit. Pipelines-as-Code resolves the tag to its commit SHA and runs the matching PipelineRun against that commit.
 

docs/content/docs/guides/llm-analysis/_index.md

@@ -26,8 +26,8 @@ Additional output destinations (`check-run` and `annotation`) and structured JSO
 
 Pipelines-as-Code supports two LLM providers:
 
-- **OpenAI** -- Default model: `gpt-5-mini`
-- **Google Gemini** -- Default model: `gemini-2.5-flash-lite`
+- **OpenAI** -- Default model: `gpt-5.4-mini`
+- **Google Gemini** -- Default model: `gemini-3.1-flash-lite-preview`
 
 You can specify any model your chosen provider supports. See [Model Selection]({{< relref "/docs/guides/llm-analysis/model-and-triggers#model-selection" >}}) for guidance on choosing the right model.
 
@@ -53,7 +53,7 @@ spec:
         key: "token"
       roles:
         - name: "failure-analysis"
-          model: "gpt-5-mini"  # Optional: specify model (uses provider default if omitted)
+          model: "gpt-5.4-mini"  # Optional: specify model (uses provider default if omitted)
           prompt: |
             You are a DevOps expert. Analyze this failed pipeline and:
             1. Identify the root cause
@@ -129,3 +129,4 @@ When you set `commit_content: true`, Pipelines-as-Code includes the following fi
 - Pipelines-as-Code **intentionally excludes email addresses** from the commit context to protect personally identifiable information (PII) when sending data to external LLM providers.
 - Fields appear only if your Git provider makes them available. Some providers supply limited information (for example, Bitbucket Cloud provides only the author name).
 - Author and committer may be the same person or different (for example, when using `git commit --amend` or rebasing).
+asing).

docs/content/docs/guides/llm-analysis/model-and-triggers.md

@@ -9,8 +9,8 @@ This page explains how to choose the right LLM model for each analysis role and
 
 Each analysis role can specify a different model. Choosing the right model lets you balance cost against analysis depth. If you do not specify a model, Pipelines-as-Code uses provider-specific defaults:
 
-- **OpenAI**: `gpt-5-mini`
-- **Gemini**: `gemini-2.5-flash-lite`
+- **OpenAI**: `gpt-5.4-mini`
+- **Gemini**: `gemini-3.1-flash-lite-preview`
 
 ### Specifying Models
 
@@ -37,7 +37,7 @@ settings:
         model: "gpt-5"
         prompt: "Analyze security failures..."
 
-      # Use default model (gpt-5-mini) for general analysis
+      # Use default model (gpt-5.4-mini) for general analysis
       - name: "general-failure"
         # No model specified - uses provider default
         prompt: "Analyze this failure..."