fix(github-webhook): clear pending check on ok-to-test

When using GitHub Webhook, the pending check run created for
unauthorized PRs was never resolved after an admin commented
/ok-to-test, leaving it stuck indefinitely.

https://redhat.atlassian.net/browse/SRVKP-11789

Signed-off-by: Zaki Shaikh <zashaikh@redhat.com>

Author: zakisk

pkg/pipelineascode/match.go

@@ -124,7 +124,9 @@ func (p *PacRun) verifyRepoAndUser(ctx context.Context) (*v1alpha1.Repository, e
 		}
 		// When /ok-to-test is approved, update the parent "Pipelines as Code CI" status to success
 		// to indicate the approval was successful before pipelines start running.
-		if p.event.EventType == opscomments.OkToTestCommentEventType.String() && !strings.Contains(p.vcx.GetConfig().Name, "github") {
+		// we only do this for all providers except github apps since github apps use the checkRun API to update the status
+		// checking installationID is <= 0 because sometime it's set to -1
+		if p.event.EventType == opscomments.OkToTestCommentEventType.String() && p.event.InstallationID <= 0 {
 			approvalStatus := providerstatus.StatusOpts{
 				Status:     CompletedStatus,
 				Title:      "Approved",

pkg/pipelineascode/match_test.go

@@ -4,7 +4,9 @@ import (
 	"crypto/hmac"
 	"crypto/sha256"
 	"encoding/hex"
+	"encoding/json"
 	"fmt"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
@@ -752,6 +754,36 @@ func TestVerifyRepoAndUser(t *testing.T) {
 			wantRepoNil:   false,
 			wantErr:       false,
 		},
+		{
+			name: "happy path with ok-to-test comment status reporting",
+			runevent: info.Event{
+				Organization:  "owner",
+				Repository:    "repo",
+				URL:           "https://example.com/owner/repo",
+				SHA:           "123abc",
+				EventType:     opscomments.OkToTestCommentEventType.String(),
+				TriggerTarget: triggertype.PullRequest,
+				Sender:        "owner",
+				Request:       request,
+			},
+			repositories: []*v1alpha1.Repository{{
+				ObjectMeta: metav1.ObjectMeta{Name: "repo", Namespace: "ns"},
+				Spec: v1alpha1.RepositorySpec{
+					URL: "https://example.com/owner/repo",
+					GitProvider: &v1alpha1.GitProvider{
+						Secret: &v1alpha1.Secret{
+							Name: "secret",
+						},
+						WebhookSecret: &v1alpha1.Secret{
+							Name: "webhook-secret",
+						},
+					},
+				},
+			}},
+			webhookSecret: "secret",
+			wantRepoNil:   false,
+			wantErr:       false,
+		},
 	}
 
 	pacInfo := &info.PacOpts{Settings: settings.DefaultSettings()}
@@ -786,14 +818,23 @@ func TestVerifyRepoAndUser(t *testing.T) {
 			// status endpoint stub (used when CreateStatus is called)
 			mux.HandleFunc(
 				fmt.Sprintf("/repos/%s/%s/statuses/%s", tt.runevent.Organization, tt.runevent.Repository, tt.runevent.SHA),
-				func(rw http.ResponseWriter, _ *http.Request) { fmt.Fprint(rw, `{}`) },
+				func(rw http.ResponseWriter, r *http.Request) {
+					body, _ := io.ReadAll(r.Body)
+					a := struct {
+						State string `json:"state"`
+					}{}
+					err := json.Unmarshal(body, &a)
+					assert.NilError(t, err)
+					assert.Equal(t, a.State, "success")
+					fmt.Fprint(rw, `{}`)
+				},
 			)
 
 			vcx := &ghprovider.Provider{Token: github.Ptr("token"), Logger: logger}
 			vcx.SetGithubClient(ghClient)
 			vcx.SetPacInfo(pacInfo)
 
-			k8int := &kitesthelper.KinterfaceTest{GetSecretResult: map[string]string{"pipelines-as-code-secret": tt.webhookSecret}}
+			k8int := &kitesthelper.KinterfaceTest{GetSecretResult: map[string]string{"pipelines-as-code-secret": tt.webhookSecret, "secret": "token", "webhook-secret": "secret"}}
 
 			stdata, _ := testclient.SeedTestData(t, ctx, testclient.Data{Repositories: tt.repositories /*Secret: []*corev1.Secret{secret}*/})
 			in := info.NewInfo()