###Issue :

Customer has linked multiple repo credentials secrets to the default pipeline SA as below and using same SA to run the pipeline.

kind: ServiceAccount
apiVersion: v1
metadata:
  name: pipeline
  namespace: test
  ....
  ....
secrets: 
  - name: bitbucket-credentials                       <----
  - name: bitbucket-k8s-demo-apps-token    <----

Upon running pipeline with different repositories, only the pipeline and clone task is getting succeeded which has the repository for which secret is linked first or placed first in the Service Account .yaml and rest other pipelineruns for other repositories are getting failed with below error :

[git-clone : prepare-and-run] {"level":"fatal","ts":1762154718.0820365,"caller":"git-init/main.go:53","msg":"Error fetching git repository: failed to fetch [master]: exit status 128","stacktrace":"main.main\n\t/go/src/github.com/tektoncd-catalog/git-clone/image/git-init/main.go:53\nruntime.main\n\t/usr/lib/golang/src/runtime/proc.go:283"}

failed to get logs for task git-clone : container step-prepare-and-run has failed  : [{"key":"StartedAt","value":"2025-11-03T07:25:16.984Z","type":3}]

Is it a expected behavior ? Also Is it supported approach to link the multiple repo-secrets to the default `pipeline` Service Account (SA) and then use that SA for the PipelineRuns ?

If its supported, The `repo-secrets` linked to the Service Account should be automatically checked and match the repository URL used in `git-clone` task and same should be used based on the `tekton.dev/git-*` annotation in repo-secret, right ?

###Env -

RHOCP - 4.18.22
Red Hat OpenShift Pipelines - 1.20.0

*###Additional Info : *

Similar issue has been reported on JIRA SRVKP-7882 which mentions SSH authentication only. However in this case, customer is using `basic-auth`.