From 9dcbe1960b4fd16cf2b14a3cb8206adf4d253717 Mon Sep 17 00:00:00 2001
From: savitaashture <sashture@redhat.com>
Date: Thu, 16 May 2024 21:01:58 +0530
Subject: [PATCH] Fix secret generation issue when GitOps comments are executed
 on commits

This update corrects the creation of an auto-generated
secret that previously had an invalid or missing value
for git-provider-token key

Signed-off-by: Savita Ashture <sashture@redhat.com>
---
 pkg/provider/github/parse_payload.go | 17 +++++++++++------
 test/github_push_retest_test.go      |  9 +++++++++
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/pkg/provider/github/parse_payload.go b/pkg/provider/github/parse_payload.go
index 905826b3d..bbf893a59 100644
--- a/pkg/provider/github/parse_payload.go
+++ b/pkg/provider/github/parse_payload.go
@@ -14,15 +14,14 @@ import (
 	ghinstallation "github.com/bradleyfalzon/ghinstallation/v2"
 	oGitHub "github.com/google/go-github/v60/github"
 	"github.com/google/go-github/v61/github"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/client-go/kubernetes"
-
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/apis/pipelinesascode/keys"
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/opscomments"
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/params"
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/params/info"
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/params/triggertype"
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/provider"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
 )
 
 // GetAppIDAndPrivateKey retrieves the GitHub application ID and private key from a secret in the specified namespace.
@@ -30,7 +29,7 @@ import (
 // It returns the application ID (int64), private key ([]byte), and an error if any.
 func (v *Provider) GetAppIDAndPrivateKey(ctx context.Context, ns string, kube kubernetes.Interface) (int64, []byte, error) {
 	paramsinfo := &v.Run.Info
-	secret, err := kube.CoreV1().Secrets(ns).Get(ctx, paramsinfo.Controller.Secret, v1.GetOptions{})
+	secret, err := kube.CoreV1().Secrets(ns).Get(ctx, paramsinfo.Controller.Secret, metav1.GetOptions{})
 	if err != nil {
 		return 0, []byte{}, fmt.Errorf("could not get the secret %s in ns %s: %w", paramsinfo.Controller.Secret, ns, err)
 	}
@@ -250,7 +249,10 @@ func (v *Provider) processEvent(ctx context.Context, event *info.Event, eventInt
 		if v.Client == nil {
 			return nil, fmt.Errorf("gitops style comments operation is only supported with github apps integration")
 		}
-		return v.handleCommitCommentEvent(ctx, gitEvent)
+		processedEvent, err = v.handleCommitCommentEvent(ctx, gitEvent)
+		if err != nil {
+			return nil, err
+		}
 	case *github.PushEvent:
 		processedEvent.Organization = gitEvent.GetRepo().GetOwner().GetLogin()
 		processedEvent.Repository = gitEvent.GetRepo().GetName()
@@ -293,7 +295,10 @@ func (v *Provider) processEvent(ctx context.Context, event *info.Event, eventInt
 		return nil, errors.New("this event is not supported")
 	}
 
-	processedEvent.TriggerTarget = event.TriggerTarget
+	// check before overriding the value for TriggerTarget
+	if processedEvent.TriggerTarget == "" {
+		processedEvent.TriggerTarget = event.TriggerTarget
+	}
 	processedEvent.Provider.Token = event.Provider.Token
 
 	return processedEvent, nil
diff --git a/test/github_push_retest_test.go b/test/github_push_retest_test.go
index 7e26d9e21..7ab887467 100644
--- a/test/github_push_retest_test.go
+++ b/test/github_push_retest_test.go
@@ -9,6 +9,7 @@ import (
 	"testing"
 
 	"github.com/google/go-github/v61/github"
+	"github.com/openshift-pipelines/pipelines-as-code/pkg/apis/pipelinesascode/keys"
 	"github.com/openshift-pipelines/pipelines-as-code/test/pkg/cctx"
 	tgithub "github.com/openshift-pipelines/pipelines-as-code/test/pkg/github"
 	twait "github.com/openshift-pipelines/pipelines-as-code/test/pkg/wait"
@@ -58,6 +59,14 @@ func TestGithubPushRequestGitOpsCommentRetest(t *testing.T) {
 	pruns, err = g.Cnx.Clients.Tekton.TektonV1().PipelineRuns(g.TargetNamespace).List(ctx, metav1.ListOptions{})
 	assert.NilError(t, err)
 	assert.Equal(t, len(pruns.Items), 4)
+
+	for i := range pruns.Items {
+		sData, err := g.Cnx.Clients.Kube.CoreV1().Secrets(g.TargetNamespace).Get(ctx, pruns.Items[i].GetAnnotations()[keys.GitAuthSecret], metav1.GetOptions{})
+		assert.NilError(t, err)
+		assert.Assert(t, string(sData.Data["git-provider-token"]) != "")
+		assert.Assert(t, string(sData.Data[".git-credentials"]) != "")
+		assert.Assert(t, string(sData.Data[".gitconfig"]) != "")
+	}
 }
 
 func TestGithubPushRequestGitOpsCommentCancel(t *testing.T) {