v0.42.1

Pipelines as Code version v0.42.1

Tekton Pipelines as Code v0.42.1 has been released 🥳

This is a security and stability patch release for the v0.42.x stream, backporting fixes from v0.48.0 along with dependency updates addressing multiple CVEs.

🐛 Bug Fixes

• Prevent GitHub Enterprise host header hijacking: Validate GitHub App webhook payloads before minting tokens and derive the enterprise host from the repository URL instead of trusting the request header. Also scopes GitHub App installation tokens to the triggering repository for remote task resolution and deep-copies cached remote Pipeline/Task resources before inlining.
  • Link: ac6fded
• Redact incoming webhook query strings from logs: URL-based ?secret= values are no longer written to controller stdout.
  • Link: 238103c
• Fix gRPC CVE-2026-33186: Update google.golang.org/grpc to v1.79.3 to address a critical HTTP/2 :path validation flaw that allows bypassing authorization rules in gRPC interceptors.
  • Link: 6708eaa
• Fix Tekton Pipeline CVE-2026-33211: Upgrade tektoncd/pipeline to v1.9.2 to address a path traversal in the git resolver that could expose ServiceAccount tokens.
  • Link: 6708eaa
• Bump Tekton Pipeline to v1.9.3: Additional dependency update for the pipeline component.
  • Link: 47ac873
• Fix go-jose GHSA-78h2-9frx-2jm8: Update go-jose v3 to v3.0.5 and v4 to v4.1.4 to patch a security vulnerability in JWE and JWS handling.
  • Link: 339c30f
• Map GitLab skipped status correctly: Use gitlab.Skipped state instead of gitlab.Canceled when the conclusion is skipped, so that GitLab pipelines show the correct status.
  • Link: 8300a0f

⚙️ Chores

• Pin golangci toolchain: Download the branch-compatible golangci-lint binary and pin GOTOOLCHAIN for consistent linting.
  • Link: 989b55a
• Skip TLS verification for gosmee in e2e tests: Work around cert timing issue where gosmee starts before minica certs are generated.
  • Link: a295846
• Rename bitbucket DC env vars to match main: Update TEST_BITBUCKET_SERVER_* references to TEST_BITBUCKET_DATA_CENTER_* for pull_request_target compatibility.
  • Link: 8219dd5
• Split GHE e2e tests across three matrix slots: Add chunked splitting for github_ghe_1/2/3 targets matching main's CI matrix.
  • Link: d4044f2

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift

kubectl apply -f https://github.com/tektoncd/pipelines-as-code/releases/download/v0.42.1/release.yaml

Kubernetes

kubectl apply -f https://github.com/tektoncd/pipelines-as-code/releases/download/v0.42.1/release.k8s.yaml

Documentation

The documentation for this release is available here :

https://docs.pipelinesascode.com/v0.42.1

Changelog

• e0a6d09: Release yaml generated from d077c37 for release v0.42.0 ( <>)
• 989b55a: build(lint): pin golangci toolchain (@chmouel)
• 339c30f: chore(deps): bump go-jose v3 to v3.0.5 (@chmouel)
• 0741470: chore(deps): bump go-jose v4 to v4.1.4 (@chmouel)
• 47ac873: chore(deps): bump tekton pipeline to v1.9.3 (@chmouel)
• 6708eaa: chore(deps): update grpc and tektoncd/pipeline (@theakshaypant)
• a295846: fix(ci): skip TLS verification for gosmee client in e2e tests (@zakisk)
• d4044f2: fix(ci): split GHE e2e tests across three matrix slots (@theakshaypant)
• 8300a0f: fix(gitlab): map skipped status correctly (@theakshaypant)
• ac6fded: fix(security): backport app token safeguards (@chmouel)
• 238103c: fix(security): redact query string from incoming webhook log (@infernus01)

v0.39.6

Pipelines as Code version v0.39.6

Tekton Pipelines as Code v0.39.6 has been released 🥳

This is a security and stability patch release for the v0.39.x stream, backporting fixes from v0.48.0 along with dependency updates addressing multiple CVEs.

🐛 Bug Fixes

• Prevent GitHub Enterprise host header hijacking: Validate GitHub App webhook payloads before minting tokens and derive the enterprise host from the repository URL instead of trusting the request header. Also scopes GitHub App installation tokens to the triggering repository for remote task resolution.
  • Link: e0c4a11
• Redact incoming webhook query strings from logs: URL-based ?secret= values are no longer written to controller stdout.
  • Link: c85286e
• Fix gRPC CVE-2026-33186: Update google.golang.org/grpc to v1.79.3 to address a critical HTTP/2 :path validation flaw that allows bypassing authorization rules in gRPC interceptors.
  • Link: 6d5125b
• Fix go-jose GHSA-78h2-9frx-2jm8: Update go-jose v3 and v4 to patch a security vulnerability in JWE and JWS handling.
  • Link: 652421a
• Fix Tekton Pipeline CVE-2026-40161: Bump tektoncd/pipeline to v1.6.2 to address a high-severity vulnerability where the git resolver API mode leaks system-configured API tokens to user-controlled endpoints.
  • Link: 632c9a5
• Skip watcher status updates: Prevent forbidden errors on clusters where the watcher only has metadata and spec-level PipelineRun permissions by disabling generated status synchronization.
  • Link: 95ae7a8
• Gitea nil-safety and Forgejo compatibility: Guard against nil Sender, Repository.Owner, PullRequest.Head, and other nested webhook payload fields that can cause panics when Forgejo delivers webhooks with missing sub-objects.
  • Link: f5e54cd

✨ Major changes and Features

• Reduce informer cache memory usage: Add cache transform functions for Repository and PipelineRun informers, stripping large unnecessary fields before objects enter the cache. Benchmarks show 89% size reduction for Repository objects and 94% for PipelineRun objects.
  • Link: 68d2f42

⚙️ Chores

• Pin golangci toolchain: Download the branch-compatible golangci-lint binary and pin GOTOOLCHAIN for consistent linting.
  • Link: 591a50f
• Bump go-jose v4 to v4.1.4: Dependency update.
  • Link: 64673d3
• Rewrite e2e script for main's CI matrix: Add support for gitea_1/2/3, github_ghe_1/2/3, and other modern matrix targets so pull_request_target runs succeed.
  • Link: 402ae2c
• Skip TLS verification for gosmee in e2e tests: Work around cert timing issue where gosmee starts before minica certs are generated.
  • Link: d1f9603
• Rename bitbucket DC env vars to match main: Update TEST_BITBUCKET_SERVER_* references to TEST_BITBUCKET_DATA_CENTER_* for pull_request_target compatibility.
  • Link: af48fc8

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift

kubectl apply -f https://github.com/tektoncd/pipelines-as-code/releases/download/v0.39.6/release.yaml

Kubernetes

kubectl apply -f https://github.com/tektoncd/pipelines-as-code/releases/download/v0.39.6/release.k8s.yaml

Documentation

The documentation for this release is available here :

https://docs.pipelinesascode.com/v0.39.6

Changelog

• 8b79f2d: Release yaml generated from e100f2d for release v0.39.5 ( <>)
• 591a50f: build(lint): pin golangci toolchain (@chmouel)
• 64673d3: chore(deps): bump go-jose v4 to v4.1.4 (@chmouel)
• 632c9a5: chore(deps): bump tektoncd/pipeline to v1.6.2 (@theakshaypant)
• 6d5125b: chore(deps): update grpc to v1.79.3 (@theakshaypant)
• 402ae2c: ci: rewrite e2e script for main's matrix (@theakshaypant)
• d1f9603: fix(ci): skip TLS verification for gosmee client in e2e tests (@zakisk)
• 652421a: fix(deps): update go-jose to fix GHSA-78h2-9frx-2jm8 (@theakshaypant)
• f5e54cd: fix(gitea): add nil-safety and Forgejo compat (@theakshaypant)
• 95ae7a8: fix(reconciler): skip watcher status updates (@chmouel)
• e0c4a11: fix(security): backport app token safeguards (@chmouel)
• c85286e: fix(security): redact query string from incoming webhook log (@infernus01)
• 68d2f42: perf(informer): add TransformFuncs to reduce cache memory usage (@theakshaypant)

v0.48.0

Pipelines as Code version v0.48.0

OpenShift Pipelines as Code v0.48.0 has been released 🥳

Important

This is a security release. It includes fixes for GitHub Enterprise header hijacking, webhook secret leakage in logs, and GitHub App token over-scoping. All users are encouraged to upgrade as soon as possible.

✨ Major changes and Features

• TLS configuration support: Add configurable TLS settings (min version, cipher suites, curve preferences) for the PAC controller via deployment environment variables, allowing the Tekton Operator to propagate TLS configuration without code changes.
  • Link: #2738
  • Jira: SRVKP-9681
• Deprecation warnings for Tekton Hub integration: Deprecated the Tekton Hub catalog integration across documentation, configuration, and resource resolution. The public Tekton Hub has been shut down, and support for self-hosted Tekton Hub instances is now formally deprecated ahead of full removal in a future release.
  • Link: #2746
  • Jira: SRVKP-12187
• Gitea remote task resolution: Enable Gitea/Forgejo provider to resolve remote taskRef URLs using the provider's authenticated API instead of returning "not supported". Supports branch, tag, and commit SHA URL formats.
  • Link: #2732

🐛 Bug Fixes

• Prevent GitHub Enterprise header hijacking: Validate webhook signature before minting App tokens and restrict the GitHub Enterprise host header to prevent an attacker from redirecting token requests to an arbitrary host.
  • Link: #2759
• Redact query string from incoming webhook log: Fix secret leakage in the incoming-webhook handler where the full URL including ?secret=<value> was logged verbatim. Now logs only the URL path.
  • Link: #2754
• Scope GitHub App token and deep-copy cached remote resources: Scope GitHub App token to the triggering repository when no extra scope config is present, preventing remote task annotations from accessing private repos. Also deep-copy cached remote Pipeline and Task objects before inlining to prevent mutation from contaminating subsequent PipelineRuns.
  • Link: #2705
• Remove unused secrets/delete permission from controller: Remove the unused cluster-wide secrets/delete permission from the controller ServiceAccount, following the principle of least privilege.
  • Link: #2744
• Enable controller profiling: Bump knative/eventing to v0.49.0 which includes the pprof server fix so controller profiling actually works, and update the profiling guide for the OpenCensus to OpenTelemetry migration.
  • Link: #2720

⚙️ Chores

• Preserve dots in image tags for version tag pushes: Fix container workflow tag sanitization to keep dots in version tags, ensuring release manifests reference the correct image tags.
  • Link: #2742
• Update incoming webhook legacy params deprecation message: Update the deprecation message for secret passing in URL query parameters.
  • Link: #2757
• Parse JSON test output for Slack notifications: Switch CI notify-slack script to parse JSON test output instead of the nonexistent log file.
  • Link: #2753
• Bump mxschmitt/action-tmate from 3.23 to 3.24: Updated CI dependency to latest version.
  • Link: #2750

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift

kubectl apply -f https://github.com/tektoncd/pipelines-as-code/releases/download/v0.48.0/release.yaml

Kubernetes

kubectl apply -f https://github.com/tektoncd/pipelines-as-code/releases/download/v0.48.0/release.k8s.yaml

Documentation

The documentation for this release is available here :

https://docs.pipelinesascode.com/v0.48.0

Changelog

• 3811249: chore(deps): bump knative/eventing to v0.49.0 (@theakshaypant)
• 4d0454b: chore(deps): bump mxschmitt/action-tmate from 3.23 to 3.24 (@dependabot[bot])
• bd262aa: chore: update incoming webhook legacy params deprecation message (@zakisk)
• 67cfa52: docs(profiling): update guide for OTel migration (@theakshaypant)
• 32820cb: feat(gitea): implement GetTaskURI for remote task resolution (@theakshaypant)
• 4dac4d6: feat: Add deprecation warnings for Tekton Hub integration (@chmouel)
• 0bb2f82: feat: add TLS configuration support (@zakisk)
• 223e39c: fix(ci): parse JSON test output for Slack notifications (@theakshaypant)
• 0017828: fix(github): scope App token to triggering repo (@theakshaypant)
• 69fa323: fix(release): preserve dots in image tags for version tag pushes (@chmouel)
• ee5d9b0: fix(resolve): deep-copy cached resources before inlining (@theakshaypant)
• 2c03760: fix(security): redact query string from incoming webhook log (@infernus01)
• 402d5c7: fix: prevent GitHub Enterprise header hijacking in app token requests (@chmouel)
• 8854274: fix: remove unused secrets/delete permission from controller (@chmouel)

v0.47.0

Pipelines as Code version v0.47.0

OpenShift Pipelines as Code v0.47.0 has been released 🥳

✨ Major changes and Features

• CEL string and list extension functions: Unlocks join(), replace(), substring(), split(), trim(), upperAscii(), lowerAscii() and other standard CEL string/list operations in on-cel-expression annotations and {{ cel: }} template expressions.
  • Link: #2725
  • Jira: SRVKP-11940
• GitHub API rate limit Kubernetes event: Emits a Kubernetes Repository event when the GitHub API rate limit is exhausted, surfacing the issue to operators via kubectl describe.
  • Link: #2715

🐛 Bug Fixes

• Bitbucket Data Center: detect file changes on merged PR push: Fixes on-path-change and on-cel-expression filters silently skipping PipelineRuns when the push event is a merge commit with no listed file changes; the Bitbucket /changes API is now used to diff the actual modified files.
  • Link: #2719
  • Jira: SRVKP-9638
• Skip key=value arguments as PipelineRun names in /test: When a user posts /test custom1=value, the key=value argument was incorrectly treated as a PipelineRun name and bypassed on-comment annotation matching; it is now correctly passed through as a parameter.
  • Link: #2712
• Label value sanitization and normalization: Ensures Kubernetes label values (e.g. branch names) are sanitized to comply with the 63-character limit and valid character set rules, preventing label validation errors.
  • Link: #2724
• Reconciler: skip watcher status updates: Fixes a regression introduced in #2667 that caused forbidden errors on clusters where the watcher service account lacks pipelineruns/status update permissions; the generated status sync is now disabled for the watcher.
  • Link: #2735
• GitLab: post informative comment on inaccessible fork MR: When a merge request originates from a fork the bot cannot access, PAC now posts a comment on the MR explaining the situation rather than silently failing.
  • Link: #2739

⚙️ Chores

• Fix documentation reference in formatting package: Corrected the godoc comment in CleanValueKubernetes to point to the right Kubernetes label specification.
  • Link: #2731
• Update golangci-lint configuration: Replaced deprecated gomodguard linter with gomodguard_v2 and disabled the inline govet check to reduce false positives.
  • Link: #2736
• Update golangci-lint to v2.12.2: Bumped the CI golangci-lint image to match the updated linter configuration.
  • Link: #2737

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift

kubectl apply -f https://github.com/tektoncd/pipelines-as-code/releases/download/v0.47.0/release.yaml

Kubernetes

kubectl apply -f https://github.com/tektoncd/pipelines-as-code/releases/download/v0.47.0/release.k8s.yaml

Documentation

The documentation for this release is available here :

https://docs.pipelinesascode.com/v0.47.0

What's Changed

• chore(github): emit event when API rate limit exceeded by @theakshaypant in #2715
• fix(opscomments): skip key=value args as PR names by @theakshaypant in #2712
• fix: label values sanitization and normalization by @filariow in #2724
• fix: point to the right doc in formatting by @filariow in #2731
• fix(bitbucket-datacenter): detect changes on merged PR push by @zakisk in #2719
• feat(cel): enable string and list extension functions in CEL expressions by @zakisk in #2725
• chore: update golangci linter configuration by @chmouel in #2736
• ci: update golangci-lint to v2.12.2 by @theakshaypant in #2737
• fix(reconciler): skip watcher status updates by @chmouel in #2735
• fix(gitlab): post MR comment on inaccessible fork by @theakshaypant in #2739

New Contributors

• @filariow made their first contribution in #2724

Full Changelog: v0.46.0...v0.47.0

Changelog

• 25b9307: add sanification of the input and improve logic (@filariow)
• c615efb: chore(github): emit event when API rate limit exceeded (@theakshaypant)
• 9db1fec: chore: update golangci linter configuration (@chmouel)
• 2b9a6f1: ci: update golangci-lint to v2.12.2 (@theakshaypant)
• 861a507: docs(on-comment): warn against built-in commands (@theakshaypant)
• 445941b: feat(cel): enable string and list extension functions in CEL expressions (@zakisk)
• f841d2d: fix(bitbucket-datacenter): detect changes on merged PR push (@zakisk)
• 529a725: fix(gitlab): post MR comment on inaccessible fork (@theakshaypant)
• 4b1d7f7: fix(opscomments): skip key=value args as PR names (@theakshaypant)
• 4c7b0e0: fix(reconciler): skip watcher status updates (@chmouel)
• 6522de8: fix: label values when dot are present (@filariow)
• 5226968: fix: linter complaints (@filariow)
• e75942f: fix: move from RFC1123 to LabelValue (@filariow)
• f05bcd0: fix: point to the right doc in formatting (@filariow)
• a43ae55: fix: remove unneeded check (@filariow)

v0.46.0

Pipelines as Code version v0.46.0

OpenShift Pipelines as Code v0.46.0 has been released 🥳

✨ Major changes and Features

• Distributed tracing for webhook handling and PipelineRun timing: When tracing is enabled via the pipelines-as-code-config-observability ConfigMap, PaC emits OpenTelemetry trace spans for webhook event processing and PipelineRun lifecycle timing, with W3C trace context propagation.
  • Link: #2605
• Implement GetCommitStatuses on Forgejo: The Forgejo/Gitea provider now returns real commit statuses instead of nil, enabling the annotation matcher to correctly detect pruned-but-successful pipeline runs so /retest only re-runs failed pipelines.
  • Link: #2659
• Enable recursive .tekton dir retrieval for Forgejo: PipelineRuns nested in subdirectories under .tekton/ are now discovered and executed on Forgejo, instead of only top-level entries.
  • Link: #2694
• Handle Forgejo headers in CLI provider auto-detection: The tkn pac cel command now recognizes X-Forgejo-Event-Type headers for automatic Forgejo webhook provider detection.
  • Link: #2700
• Reduce informer cache memory usage: Added TransformFuncs to Repository and PipelineRun informers that strip large unnecessary fields (ManagedFields, Annotations, Status, Spec) before objects enter the cache.
  • Link: #2667
• Cache check-run lookups with retry: GitHub check-run API responses are now cached to avoid repeated paginated API calls during status updates, with concurrent goroutines sharing a single in-flight fetch.
  • Link: #2669

🐛 Bug Fixes

• Fix /ok-to-test not triggering CI on GitHub webhook PRs: The GitHub client was never initialized for webhook-based issue comment events, causing /ok-to-test from an admin to silently fail on unauthorized PRs.
  • Link: #2682
• Clear pending check on ok-to-test for GitHub webhook: The pending check run created for unauthorized PRs was never resolved after an admin commented /ok-to-test, leaving it stuck indefinitely.
  • Link: #2706
• Update /ok-to-test status to success for GitLab: Similar to Forgejo, GitLab now updates the "pending approval" commit status to success after /ok-to-test is posted on an unauthorized user's MR.
  • Link: #2642
• Pin GitLab commit statuses to the same pipeline: Caches the pipeline_id from the first SetCommitStatus response so all subsequent status updates for the same SHA stay on the same GitLab pipeline, preventing split statuses.
  • Link: #2671
• Map GitLab skipped status correctly: Use gitlab.Skipped state instead of gitlab.Canceled when the conclusion is skipped, so GitLab pipelines show the correct skipped status.
  • Link: #2676
• Restrict same-repo ACL permission to trusted context: Issue comment senders are no longer granted trust based solely on same-repo PR shape; they must pass collaborator, org-membership, or OWNERS checks.
  • Link: #2665
• Guard nil response and cap comment pagination in ACL checks: Prevents a panic when wrapAPI returns a nil response on transport-level failures, and caps comment pagination to avoid unbounded API calls.
  • Link: #2663
• Prevent duplicate Repository CR on trailing slash: The webhook admission controller now normalizes URLs before comparison, preventing bypass of uniqueness validation by appending a trailing slash.
  • Link: #2683
• Use provided target ref in GetFileInsideRepo: Fixed GetFileInsideRepo ignoring the caller-supplied target ref and substituting runevent.BaseBranch, which caused OWNERS ACL and remote task fetches to resolve against the wrong branch.
  • Link: #2696
• Resolve CEL expression failure on Bitbucket Cloud push events: Push events incorrectly set Event to a string instead of a JSON object, causing all CEL expressions to fail with an unmarshal error.
  • Link: #2704
• Truncate Bitbucket Cloud commit status key to 40-char limit: Bitbucket Cloud limits commit status keys to 40 characters; status keys are now properly truncated.
  • Link: #2702
• Use pull request number from issue comment payload: Use the PR number directly from the issue comment payload instead of parsing it from the pull request URL.
  • Link: #2711
• Fix skip-install option in bootstrap command: The bootstrap process now correctly allows users to bypass the installation check, preventing failures when Pipelines as Code is already installed.
  • Link: #2709

📚 Documentation Updates

• Align CLI docs and install guidance: Standardized Homebrew installation instructions, fixed README quickstart bootstrap example, expanded the CLI index, and clarified bootstrap github-app behavior.
  • Link: #2684
• Fix incorrect Forgejo webhook signature validation claim: Corrected the documentation that incorrectly stated PAC does not validate webhook signatures for Forgejo/Gitea — HMAC-SHA256 validation is fully implemented.
  • Link: #2658
• Update release notes documentation URL format: Changed documentation links to point to the new centralized documentation site.
  • Link: #2654
• Note about e2e permission in Bitbucket Cloud docs: Added a note about additional permissions required for running e2e tests.
  • Link: #2703

⚙️ Chores

• Update Go and third-party dependencies: Updated Go to 1.25.7 and refreshed several modules including cel-go, tektoncd/pipeline, and knative/eventing.
  • Link: #2656
• Refactor LLM package: Simplified the pkg/llm package with a registry-based provider pattern, removing the factory and orchestrator.
  • Link: #2673
• Return early from detect for edited comments: Moved the edited comment event filter earlier in the processing pipeline.
  • Link: #2674
• Remove outdated skipped tests and stabilize queue ordering: Fixed priority queue insertion-order stability and removed legacy v1beta1 test assertions.
  • Link: #2649
• Allow configuration of gotestsum output format: Added a Makefile variable to override the default test output style.
  • Link: #2675
• Add GitHub step summaries for e2e test suites: Added workflow step to generate markdown summaries of test results in CI.
  • Link: #2670
• Use provider-wide functions: Consolidated shared provider utility functions.
  • Link: #2672
• Update repository URLs to upstream tektoncd: Changed remote task and module URLs from the OpenShift downstream mirror to the upstream repository.
  • Link: #2691
• Replace e2e env variables from server to data center: Renamed Bitbucket Server env variables to Data Center.
  • Link: #2666
• Add reviewers and approvers in OWNERS: Updated the OWNERS file with approvers and reviewers.
  • Link: #2686
• Use GH_TOKEN secret in permission check step: Switched from GITHUB_TOKEN to GH_TOKEN for org membership checks.
  • Link: #2660
• Update tar extraction for new zizmor archive: Fixed binary extraction for newer zizmor releases.
  • Link: #2679
• Bump actions/upload-artifact from 7.0.0 to 7.0.1.
  • Link: #2678
• Bump actions/cache from 5.0.4 to 5.0.5.
  • Link: #2693
• Bump github.com/tektoncd/pipeline from 1.11.0 to 1.11.1.
  • Link: #2698
• Update go-github dependency.
  • Link: #2714

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift

kubectl apply -f https://github.com/tektoncd/pipelines-as-code/releases/download/v0.46.0/release.yaml

Kubernetes

kubectl apply -f https://github.com/tektoncd/pipelines-as-code/releases/download/v0.46.0/release.k8s.yaml

Documentation

The documentation for this release is available here :

https://docs.pipelinesascode.com/v0.46.0

What's Changed

• chore: Update Go and third-party dependencies by @chmouel in #2656
• docs: update release notes documentation URL format by @chmouel i...

v0.45.0

Pipelines as Code version v0.45.0

OpenShift Pipelines as Code v0.45.0 has been released 🥳

✨ Major changes and Features

• Implement GraphQL batch fetching for .tekton files: Introduced GraphQL-based batch fetching for .tekton directory files, significantly reducing GitHub API calls and improving performance for repositories with many pipeline files.
  • Link: #2423
  • Jira: SRVKP-11470

🐛 Bug Fixes

• Restore relative task path resolution for repository paths: Fixed a regression where relative task paths were not resolved correctly when using repository-based path references.
  • Link: #2554
  • Jira: SRVKP-11021
• Fix watcher secret creation log and OpenShift console link: Corrected watcher secret creation logging output and fixed the OpenShift console link generation.
  • Link: #2637
• Populate DefaultBranch for incoming webhooks: Fixed missing DefaultBranch field population when processing incoming webhook events, ensuring correct branch detection.
  • Link: #2647

📚 Documentation Updates

• Rearrange events in GitHub App docs: Reorganized the events section in GitHub App documentation for improved readability and discoverability.
  • Link: #2648

⚙️ Chores

• Move secret creation to reconciler: Refactored secret creation logic to the reconciler for improved code organization and separation of concerns.
  • Link: #2510
• Cache getPullRequest result in GitHub provider: Added internal caching of getPullRequest results in the GitHub provider to reduce redundant API calls.
  • Link: #2621
• Replace real time.Sleep with clockwork in unit tests: Substituted real time.Sleep calls with a fake clockwork clock in unit tests, reducing overall test execution time by 10–13 seconds.
  • Link: #2627
• Use ok-to-test action for E2E permission checks: Updated E2E CI pipeline to use the ok-to-test GitHub Action for safer permission handling.
  • Link: #2628
• Fix test execution and improve assertions: Fixed test execution issues and strengthened test assertions for better reliability.
  • Link: #2631
• Add zizmor and fix GitHub Actions security findings: Integrated the zizmor security scanner and resolved identified GitHub Actions security issues.
  • Link: #2632
• Update ok-to-test action commit SHA: Pinned the ok-to-test action to a specific commit SHA for improved CI security.
  • Link: #2634
• Bump github.com/go-jose/go-jose/v3 from 3.0.4 to 3.0.5: Updated go-jose/v3 dependency to the latest patch release.
  • Link: #2638
• Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4: Updated go-jose/v4 dependency to the latest patch release.
  • Link: #2639
• Bump jaxxstorm/action-install-gh-release from 2.1.0 to 3.0.0: Updated jaxxstorm/action-install-gh-release GitHub Action to major version 3.
  • Link: #2640
• Bump actions/setup-go from 6.3.0 to 6.4.0: Updated actions/setup-go GitHub Action to the latest version.
  • Link: #2641
• Fix PR close condition in e2e tests: Corrected the PR close condition check in e2e tests to improve test reliability.
  • Link: #2645
• Allow actions token write permission on PR: Granted the required write permission for the actions token in PR CI workflows.
  • Link: #2650
• Fix GitHub token permissions in CI: Fixed GitHub token permission configuration in CI workflows.
  • Link: #2651

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift

kubectl apply -f https://github.com/tektoncd/pipelines-as-code/releases/download/v0.45.0/release.yaml

Kubernetes

kubectl apply -f https://github.com/tektoncd/pipelines-as-code/releases/download/v0.45.0/release.k8s.yaml

Documentation

The documentation for this release is available here :

https://docs.pipelinesascode.com/v0.45.0

What's Changed

• chore: replace real time.Sleep with clockwork in unit tests by @chmouel in #2627
• refactor: move secret creation to reconciler by @zakisk in #2510
• fix(resolve): restore relative task path resolution for repository paths by @theakshaypant in #2554
• feat: Implement GraphQL batch fetching for .tekton files by @chmouel in #2423
• perf(github): cache getPullRequest result in Provider by @theakshaypant in #2621
• test: fix test execution and improve assertions by @chmouel in #2631
• ci(e2e): use ok-to-test action for permission checks by @zakisk in #2628
• ci: update ok-to-test action commit SHA by @zakisk in #2634
• fix(gh): fix re-run button on Pull Requests by @chmouel in #2597
• fix: watcher secret creation log and osc link by @chmouel in #2637
• chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by @dependabot[bot] in #2639
• chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.4 to 3.0.5 by @dependabot[bot] in #2638
• chore(deps): bump actions/setup-go from 6.3.0 to 6.4.0 by @dependabot[bot] in #2641
• chore(deps): bump jaxxstorm/action-install-gh-release from 2.1.0 to 3.0.0 by @dependabot[bot] in #2640
• fix: PR close condition in e2e tests by @zakisk in #2645
• docs: rearrange events in gh app docs by @zakisk in #2648
• ci: add zizmor and fix GHA security findings by @theakshaypant in #2632
• fix: populate DefaultBranch for incoming webhooks by @vdemeester in #2647
• fix(ci): allow actions token write permission on PR by @zakisk in #2650
• fix(ci): Fix permission for GitHub token by @zakisk in #2651

Full Changelog: v0.44.0...v0.45.0

v0.44.0

Pipelines as Code version v0.44.0

OpenShift Pipelines as Code v0.44.0 has been released 🥳

✨ Major changes and Features

• Configurable GitOps command prefix: Users can now configure a custom prefix for GitOps commands (e.g., /ok-to-test, /retest) via the Repository CR, enabling multi-tenant environments where different teams need distinct command namespaces.

  • Link: #2443
  • Jira: SRVKP-7197

• GitLab commit status fallback for retest: GitLab provider now falls back to commit status when pipeline status is unavailable during a retest, improving reliability of retest operations in GitLab environments.

  • Link: #2583

🐛 Bug Fixes

• GitHub URL path validation for repository scoping: Repository CRs with malformed GitHub URLs containing extra path segments (e.g., https://github.com/org/repo/extra) are now rejected at admission. Detects GitHub Enterprise instances via Server header and /api/v3/meta endpoint, preventing token scope bypass.

  • Link: #2514
  • Jira: SRVKP-10943

• Forgejo ok-to-test status update: Fixed reporting of the /ok-to-test status on Forgejo, ensuring external contributor approval is correctly reflected as a commit status.

  • Link: #2571

• Adapter data race eliminated: Fixed a data race on a shared event field in the adapter that could cause non-deterministic failures under concurrent load.

  • Link: #2590

📚 Documentation Updates

• Profiling guide for PAC components: Added an operations guide describing how to enable and use profiling for Pipelines-as-Code controller components.

  • Link: #2602

• Documentation rework: Updated and reorganised existing documentation content for clarity and accuracy.

  • Link: #2570

⚙️ Chores

• Migrate to tektoncd organisation: Moved repository references, image registries, and documentation URLs from openshift-pipelines to the official tektoncd organisation.

  • Link: #2569

• OpenCensus to OpenTelemetry migration: Replaced deprecated OpenCensus instrumentation with OpenTelemetry across the codebase.

  • Link: #2567

• Remove go.mod replace directives: Cleaned up unnecessary replace clauses in go.mod.

  • Link: #2586

• Dependency updates: Bumped google.golang.org/grpc (1.78.0→1.79.3), github.com/tektoncd/pipeline (1.10.0→1.10.2), actions/download-artifact (8.0.0→8.0.1), actions/cache (5.0.3→5.0.4), and fixed stale k8s.io/client-go version.

  • Link: #2591

• ok-to-test label gating for external contributors: CI now supports ok-to-test label as a fallback gate for external contributors who are not org members, with automatic label removal on new pushes.

  • Link: #2611

• E2E and test infrastructure improvements: Multiple fixes and enhancements to e2e test reliability, CI trigger conditions, test naming conventions, and nightly test cleanup.

  • Link: #2609

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift

kubectl apply -f https://github.com/tektoncd/pipelines-as-code/releases/download/v0.44.0/release.yaml

Kubernetes

kubectl apply -f https://github.com/tektoncd/pipelines-as-code/releases/download/v0.44.0/release.k8s.yaml

Documentation

The documentation for this release is available here :

https://docs.pipelinesascode.com/v0.44.0/

---

What's Changed

• Move to tektoncd by @chmouel in #2569
• fix: add http suffix in provider url for forgejo by @zakisk in #2573
• fix: add http suffix in provider url for forgejo by @zakisk in #2575
• fix(github): validate repo URL path for scoping by @theakshaypant in #2514
• docs: rework doc by @chmouel in #2570
• chore(deps): bump actions/download-artifact from 8.0.0 to 8.0.1 by @dependabot[bot] in #2574
• chore: add release-notes skill by @chmouel in #2568
• feat: overhaul README and add link checker by @chmouel in #2578
• chore: remove PR CI and Jira skill automation by @chmouel in #2581
• chore: add second gitlab token and group for e2e tests by @chmouel in #2584
• Fix stale k8s.io/client-go version in go.mod by @dsimansk in #2585
• chore: remove a bunch go.mod replace directives by @chmouel in #2586
• fix: disable documentation link checker by @chmouel in #2587
• chore(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 by @dependabot[bot] in #2591
• fix: fix unittest failure when validating gh url by @chmouel in #2593
• fix(forgejo): Update /ok-to-test status by @zakisk in #2571
• chore(deps): bump actions/cache from 5.0.3 to 5.0.4 by @dependabot[bot] in #2600
• gitlab: implement commit status fallback for retest by @chmouel in #2583
• docs(operations): add profiling guide for PAC components by @theakshaypant in #2602
• chore: only build the container when needed by @chmouel in #2588
• refactor: migrate from OpenCensus to OpenTelemetry by @zakisk in #2567
• test: use /test for TestGiteaReTestAll (and rename it) by @chmouel in #2589
• test: run e2e on go.mod, go.sum and modules.txt by @zakisk in #2609
• feat: update gendocs to handle old version by @chmouel in #2610
• test: remove nightly tests by @zakisk in #2553
• feat(github): add configurable GitOps command prefix by @zakisk in #2443
• feat: integrate testrr for CI test reporting by @chmouel in #2606
• chore(deps): bump github.com/tektoncd/pipeline from 1.10.0 to 1.10.2 by @dependabot[bot] in #2607
• fix(e2e): find controller in installation namespaces by @theakshaypant in #2603
• chore: update dependencies by @chmouel in #2614
• chore: update dependencies and documentation linting rules by @chmouel in #2617
• fix: update URLs after move to @pipelines-as-code by @chmouel in #2619
• fix: update stepaction url in test data by @chmouel in #2620
• test(e2e): allow external PRs via ok-to-test label by @zakisk in #2611
• fix(adapter): eliminate data race on shared event field by @chmouel in #2590
• fix: TestGHEPullRequestGitopsCommentCancel race by @chmouel in #2598
• ci(e2e): trigger e2e on .github/scripts changes by @zakisk in #2623
• fix(ci): remove ok-to-test label immediately after check by @zakisk in #2622
• chore: add .gemini configuration file for ignroePaths by @zakisk in #2618
• fix(e2e): correct team slugs for permission check by @zakisk in #2625
• tests: enforce conventions for go Test by @chmouel in #2624
• chore: use pipelines-as-code org for pac-boussole by @zakisk in #2626
• fix(llm): fix OpenAI param and default analysis to failed runs by @theakshaypant in #2615

New Contributors

• @dsimansk made their first contribution in #2585

Full Changelog: v0.43.0...v0.44.0

v0.43.0

Pipelines as Code version v0.43.0

OpenShift Pipelines as Code v0.43.0 has been released 🥳

Important

This is the latest release on openshift-pipelines before moving to tektoncd org

✨ Major changes and Features

• Allow custom user agent for Gitea/Forgejo: Users can now configure a custom User-Agent header for Gitea and Forgejo providers, useful for identifying PAC instances in server logs.
  • Link: #2494
  • Jira: SRVKP-10579
• Add comment strategy support for Gitea provider: Introduced comment update strategy support for the Gitea provider, allowing users to control how status comments are managed on pull requests.
  • Link: #2503
  • Jira: SRVKP-10900
• Cache changed files in Gitea provider: Improved performance by caching changed files in the Gitea provider, reducing redundant API calls during pipeline runs.
  • Link: #2552
  • Jira: SRVKP-10944
• Show helpful message when /retest has nothing to retest: When a user issues /retest but there are no failed PipelineRuns to retry, PAC now responds with a clear, informative message instead of silently doing nothing.
  • Link: #2399
  • Jira: SRVKP-10373

🐛 Bug Fixes

• Restrict comment editing to PAC-owned comments (Gitea): Fixed an issue where PAC could inadvertently edit comments not created by its own identity on Gitea.
  • Link: #2488
  • Jira: SRVKP-10857
• Restrict comment editing to PAC-owned comments (GitHub): Fixed the same comment ownership issue on the GitHub provider, ensuring PAC only edits its own comments.
  • Link: #2487
  • Jira: SRVKP-10857
• Set PipelineURL for cached pipelines to resolve relative task paths: Fixed a bug where relative task references in cached pipelines failed to resolve because the PipelineURL was not being set.
  • Link: #2416
  • Jira: SRVKP-10604
• Parse branch vs tag by 'tag:' in gitops-comments: Fixed gitops comment parsing to correctly distinguish between branch and tag references using the tag: prefix.
  • Link: #2505
  • Jira: SRVKP-10915
• Preserve source_url on retest comment reruns (Gitea): Fixed an issue where the source URL was lost when retriggering runs via retest comments on Gitea.
  • Link: #2502
  • Jira: SRVKP-10575
• Avoid webhook feedback loop on no-ops comment events: Prevented PAC from creating an infinite feedback loop when processing comment events that result in no operations.
  • Link: #2504
  • Jira: SRVKP-10912
• Correct type for status options: Fixed incorrect type usage for provider status conclusion options.
  • Link: #2499
• Use positive check for InstallationID: Fixed label handling to use a positive check for InstallationID, preventing incorrect behavior with default values.
  • Link: #2506
• Workaround the GitLab diff API limit: Added a workaround for GitLab's diff API pagination limits, ensuring all changed files are detected even in large merge requests.
  • Link: #2482

📚 Documentation Updates

• Update Bitbucket Cloud docs for API tokens: Updated documentation to reflect the current API token authentication flow for Bitbucket Cloud.
  • Link: #2501
• Correct artifacthub API URL in docs: Fixed an incorrect ArtifactHub API URL in the documentation.
  • Link: #2530
• Revamp documentation site: Major documentation refresh with improved structure and navigation.
  • Link: #2532
• Refactor configmap documentation: Reorganized and clarified the configmap configuration reference.
  • Link: #2535
• Clarify App ID location in GitHub App details: Improved docs to make it clearer where to find the App ID in GitHub App settings.
  • Link: #2546

⚙️ Chores

• Consolidate JWT generation: Refactored GitHub JWT token generation into a single consolidated implementation.
  • Link: #2541
  • Jira: SRVKP-10952
• Revert GitHub comment workaround: Removed a previously needed workaround for GitHub comment deduplication.
  • Link: #2511
  • Jira: SRVKP-10938
• Constantize provider StatusOpt conclusion options: Refactored status option conclusions to use constants instead of raw strings.
  • Link: #2384
• Bump Forgejo SDK to v3: Updated the Forgejo SDK dependency to version 3.
  • Link: #2544
• Pin GitHub Actions to commit SHAs: Improved CI security by pinning all GitHub Actions to specific commit hashes.
  • Link: #2507
• Pin actions/checkout to a specific hash: Further CI security hardening by pinning the checkout action.
  • Link: #2556
• Bump actions/upload-artifact from 6.0.0 to 7.0.0: Updated CI dependency.
  • Link: #2521
• Bump actions/setup-go from 6.2.0 to 6.3.0: Updated CI dependency.
  • Link: #2520
• Bump actions/download-artifact from 7.0.0 to 8.0.0: Updated CI dependency.
  • Link: #2519
• Add task to generate AI release notes: Added a Tekton task for AI-powered release note generation.
  • Link: #2500
• Resolve golangci-lint issues: Fixed various linting warnings flagged by golangci-lint.
  • Link: #2551
• Fix docs generation tooling: Fixed the documentation build pipeline.
  • Link: #2538
• Sync PR template types with linter config: Aligned the PR template commit type list with the linter configuration.
  • Link: #2522
• Remove commit prefix checks in PR template: Simplified the PR template by removing commit prefix validation.
  • Link: #2525
• Reenable BitbucketDC and move more tests to GHE: Re-enabled Bitbucket Data Center e2e tests and migrated additional tests to GitHub Enterprise.
  • Link: #2497
• Split github_ghe job into 3 parallel chunks: Improved CI speed by parallelizing GHE test execution.
  • Link: #2517
• Implement file-based configuration for test environments: Added file-based config support for e2e test environment setup.
  • Link: #2512
• Use dynamic projects and smee for GitLab E2E: Improved GitLab e2e test isolation using dynamic projects and smee proxies.
  • Link: #2524
• Migrate GitHub webhook tests to GHE: Moved webhook tests from public GitHub to GitHub Enterprise for better test isolation.
  • Link: #2529
• Correct cache-fetch step reference in pipelines: Fixed an incorrect step reference in CI pipelines.
  • Link: #2537
• Update e2e workflow secrets configuration: Fixed e2e workflow secret references.
  • Link: #2555

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.43.0/release.yaml

Kubernetes

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.43.0/release.k8s.yaml

Documentation

The documentation for this release is available here :

https://release-v0-43-0.pipelines-as-code.pages.dev

#...

v0.42.0

Pipelines as Code version v0.42.0

OpenShift Pipelines as Code v0.42.0 has been released 🥳

✨ Major changes and Features

• feat(github): add update comment strategy for GitHub: Add an update comment strategy for GitHub to create and update a single comment per PipelineRun on re-execution.
  • Link: #2481
  • Jira: SRVKP-10453
• feat(gitlab): add update comment stategy: Introduce an update comment strategy for GitLab which updates a single status comment per PipelineRun on every trigger.
  • Link: #2446
  • Jira: SRVKP-10453
• feat: Switch gitea to forgejo provider type: Introduce native configuration support for Forgejo as a distinct, first-class Git provider type.
  • Link: #2476
  • Jira: SRVKP-10487
• feat: Move some GitHub public e2e test to GHE: Enable the second controller flag in numerous GitHub integration tests to ensure broader coverage for GitHub Enterprise.
  • Link: #2466

🐛 Bug Fixes

• fix: Add target ns annotation to on-tag e2e pipelinerun: Add missing target namespace annotation to the on-tag e2e PipelineRun to resolve test execution failures.
  • Link: #2495
• fix: variables substitution issue on commit comment in GitLab: Fix variable substitution issues for commit comments in GitLab by providing the event payload in the body variable.
  • Link: #2391
  • Jira: SRVKP-9458
• fix: Rename gh Second to GHE and move remove flaky: Rename the secondary GitHub E2E provider to github_ghe for clarity and fold standalone flaky tests into the main matrix.
  • Link: #2480
• fix: Move to gitlab.pipelinesascode.com for e2e: Migrate E2E testing to a dedicated GitLab instance to prevent timeouts and improve test stability.
  • Link: #2492
• fix: Handle non-http(s) URLs in assembleTaskFQDNs: Add validation to ensure only HTTP(S) URLs are used as a base for resolving relative task URLs.
  • Link: #2486
  • Jira: SRVKP-10880
• fix(github): resolve pull_request_number on retest for pushed commits: Fix a bug where the pull_request_number variable was not substituted when a /retest command was issued on a pushed commit.
  • Link: #2473
  • Jira: SRVKP-10662
• fix: Update Go-SCM to v1.15.17 for Bitbucket Group Permissions: Bump go-scm to v1.15.17 to resolve permission checking bugs for Bitbucket Data Center groups.
  • Link: #2479
• fix: skip prun when target-ns repo cannot be found: Skip PipelineRun creation when a target-namespace annotation points to a namespace that lacks a matching Repository object.
  • Link: #2483
• fix: target-namespace annotation for gitops /test, /cancel comments: Fix target-namespace resolution to respect the PipelineRun template annotation for explicit /test and /cancel GitOps commands.
  • Link: #2472
• fix: Skip Bitbucket Datacenter tests temporarily: Temporarily skip Bitbucket Datacenter tests due to infrastructure unavailability.
  • Link: #2475
• fix: set the correct custom hub catalog type: Validate the custom hub catalog URL to correctly set the catalog type instead of defaulting to artifacthub.
  • Link: #2371
  • Jira: SRVKP-9976
• fix: Enforce webhook signature for Forgejo: Implement signature validation for Gitea and Forgejo webhooks to ensure incoming request authenticity.
  • Link: #2421
  • Jira: SRVKP-10609
• fix: change version to versiondata dir name: Rename the version directory to versiondata to fix linting-related failures in the coverage release YAML pipeline.
  • Link: #2469
• fix(github): support lightweight tags for GitOps commands: Correctly parse GitHub payloads to support GitOps commands like /test or /retest triggered on lightweight tags.
  • Link: #2407
  • Jira: SRVKP-10467
• test(gitlab): use push SHA to avoid stale MR API: Avoid stale SHA references after force pushes in GitLab by using the SHA directly from PushFilesToRefGit.
  • Link: #2453
• fix: use correct dir to store ghe gosmee payloads: Use the correct temporary directory to store and check GitHub Enterprise gosmee replay payloads for E2E tests.
  • Link: #2463
• fix(github): use correct name for failed checkruns on retest: Use the generated name fallback when reporting test failures to prevent failed check runs from being wiped out.
  • Link: #2455
  • Jira: SRVKP-10741
• fix: Check status by SHA in wait check: Fix SHA matching in wait/check test utilities to correctly find statuses when multiple exist for a repository.
  • Link: #2459
• fix: use random generated namespace in TestOthersRepositoryCreation: Use a randomly generated namespace to prevent namespace collision failures in the TestOthersRepositoryCreation test.
  • Link: #2458
• fix(github): add workaround for duplicate comment creation: Mitigate duplicate PR comments seen in E2E tests by adding a random sleep and re-check before creation.
  • Link: #2457
• perf(github): skip comment edit when body is already up to date: Optimize GitHub API usage by bypassing comment edit requests when the message body has not changed.
  • Link: #2452
• test: Update git-clone StepAction to tekton v1beta1: Update the git-clone StepAction API version from v1alpha1 to v1beta1 to align with current stable Tekton APIs.
  • Link: #2450
• fix: Rename golden file for flaky pull request test: Rename a golden test file to improve clarity and organization for testing flaky pull requests.
  • Link: #2449
• fix: E2E test improvements and CEL error reporting: Ensure CEL validation errors are only reported once per PR instead of producing duplicate comments.
  • Link: #2448
• fix: use fully qualified urls for images in .tekton: Add fully qualified URLs for all images used within the Tekton resources in the .tekton directory.
  • Link: #2447
• fix: Increase log line count for tests: Enforce naming conventions and increase log line checks in E2E tests to provide better diagnostics.
  • Link: #2445
• fix: Initialize gitea_tests array: Explicitly initialize the gitea_tests array to an empty array to prevent unexpected behavior during execution.
  • Link: 3dcef61
• fix: other Makefiles issues: Fix Makefile targets to properly pass commands to xargs, correct phonies, and fix git status usage.
  • Link: #2441
• fix: makefile not working: Update the Makefile to use null-delimited git ls-files to properly generate file lists for linters without throwing multiple target errors.
  • Link: #2440
• fix: Include concurrency provider in e2e tests: Include the concurrency provider in the conditional logic so the gosmee client executes properly for it.
  • Link: b51bedb
• fix: Show error and fatal logs in snazy output: Ensure error and fatal logs are properly surfaced and displayed in snazy test outputs.
  • Link: #2434
• fix(gitlab): enable skip-CI for merge requests: Fix skip-CI detection for GitLab merge requests by properly populating the SHAMessage during payload parsing.
  • Link: #2405
  • Jira: SRVKP-10440

📚 Documentation Updates

• docs(cel): clarify tech preview status and output differences: Add documentation to set expectations that the CEL evaluator is a tech preview and may beh...

v0.37.7

Pipelines as Code version v0.37.7

OpenShift Pipelines as Code v0.37.7 has been released 🥳

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.37.7/release.yaml

Kubernetes

kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.37.7/release.k8s.yaml

Documentation

The documentation for this release is available here :

https://release-v0-37-7.pipelines-as-code.pages.dev

Changelog

• 02b3041: Release yaml generated from 1936d60 for release v0.37.6 ( <>)
• 6e36620: fix: Handle non-http(s) URLs in assembleTaskFQDNs (@chmouel)