fix: recover fork PR re-runs when GitHub omits PR metadata

[chmouel]

When GitHub receives a Re-run request for a Pipelines as Code check tied to a pull request from a fork, the webhook payload can omit the usual pull request metadata. PAC could already recover by looking up pull requests for the head SHA, but fork PRs still failed when GitHub's commits/{sha}/pulls API returned no matches.

This change makes rerequest handling more resilient and keeps the selection rules safe:

• check_run rerequests now honor pull request data attached directly to the event when GitHub provides it
• if the commit lookup API returns no open PR, PAC falls back to listing open pull requests and matching by head SHA so fork PR rerequests can still resolve
• the SHA fallback now preserves the existing ambiguity guard and fails if more than one open PR shares the same head SHA instead of picking one arbitrarily
• tests now cover the direct-event path, fork fallback success, missing-PR failures, and the ambiguous fallback regression

📝 Description of the Change

Improve GitHub rerequest PR resolution so fork pull requests can be recovered safely even when GitHub omits PR metadata or the commit lookup API returns no match.

🔗 Linked GitHub Issue

Not linked.

🧪 Testing Strategy

• Unit tests
• Integration tests
• End-to-end tests
• Manual testing
• Not Applicable

Ran:

• go test ./pkg/provider/github

🤖 AI Assistance

• I have not used any AI assistance for this PR.
• I have used AI assistance for this PR.

AI assistance was used to help draft and refine the code change, tests, and PR description. The resulting changes were reviewed and validated with the package test run above.

✅ Submitter Checklist

• 📝 My commit messages are clear, informative, and follow the project's How to write a git commit message guide. The Gitlint linter ensures in CI it's properly validated
• ✨ I have ensured my commit message prefix (e.g., fix:, feat:) matches the "Type of Change" I selected above.
• ♽ I have run make test and make lint locally to check for and fix any
  issues. For an efficient workflow, I have considered installing
  pre-commit and running pre-commit install to
  automate these checks.
• 📖 I have added or updated documentation for any user-facing changes.
• 🧪 I have added sufficient unit tests for my code changes.
• 🎁 I have added end-to-end tests where feasible. See README for more details.
• 🔎 I have addressed any CI test flakiness or provided a clear reason to bypass it.
• If adding a provider feature, I have filled in the following and updated the provider documentation:
  • GitHub App
  • GitHub Webhook
  • Gitea/Forgejo
  • GitLab
  • Bitbucket Cloud
  • Bitbucket Data Center

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

❌ Patch coverage is 96.00000% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 58.94%. Comparing base (c9be9d6) to head (6ecab48).

Files with missing lines	Patch %	Lines
pkg/provider/github/parse_payload.go	96.00%	2 Missing and 1 partial ⚠️
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2655      +/-   ##
==========================================
+ Coverage   58.85%   58.94%   +0.08%     
==========================================
  Files         204      204              
  Lines       20149    20193      +44     
==========================================
+ Hits        11859    11903      +44     
  Misses       7525     7525              
  Partials      765      765              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[gemini-code-assist]

Code Review

This pull request introduces a fallback mechanism to resolve pull requests by SHA when the standard commit API fails, which is particularly useful for fork PRs. It also adds logic to extract pull request information directly from the check_run event. Feedback focuses on ensuring consistency and handling ambiguity when multiple pull requests might match a single SHA or check run, suggesting the use of existing helper functions to validate that only a single open pull request is processed.

[chmouel]

tested on dogfooding as working

[zakisk]

can we call the findOpenPullRequestBySHA only if its fork because if its not fork and there is no matching PRs as well then it would be just redundant API calls! (hint: event.pull_request.head.fork)

[zakisk]

is it certain here that first PR would be the exact PR where rerun is made?

[chmouel]

there is no guarantee enough to keep using PullRequests[0] blindly, so I added a small guard for this path.

check_run.pull_requests now fails fast if GitHub gives us more than one associated PR in the webhook payload instead of guessing.

[zakisk]

check_run.pull_requests now fails fast if GitHub gives us more than one associated PR in the webhook payload instead of guessing.

you're going to add or you did it? I don't see anything?

[zakisk]

Suggested change

	if len(checkSuite.PullRequests) > 0 {
	runevent.PullRequestNumber = checkSuite.PullRequests[0].GetNumber()
	runevent.TriggerTarget = triggertype.PullRequest
	v.Logger.Infof("Recheck of PR %s/%s#%d has been requested", runevent.Organization, runevent.Repository, runevent.PullRequestNumber)
	return v.getPullRequest(ctx, runevent)
	}

[zakisk]

you can delete this as you're already doing this on line 557 below