Story (Required)

As a developer using Konflux/Pipelines as Code trying to use `ImageDigestMirrorSet` within the `.tekton` directory I want the PaC bot to correctly parse non-Tekton CRs and not post misleading "PipelineRun failure" comments on my pull requests, so that I can focus on actual pipeline issues.

This story aims to stop the misleading "PipelineRun failure for ImageDigestMirrorSet" comments that the Pipelines as Code (PaC) bot posts on Pull Requests. These comments cause confusion for developers as they appear even when the actual CI jobs are passing. Resolving this will improve the developer experience by reducing false alarms and unnecessary noise, allowing users to concentrate on genuine pipeline failures.

Background (Required)

Pipelines as Code (PaC) was recently updated to provide user-facing comments on Pull Requests when it detects issues parsing PipelineRuns. Users of Konflux are observing "PipelineRun failure for ImageDigestMirrorSet (Caution alert)" comments from the PaC bot on their PRs. These comments appear specifically when an `ImageDigestMirrorSet` file (e.g., `.tekton/images-mirror-set.yaml`) is present in the `.tekton` directory.

The problem is that these comments appear even when the actual CI jobs are succeeding, leading to confusion and unnecessary noise for developers. The root cause has been identified as PaC's parsing logic, which is opinionated that the `.tekton` directory should only contain Tekton CRs and incorrectly attempts to parse `ImageDigestMirrorSet` (a non-Tekton CR) as a PipelineRun.

An initial fix was implemented (https://github.com/openshift-pipelines/pipelines-as-code/pull/2147, tracked in SRVKP-7906 and KONFLUX-8864). However, despite these tickets being closed as verified/duplicate, the misleading comments continue to appear, indicating that the fix may not be fully deployed or effective in all scenarios.

Out of scope

• Redesigning existing Konflux tasks (e.g., `fips-operator-bundle-check-oci-ta`) to move `ImageDigestMirrorSet` files out of the `.tekton` directory.
• Changing the fundamental behavior of PaC to comment on actual PipelineRun failures or legitimate parsing errors.

  Approach (Required)

1. *Investigate Fix Deployment/Effectiveness:* Determine why the previous fix (https://github.com/openshift-pipelines/pipelines-as-code/pull/2147, SRVKP-7906) has not fully resolved the issue, specifically regarding its deployment status in Konflux environments.
2. *Identify Remaining Scenarios:* Analyze if there are other code paths or parsing scenarios within Pipelines as Code that still lead to the incorrect identification and commenting for `ImageDigestMirrorSet` files.
3. *Implement Robust Solution:* Implement a durable solution within Pipelines as Code to correctly identify and ignore non-Tekton CRs like `ImageDigestMirrorSet` when parsing the `.tekton` directory. This should prevent them from being mistakenly identified as PipelineRuns or causing parsing errors that trigger bot comments.
4. *Deployment & Verification:* Ensure the new or refined fix is properly deployed to all relevant Konflux/PaC environments and verified to have suppressed the misleading comments.

Dependencies

• Pipelines as Code team for potential code changes, review, and deployment.
• Konflux operations team for deployment of updated PaC versions to production environments.

Acceptance Criteria (Mandatory)

• *AC1:* GIVEN a Pull Request contains an `ImageDigestMirrorSet` CR in the `.tekton` directory (e.g., `.tekton/images-mirror-set.yaml`) AND the PR passes all its CI checks without actual PipelineRun failures
  WHEN the PaC bot processes the PR
  THEN the PaC bot MUST NOT post any "PipelineRun failure for ImageDigestMirrorSet (Caution alert)" or similar misleading comments related to the `ImageDigestMirrorSet` file.
• *AC2:* GIVEN a Pull Request contains a legitimate PipelineRun parsing error (i.e., not related to `ImageDigestMirrorSet` or other expected non-Tekton CRs)
  WHEN the PaC bot processes the PR
  THEN the PaC bot MUST still post relevant comments indicating the PipelineRun parsing issue.
• *AC3:* Verification that the fix is deployed to Konflux and the misleading comments have ceased for affected repositories (e.g., https://github.com/stackrox/operator-index/, https://github.com/openshift-kni/lifecycle-agent/)

INVEST Checklist

Dependencies identified

Blockers noted and expected delivery timelines set

Design is implementable

Acceptance criteria agreed upon

Story estimated

Legend

Unknown

Verified

Unsatisfied

Done Checklist

• Code is completed, reviewed, documented and checked in
• Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
• Continuous Delivery pipeline(s) is able to proceed with new code included
• Customer facing documentation, API docs etc. are produced/updated, reviewed and published
• Acceptance criteria are met
  ```