fix(gitlab): update /ok-to-test status to success for GitLab

[zakisk]

Similar to Forgejo, GitLab also leaves the "pending approval" commit status in a pending state after /ok-to-test is posted on an unauthorized user's PR. This extends the existing fix to also update that status to success for GitLab, indicating the approval was successful before pipelines start running.

Also adds an e2e test for this flow and refactors GitLab test helpers to support private/public project visibility and shared commit status utilities.

https://redhat.atlassian.net/browse/SRVKP-11156

📝 Description of the Change

🔗 Linked GitHub Issue

Fixes #

🧪 Testing Strategy

• Unit tests
• Integration tests
• End-to-end tests
• Manual testing
• Not Applicable

🤖 AI Assistance

AI assistance can be used for various tasks, such as code generation,
documentation, or testing.

Please indicate whether you have used AI assistance
for this PR and provide details if applicable.

• I have not used any AI assistance for this PR.
• I have used AI assistance for this PR.

Important

Slop will be simply rejected, if you are using AI assistance you need to make sure you
understand the code generated and that it meets the project's standards. you
need at least know how to run the code and deploy it (if needed). See
startpaac to make it easy
to deploy and test your code changes.

If the majority of the code in this PR was generated by an AI, please add a Co-authored-by trailer to your commit message.
For example:

Co-authored-by: Claude noreply@anthropic.com

✅ Submitter Checklist

• 📝 My commit messages are clear, informative, and follow the project's How to write a git commit message guide. The Gitlint linter ensures in CI it's properly validated
• ✨ I have ensured my commit message prefix (e.g., fix:, feat:) matches the "Type of Change" I selected above.
• ♽ I have run make test and make lint locally to check for and fix any
  issues. For an efficient workflow, I have considered installing
  pre-commit and running pre-commit install to
  automate these checks.
• 📖 I have added or updated documentation for any user-facing changes.
• 🧪 I have added sufficient unit tests for my code changes.
• 🎁 I have added end-to-end tests where feasible. See README for more details.
• 🔎 I have addressed any CI test flakiness or provided a clear reason to bypass it.
• If adding a provider feature, I have filled in the following and updated the provider documentation:
  • GitHub App
  • GitHub Webhook
  • Gitea/Forgejo
  • GitLab
  • Bitbucket Cloud
  • Bitbucket Data Center

[gemini-code-assist]

Code Review

This pull request extends the /ok-to-test approval status update logic to include GitLab, ensuring that the CI status is updated to success upon approval. It introduces a new E2E test for this behavior and refactors GitLab test utilities to support project visibility and commit status polling. A critical bug was identified in the new WaitForGitLabCommitStatusSuccessCount helper where the success counter is not reset within the polling loop, which will lead to incorrect counts and false positives in tests.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

❌ Patch coverage is 0% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 58.81%. Comparing base (14a8e6b) to head (4114b32).

Files with missing lines	Patch %	Lines
pkg/pipelineascode/match.go	0.00%	0 Missing and 1 partial ⚠️
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2642   +/-   ##
=======================================
  Coverage   58.81%   58.81%           
=======================================
  Files         206      206           
  Lines       20308    20308           
=======================================
  Hits        11944    11944           
  Misses       7591     7591           
  Partials      773      773           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[chmouel]

this would be the same for any webhook based provider (ie not github app)

can you do some enum + function that would be abler to compare all of the webhook based one?

[zakisk]

this not true for github webhook as well, it also provides way to update the status

[zakisk]

so I think we can do !strings.Contains(p.vcx.GetConfig().Name, "github") to cover all the provider except github webhook & app.

[chmouel]

can you hold on relaunching the tests/failures, i want to use it to test why the Re-Run button fix is not working

[zakisk]

/gemini review

[gemini-code-assist]

Code Review

This pull request updates the logic for handling /ok-to-test comments to include non-GitHub providers and introduces a new E2E test for GitLab access control. It also refactors GitLab project creation and forking to support visibility settings and adds a shared helper for waiting on commit status counts. Feedback focuses on improving the reliability and maintainability of the new test helpers, specifically addressing incorrect counting logic in the shared GitLab status waiter, removing redundant local helper functions that violate naming conventions, and softening strict assertions in E2E tests to prevent flakiness.

[gemini-code-assist]

The WaitForGitLabCommitStatusCount helper has several issues that can lead to flaky or incorrect test results:

1. Incorrect Counting Logic: It uses All: true when fetching statuses, which returns the entire history. The loop then counts every historical entry matching targetStatus. If a status was retried (e.g., pending -> success -> success), it will be counted twice, even though only one unique context is successful. Removing All: true ensures GitLab only returns the latest status for each unique context.
2. Misleading Naming: The parameter minSuccessCount is used for any status (including failed or pending). It should be renamed to minCount for clarity.
3. Incomplete Validation: The targetStatus check is missing the canceled state.
4. Generic Usage: Allowing an empty targetStatus would make this helper more versatile, enabling it to replace local implementations that simply count all unique statuses.

func WaitForGitLabCommitStatusCount(ctx context.Context, client *clientGitlab.Client, logger *zap.SugaredLogger, projectID int, sha, targetStatus string, minCount int) (int, error) {
	if targetStatus != "" && targetStatus != "success" && targetStatus != "failed" && targetStatus != "pending" && targetStatus != "running" && targetStatus != "canceled" {
		return 0, fmt.Errorf("invalid target status: %s", targetStatus)
	}

	ctx, cancel := context.WithTimeout(ctx, twait.DefaultTimeout)
	defer cancel()

	var count int
	err := kubeinteraction.PollImmediateWithContext(ctx, twait.DefaultTimeout, func() (bool, error) {
		// Do not use All: true so we only get the latest status for each unique context
		statuses, _, err := client.Commits.GetCommitStatuses(projectID, sha, &clientGitlab.GetCommitStatusesOptions{})
		if err != nil {
			return false, err
		}
		logger.Infof("Current GitLab commit status count: %d (waiting for at least %d)", len(statuses), minCount)
		currentCount := 0
		for _, status := range statuses {
			if targetStatus == "" || status.Status == targetStatus {
				currentCount++
			}
		}

		if currentCount >= minCount {
			count = currentCount
			return true, nil
		}
		return false, nil
	})
	return count, err
}

[gemini-code-assist]

This local helper waitForGitLabCommitStatusCount is redundant now that a shared implementation WaitForGitLabCommitStatusCount has been added to test/pkg/gitlab/wait.go. To improve maintainability and avoid logic drift, please remove this local version and update the callers to use the shared helper (passing an empty string for targetStatus if all statuses should be counted). Additionally, the current function name violates the repository rule that test-related functions must use PascalCase and not contain underscores.

References

1. Test function names must use PascalCase and must not contain any underscores.

[gemini-code-assist]

Using a strict equality check (== 2) for commit status counts can make E2E tests flaky if there are unexpected statuses (e.g., from GitLab's built-in CI or other integrations). It is generally safer to assert that the count is at least the expected value.

Suggested change

	assert.Assert(t, sourceStatusCount == 2, "expected 2 success commit status on fork, got %d", sourceStatusCount)
	assert.Assert(t, sourceStatusCount >= 2, "expected at least 2 success commit status on fork, got %d", sourceStatusCount)

[chmouel]

/lgtm

[pipelines-as-code]

Congrats @zakisk your PR Has been approved 🎉

✅ Pull Request Approved

Approval Status:

• Required Approvals: 1
• Current Approvals: 1

👥 Reviewers Who Approved:

Reviewer	Permission Level	Approval Status
@chmouel	admin	✅

📝 Next Steps

• Ensure all required checks pass
• Comply with branch protection rules
• Request a maintainer to merge using the /merge command (or merge it
  directly if you have repository permission).

Automated by the PAC Boussole 🧭