📝 Description of the Change

When an unauthorized user opens a pull request on a repository
configured with Pipelines-as-Code using GitHub webhook
integration, commenting /ok-to-test as an admin does not trigger
the CI pipeline. This happens because the GitHub client (ghClient)
is never initialized for webhook-based issue comment events — the
client setup only ran for GitHub App events during payload parsing.

Root cause:

• In the issue_comment handler, the code checked if ghClient was
  nil and returned an error, but for webhook integrations the
  client is legitimately nil at that point since webhooks
  authenticate differently from GitHub Apps.
• The PR number was being extracted by parsing the HTML URL string
  instead of reading it directly from the event object.
• The webhook request payload and headers were not being preserved
  on the event object, which is needed for webhook signature
  validation.

Changes:

• pkg/provider/github/parse_payload.go:

  • Add initGitHubWebhookClient() to initialize the provider
    client for webhook-based events using
    gitclient.SetupAuthenticatedClient
  • Preserve request headers and payload on the event object
    early in ParsePayload so they are available for webhook
    signature validation
  • Reorder handleIssueCommentEvent to match the repository
    first, then lazily initialize the GitHub client if nil
    (webhook case), before fetching the pull request details
  • Use event.GetIssue().GetNumber() directly instead of parsing
    the PR number from the HTML URL string
  • Remove the early ghClient nil check that blocked webhook
    events

• pkg/provider/github/github.go:

  • Move GitHub App token scoping logic from gitclient into
    SetClient, keeping provider-specific concerns within the
    provider package

• pkg/gitclient/client_setup.go:

  • Remove GitHub App token scoping (moved to provider)
  • Add global repository lookup when globalRepo is nil, so
    webhook-based flows can resolve credentials from the global
    repository configuration
  • Replace github provider import with metav1 for the Get call

• pkg/provider/github/parse_payload_test.go:

  • Remove test cases that asserted ghClient nil was an error
    (no longer applicable)
  • Remove test for invalid PR URL parsing (PR number now read
    from event)
  • Add Number field to IssueCommentEvent test fixtures

• pkg/provider/github/acl_test.go:

  • Add html_url and number to issue comment test payload to
    match new handleIssueCommentEvent flow that sets URL and
    PR number from the event object

• pkg/provider/github/github_test.go:

  • Add Logger, pacInfo, and repo with Settings to SetClient
    test to support token scoping moved into SetClient

• pkg/gitclient/client_setup_test.go:

  • Add GlobalRepository and Namespace to test seed data to
    match new global repo lookup

• pkg/pipelineascode/pipelineascode_test.go:

  • Add GlobalRepository and Kube namespace to Run.Info to
    match new global repo lookup in SetupAuthenticatedClient

• pkg/reconciler/reconciler_test.go:

  • Add Logger to Provider in reconciler test to support
    token scoping logging in SetClient

JIRA

https://redhat.atlassian.net/browse/SRVKP-11557

🔗 Linked GitHub Issue

Fixes #

🧪 Testing Strategy

• Unit tests
• Integration tests
• End-to-end tests
• Manual testing
• Not Applicable

🤖 AI Assistance

AI assistance can be used for various tasks, such as code generation,
documentation, or testing.

Please indicate whether you have used AI assistance
for this PR and provide details if applicable.

• I have not used any AI assistance for this PR.
• I have used AI assistance for this PR.

✅ Submitter Checklist

• 📝 My commit messages are clear, informative, and follow the project's How to write a git commit message guide. The Gitlint linter ensures in CI it's properly validated
• ✨ I have ensured my commit message prefix (e.g., fix:, feat:) matches the "Type of Change" I selected above.
• ♽ I have run make test and make lint locally to check for and fix any
  issues. For an efficient workflow, I have considered installing
  pre-commit and running pre-commit install to
  automate these checks.
• 📖 I have added or updated documentation for any user-facing changes.
• 🧪 I have added sufficient unit tests for my code changes.
• 🎁 I have added end-to-end tests where feasible. See README for more details.
• 🔎 I have addressed any CI test flakiness or provided a clear reason to bypass it.
• If adding a provider feature, I have filled in the following and updated the provider documentation:
  • GitHub App
  • GitHub Webhook
  • Gitea/Forgejo
  • GitLab
  • Bitbucket Cloud
  • Bitbucket Data Center