test(gitlab): use push SHA to avoid stale MR API

[theakshaypant]

📝 Description of the Change

GitLab's GetMergeRequest API may return stale SHA after force push. Use SHA from PushFilesToRefGit directly instead.

Using evidence from failed TestGitlabConsistentCommitStatusOnMR on another PR.

Problem

TestGitlabConsistentCommitStatusOnMR was intermittently failing with:

    check.go:53: assertion failed: c48223c8f927eaea6a7b24e75afc91d537cfe472 (sopt.SHA string) != 4d9a63530d98ca27ac81561bc69728afee6ea5e5 (laststatus.SHA string)

Root Cause Hypothesis

After a force push, the test called GetMergeRequest to fetch the updated MR SHA. However, GitLab's API returns a stale SHA before GitLab has finished processing the push webhook internally.

Evidence from logs:

1. First push (SHA1 = c48223c8) - PipelineRun created:

{
  "level": "info",
  "ts": "2026-02-05T12:49:52.833Z",
  "logger": "pipelinesascode",
  "caller": "pipelineascode/pipelineascode.go:294",
  "msg": "PipelineRun always-good-pipelinerun-kwq8h has been created in namespace pac-e2e-ns-bd244 with status  for SHA: c48223c8f927eaea6a7b24e75afc91d537cfe472 Target Branch: main",
  "commit": "2612189",
  "provider": "gitlab",
  "event-id": "7d06e227c2e926fab7b1be100b49a29e",
  "event-sha": "c48223c8f927eaea6a7b24e75afc91d537cfe472",
  "event-type": "Merge Request",
  "source-repo-url": "https://gitlab.com/openshift-pipelines/pipelines-as-code-e2e-tests",
  "target-branch": "main",
  "source-branch": "pac-e2e-test-sx66l",
  "namespace": "pac-e2e-ns-bd244"
}

2. Second push (SHA2 = 4d9a6353) - Two PipelineRuns created:

{
  "level": "info",
  "ts": "2026-02-05T12:50:19.039Z",
  "logger": "pipelinesascode",
  "caller": "pipelineascode/pipelineascode.go:294",
  "msg": "PipelineRun always-good-pipelinerun-n6h9m has been created in namespace pac-e2e-ns-bd244 with status  for SHA: 4d9a63530d98ca27ac81561bc69728afee6ea5e5 Target Branch: main",
  "commit": "2612189",
  "provider": "gitlab",
  "event-id": "b7397934527619697327ff4125c61e96",
  "event-sha": "4d9a63530d98ca27ac81561bc69728afee6ea5e5",
  "event-type": "Merge Request",
  "source-repo-url": "https://gitlab.com/openshift-pipelines/pipelines-as-code-e2e-tests",
  "target-branch": "main",
  "source-branch": "pac-e2e-test-sx66l",
  "namespace": "pac-e2e-ns-bd244"
}

{
  "level": "info",
  "ts": "2026-02-05T12:50:19.039Z",
  "logger": "pipelinesascode",
  "caller": "pipelineascode/pipelineascode.go:294",
  "msg": "PipelineRun bad-converts-good-pipelinerun-r6mbf has been created in namespace pac-e2e-ns-bd244 with status  for SHA: 4d9a63530d98ca27ac81561bc69728afee6ea5e5 Target Branch: main",
  "commit": "2612189",
  "provider": "gitlab",
  "event-id": "b7397934527619697327ff4125c61e96",
  "event-sha": "4d9a63530d98ca27ac81561bc69728afee6ea5e5",
  "event-type": "Merge Request",
  "source-repo-url": "https://gitlab.com/openshift-pipelines/pipelines-as-code-e2e-tests",
  "target-branch": "main",
  "source-branch": "pac-e2e-test-sx66l",
  "namespace": "pac-e2e-ns-bd244"
}

The test expected c48223c8 (which came from mr.SHA after GetMergeRequest), but PAC correctly processed 4d9a6353 (the actual new SHA). This proves GetMergeRequest returned the old SHA before GitLab updated its internal MR state.

Timeline of the race:

Test pushes SHA2 ──► GitLab receives push ──► GitLab updates MR (async)
        │                                              │
        └──► Test calls GetMergeRequest ◄──────────────┘
                      │                        (race window)
                      ▼
              Returns stale SHA1!

Fix

Use the SHA returned directly from PushFilesToRefGit instead of fetching it from GitLab's API:
As we can see form the assertion failure that sopts.SHA is stale (SHA1) which is fetched using the gitlab client

    check.go:53: assertion failed: c48223c8f927eaea6a7b24e75afc91d537cfe472 (sopt.SHA string) != 4d9a63530d98ca27ac81561bc69728afee6ea5e5 (laststatus.SHA string)

Why This Works

The local git rev-parse HEAD SHA is computed from the commit content before pushing. Since Git SHAs are deterministic, the remote will have exactly the same SHA once the push completes.

Additional Benefit

This also removes an unnecessary API call to GitLab, making the test slightly faster.

👨🏻‍ Linked Jira

N/A

🔗 Linked GitHub Issue

N/A

🚀 Type of Change

• 🐛 Bug fix (fix:)
• ✨ New feature (feat:)
• 💥 Breaking change (feat!:, fix!:)
• 📚 Documentation update (docs:)
• ⚙️ Chore (chore:)
• 💅 Refactor (refactor:)
• 🔧 Enhancement (enhance:)
• 📦 Dependency update (deps:)

🧪 Testing Strategy

• Unit tests
• Integration tests
• End-to-end tests
• Manual testing
• Not Applicable

🤖 AI Assistance

• I have not used any AI assistance for this PR.
• I have used AI assistance for this PR.

If you have used AI assistance, please provide the following details:

Which LLM was used?

• GitHub Copilot
• ChatGPT (OpenAI)
• Claude (Anthropic)
• Cursor
• Gemini (Google)
• Other: ____________

Extent of AI Assistance:

• Documentation and research only
• Unit tests or E2E tests only
• Code generation (parts of the code)
• Full code generation (most of the PR)
• PR description and comments
• Commit message(s)

Important

If the majority of the code in this PR was generated by an AI, please add a Co-authored-by trailer to your commit message.
For example:

Co-authored-by: Gemini gemini@google.com
Co-authored-by: ChatGPT noreply@chatgpt.com
Co-authored-by: Claude noreply@anthropic.com
Co-authored-by: Cursor noreply@cursor.com
Co-authored-by: Copilot Copilot@users.noreply.github.com

**💡You can use the script ./hack/add-llm-coauthor.sh to automatically add
these co-author trailers to your commits.

✅ Submitter Checklist

• 📝 My commit messages are clear, informative, and follow the project's How to write a git commit message guide. The Gitlint linter ensures in CI it's properly validated
• ✨ I have ensured my commit message prefix (e.g., fix:, feat:) matches the "Type of Change" I selected above.
• ♽ I have run make test and make lint locally to check for and fix any
  issues. For an efficient workflow, I have considered installing
  pre-commit and running pre-commit install to
  automate these checks.
• 📖 I have added or updated documentation for any user-facing changes.
• 🧪 I have added sufficient unit tests for my code changes.
• 🎁 I have added end-to-end tests where feasible. See README for more details.
• 🔎 I have addressed any CI test flakiness or provided a clear reason to bypass it.
• If adding a provider feature, I have filled in the following and updated the provider documentation:
  • GitHub App
  • GitHub Webhook
  • Gitea/Forgejo
  • GitLab
  • Bitbucket Cloud
  • Bitbucket Data Center

[pipelines-as-code]

🔍 PR Lint Feedback

Note: This automated check helps ensure your PR follows our contribution guidelines.

⚠️ Items that need attention:

🎫 Jira reference

Add a Jira reference in the description using one of the following formats:

• https://issues.redhat.com/browse/SRVKP-<number>

If no SRVKP ticket exists yet, link a GitHub issue instead (e.g., Fixes #123).
Minor housekeeping PRs without Jira coverage can skip this after confirming with reviewers.

---

🤖 AI attribution

The following commits lack an explicit AI attribution footer:

• 1674df1 test(gitlab): use push SHA to avoid stale MR API

If no AI assistance was used for a commit, you can ignore this warning.
Otherwise add an Assisted-by: or Co-authored-by: footer referencing the AI used.

---

ℹ️ Next Steps

• Review and address the items above
• Push new commits to update this PR
• This comment will be automatically updated when issues are resolved

🔧 Admin Tools (click to expand)

Automated Issue/Ticket Creation:

• /issue-create - Generate a GitHub issue from this PR content using AI
• /jira-create - Create a SRVKP Jira ticket from this PR content using AI

⚠️ Important: Always review and edit generated content before finalizing tickets/issues.
The AI-generated content should be used as a starting point and may need adjustments.

These commands are available to maintainers and will post the generated content as PR comments for review.

_{🤖 This feedback was generated automatically by the PR CI system}

[gemini-code-assist]

Summary of Changes

Hello @theakshaypant, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses an intermittent failure in the TestGitlabConsistentCommitStatusOnMR test due to GitLab's API returning stale SHAs after a force push. By using the SHA returned directly from PushFilesToRefGit, the PR ensures consistency and removes an unnecessary API call, improving test reliability and performance.

Highlights

• Stale SHA Issue: The GitLab GetMergeRequest API may return a stale SHA after a force push, leading to inconsistencies in PipelineRun creation.
• Root Cause Analysis: The test TestGitlabConsistentCommitStatusOnMR intermittently failed because GetMergeRequest returned an outdated SHA before GitLab fully processed the push webhook.
• Fix Implementation: The fix replaces fetching the SHA from GetMergeRequest with the SHA returned directly from PushFilesToRefGit, ensuring the correct SHA is used.
• Performance Improvement: This change also removes an unnecessary API call to GitLab, slightly improving test execution speed.

Changelog

• test/gitlab_merge_request_test.go
  • Replaced mr.SHA with newSHA from PushFilesToRefGit to avoid stale SHA from GitLab API.
  • Removed call to GetMergeRequest to fetch the updated MR SHA.

Activity

• The PR addresses a bug identified in the TestGitlabConsistentCommitStatusOnMR test.
• The author, theakshaypant, has provided a detailed description of the problem, root cause, and solution.
• The PR includes a testing strategy and indicates the use of AI assistance for the PR description and comments.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request addresses a flaky test in the GitLab integration by avoiding a race condition when fetching the merge request SHA after a force push. The change correctly uses the locally generated SHA from the push operation instead of relying on the potentially stale data from the GitLab API.

My review identifies a critical issue where the fix is incomplete, leaving subsequent test assertions to use the old, stale SHA, which would break the test. The provided code suggestion fully corrects this.