Update module github.com/tektoncd/pipeline to v1.12.1 (main)

[red-hat-konflux]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/tektoncd/pipeline	v1.12.0 → v1.12.1

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

tektoncd/pipeline (github.com/tektoncd/pipeline)

v1.12.1: Tekton Pipeline release v1.12.1 "Exotic Shorthair Elektrobots LTS"

Compare Source

-Docs @​ v1.12.1
-Examples @​ v1.12.1

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.12.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a9cfc575e256441da4223e4767ebb840a62e4b5ad18ed6219842a81686a4a8586

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a9cfc575e256441da4223e4767ebb840a62e4b5ad18ed6219842a81686a4a8586
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.12.1/release.yaml
REKOR_UUID=108e9186e8c5677a9cfc575e256441da4223e4767ebb840a62e4b5ad18ed6219842a81686a4a8586

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.12.1@​sha256:" + .digest.sha256')

# Download the release file
curl -L "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [cherry-pick: release-v1.12.x] fix(resolvers): Allow ResolutionRequests to resolve all Tekton kinds (#​10252)

efore this change, ResolutionRequests could only resolve Pipelines, Tasks, and StepActions. After this change, ResolutionRequests can resolve PipelineRuns, Pipelines, TaskRuns, Tasks, Runs, CustomRuns, and StepActions.

• 🐛 [cherry-pick: release-v1.12.x] fix: TaskRun stuck in Running when init container is OOMKilled with enableKubernetesSidecar (#​10186)

ix: TaskRun no longer gets stuck in Running when an init container (e.g. prepare) is OOMKilled while enableKubernetesSidecar is enabled. The TaskRun is now correctly marked as Failed immediately.

• 🐛 [cherry-pick: release-v1.12.x] Fix cross-arch platform command lookup in entrypoint (#​10164)

ix entrypoint command lookup when controller and worker nodes run on different CPU architectures (e.g., ARM controller with AMD64 workloads). The controller's CPU variant was leaking into TEKTON_PLATFORM_COMMANDS keys via platforms.NewPlatform(), causing "could not find command for platform" errors on worker nodes of a different architecture.

• 🐛 [cherry-pick: release-v1.12.x] fix: truncate affinity assistant volume names to 63 characters (#​10137)

ffinity assistant StatefulSet no longer fails when workspace volumeClaimTemplate names exceed 63 characters. Long volume names are now automatically truncated with a hash suffix to stay within the Kubernetes limit.

• 🐛 [cherry-pick: release-v1.12.x] fix(pipelinerun): use generateName for anonymous pipeline label (#​10079)

Previously, TaskRuns' tekton.dev/pipeline label for anonymous Pipelines would use their PipelineRun's name in their tekton.dev/pipeline label and pipeline metrics tag. After this change, TaskRun and PipelineRun which are created from anonymous Pipelines now reference a sanitized metadata.generateName, when present, for the label tekton.dev/pipeline. Similarly, these TaskRruns and PipelineRuns will populate their respective metrics' pipeline tag with the sanitized generateName instead of using anonymous.

• 🐛 [release-v1.12.x] Fix gen-crd-api-reference-docs require to use fetchable version (#​10001)

ix gen-crd-api-reference-docs go.mod require to use a fetchable upstream version, fixing module resolution failures for downstream consumers.

• 🐛 [cherry-pick: release-v1.12.x] fix(resolvers): validate data is Tekton object in resolver framework (#​9963)

Fixes a bug which lets Tekton Resolvers resolve non-tekton objects and arbitrary data. After this change, resolving a non-tekton object causes the ResolutionRequest to fail.
Action Required: Tekton Resolvers are now only permitted to resolve StepActions, Tasks, and Pipelines. Custom resolvers or ResolutionRequest which use the Resolver API for other object types will no longer function.

• 🐛 [release-v1.12.x] fix: replace symlinks with subpath params and fix Rekor UUID in release pipeline (#​10216)
• 🐛 [cherry-pick: release-v1.12.x] Fix PipelineRun premature failure when TaskRun recovers after pod eviction (#​10161)

Misc

• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​10265)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​10234)
• 🔨 build(deps): bump chainguard-dev/actions from 1.6.21 to 1.6.22 (#​10229)
• 🔨 build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#​10200)
• 🔨 build(deps): bump chainguard-dev/actions from 1.6.19 to 1.6.21 (#​10199)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​10194)
• 🔨 build(deps): bump github.com/sigstore/sigstore from 1.10.6 to 1.10.8 (#​10168)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.10.6 to 1.10.8 (#​10150)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.10.6 to 1.10.8 (#​10149)
• 🔨 build(deps): bump github.com/spiffe/spire-api-sdk from 1.14.6 to 1.14.7 (#​10148)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.10.6 to 1.10.8 (#​10147)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.10.6 to 1.10.8 (#​10146)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​10130)
• 🔨 build(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (#​10129)
• 🔨 build(deps): bump the all group across 1 directory with 4 updates (#​10094)
• 🔨 build(deps): bump step-security/harden-runner from 2.19.2 to 2.19.4 (#​10093)
• 🔨 build(deps): bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6 (#​10092)
• 🔨 build(deps): bump github/codeql-action from 4.35.4 to 4.35.5 (#​10091)
• 🔨 build(deps): bump github.com/google/go-containerregistry from 0.21.5 to 0.21.6 (#​10070)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.10.5 to 1.10.6 (#​10065)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.10.5 to 1.10.6 (#​10064)
• 🔨 build(deps): bump github.com/sigstore/sigstore from 1.10.5 to 1.10.6 (#​10063)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.10.5 to 1.10.6 (#​10062)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.10.5 to 1.10.6 (#​10061)
• 🔨 build(deps): bump step-security/harden-runner from 2.19.1 to 2.19.2 (#​10046)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​10041)
• 🔨 build(deps): bump k8s.io/apiextensions-apiserver from 0.35.4 to 0.35.5 (#​10034)
• 🔨 build(deps): bump k8s.io/client-go from 0.35.4 to 0.35.5 in /test/custom-task-ctrls/wait-task-beta (#​10023)
• 🔨 build(deps): bump github.com/jenkins-x/go-scm from 1.15.21 to 1.15.22 (#​10018)
• 🔨 build(deps): bump github.com/google/cel-go from 0.28.0 to 0.28.1 (#​10017)
• 🔨 build(deps): bump github/codeql-action from 4.35.2 to 4.35.4 (#​9994)
• 🔨 build(deps): bump chainguard/go from 7ec9277 to a4477c3 in /tekton in the all group (#​9993)
• 🔨 build(deps): bump chainguard-dev/actions from 1.6.17 to 1.6.19 (#​9983)
• 🔨 build(deps): bump step-security/harden-runner from 2.19.0 to 2.19.1 (#​9981)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​9976)

Docs

Thanks

Thanks to these contributors who contributed to v1.12.1!

• ❤️ @​app/dependabot
• ❤️ @​tekton-robot
• ❤️ @​vdemeester
• ❤️ @​waveywaves

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot
• 😍 @​vdemeester
• 😍 @​waveywaves

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: acceptance/go.sum

Command failed: go mod tidy
go: downloading github.com/otiai10/mint v1.5.1
go: downloading github.com/go-openapi/testify/v2 v2.4.1
go: downloading k8s.io/apiserver v0.35.5
go: downloading k8s.io/component-base v0.35.5
go: downloading golang.org/x/tools v0.45.0
go: downloading github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.5
go: downloading github.com/go-openapi/testify/enable/yaml/v2 v2.4.1
go: downloading github.com/google/trillian v1.7.2
go: downloading github.com/jackc/pgx/v5 v5.7.5
go: downloading github.com/sigstore/sigstore/pkg/signature/kms/aws v1.10.8
go: downloading github.com/sigstore/sigstore/pkg/signature/kms/azure v1.10.8
go: downloading github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.10.8
go: downloading github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.10.8
go: downloading go.step.sm/crypto v0.75.0
go: downloading k8s.io/cli-runtime v0.34.2
go: downloading google.golang.org/api v0.271.0
go: downloading filippo.io/edwards25519 v1.1.1
go: downloading github.com/aws/aws-sdk-go-v2 v1.41.7
go: downloading github.com/aws/aws-sdk-go-v2/config v1.32.17
go: downloading github.com/aws/aws-sdk-go-v2/service/kms v1.50.1
go: downloading cloud.google.com/go/kms v1.26.0
go: downloading go.etcd.io/etcd/client/pkg/v3 v3.6.5
go: downloading go.etcd.io/etcd/client/v3 v3.6.5
go: downloading github.com/aws/smithy-go v1.25.1
go: downloading github.com/aws/aws-sdk-go-v2/credentials v1.19.16
go: downloading github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.23
go: downloading github.com/aws/aws-sdk-go-v2/service/signin v1.0.11
go: downloading github.com/aws/aws-sdk-go-v2/service/sso v1.30.17
go: downloading github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.21
go: downloading github.com/aws/aws-sdk-go-v2/service/sts v1.42.1
go: downloading github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.23
go: downloading cloud.google.com/go/iam v1.5.3
go: downloading cloud.google.com/go/longrunning v0.8.0
go: downloading github.com/googleapis/gax-go/v2 v2.17.0
go: downloading google.golang.org/genproto v0.0.0-20260128011058-8636f8732409
go: downloading cloud.google.com/go/auth v0.18.2
go: downloading github.com/shoenig/test v0.6.4
go: downloading go.etcd.io/etcd/api/v3 v3.6.5
go: downloading github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.23
go: downloading github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.24
go: downloading github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.9
go: downloading github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.23
go: downloading github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6
go: finding module for package knative.dev/pkg/tracing/config
go: finding module for package knative.dev/pkg/metrics
go: github.com/conforma/cli/acceptance/kubernetes/kind imports
	github.com/tektoncd/cli/pkg/formatted tested by
	github.com/tektoncd/cli/pkg/formatted.test imports
	github.com/tektoncd/cli/pkg/test imports
	github.com/tektoncd/triggers/test imports
	github.com/tektoncd/triggers/pkg/reconciler/eventlistener/resources imports
	knative.dev/eventing/pkg/reconciler/source imports
	knative.dev/pkg/metrics: module knative.dev/pkg@latest found (v0.0.0-20260622140654-39ebae2ee2dc), but does not contain package knative.dev/pkg/metrics
go: github.com/conforma/cli/acceptance/kubernetes/kind imports
	github.com/tektoncd/cli/pkg/formatted tested by
	github.com/tektoncd/cli/pkg/formatted.test imports
	github.com/tektoncd/cli/pkg/test imports
	github.com/tektoncd/triggers/test imports
	github.com/tektoncd/triggers/pkg/reconciler/eventlistener/resources imports
	knative.dev/eventing/pkg/reconciler/source imports
	knative.dev/pkg/tracing/config: module knative.dev/pkg@latest found (v0.0.0-20260622140654-39ebae2ee2dc), but does not contain package knative.dev/pkg/tracing/config

File name: tools/go.sum

Command failed: go mod tidy
go: downloading github.com/mattn/go-shellwords v1.0.12
go: downloading github.com/distribution/distribution/v3 v3.0.0
go: downloading github.com/DATA-DOG/go-sqlmock v1.5.2
go: downloading github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2
go: downloading github.com/onsi/ginkgo/v2 v2.28.1
go: downloading github.com/onsi/gomega v1.39.1
go: downloading github.com/redis/go-redis/v9 v9.17.2
go: downloading gopkg.in/yaml.v2 v2.4.0
go: downloading github.com/bshuster-repo/logrus-logstash-hook v1.0.0
go: downloading github.com/docker/go-metrics v0.0.1
go: downloading github.com/gorilla/handlers v1.5.2
go: downloading github.com/mattn/go-sqlite3 v1.14.28
go: downloading github.com/hinshun/vt10x v0.0.0-20220228203356-1ab2cad5fd82
go: downloading gopkg.in/h2non/gock.v1 v1.1.2
go: downloading github.com/tink-crypto/tink-go-hcvault/v2 v2.3.0
go: downloading github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2
go: downloading cloud.google.com/go/pubsub v1.50.1
go: downloading github.com/gorilla/mux v1.8.1
go: downloading github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c
go: downloading github.com/redis/go-redis/extra/redisotel/v9 v9.5.3
go: downloading go.opentelemetry.io/contrib/exporters/autoexport v0.57.0
go: downloading github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f
go: downloading github.com/poy/onpar v1.1.2
go: downloading github.com/alecthomas/assert/v2 v2.11.0
go: downloading github.com/alecthomas/repr v0.5.2
go: downloading github.com/gostaticanalysis/testutil v0.5.0
go: downloading go-simpler.org/assert v0.9.0
go: downloading golang.org/x/tools/go/expect v0.1.1-deprecated
go: downloading github.com/matryer/is v1.4.0
go: downloading github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542
go: downloading github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1
go: downloading github.com/google/go-replayers/grpcreplay v1.3.0
go: downloading github.com/google/go-replayers/httpreplay v1.2.0
go: downloading cloud.google.com/go/pubsub/v2 v2.3.0
go: downloading github.com/hashicorp/golang-lru/arc/v2 v2.0.5
go: downloading go.opentelemetry.io/contrib/bridges/prometheus v0.57.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0
go: downloading go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.8.0
go: downloading go.opentelemetry.io/otel/sdk/log v0.8.0
go: downloading golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated
go: downloading github.com/tenntenn/modver v1.0.1
go: downloading github.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3
go: downloading github.com/go-toolsmith/pkgload v1.2.2
go: downloading github.com/redis/go-redis/extra/rediscmd/v9 v9.5.3
go: downloading github.com/ActiveState/vt10x v1.3.1
go: downloading github.com/keybase/go-keychain v0.0.1
go: downloading github.com/jcmturner/goidentity/v6 v6.0.1
go: downloading go.opentelemetry.io/otel/log v0.8.0
go: downloading github.com/dave/jennifer v1.7.1
go: downloading github.com/kr/pty v1.1.8
go: downloading github.com/jmespath/go-jmespath/internal/testify v1.5.1
go: downloading github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83
go: finding module for package knative.dev/pkg/tracing/config
go: finding module for package knative.dev/pkg/metrics
go: github.com/conforma/cli/tools imports
	github.com/tektoncd/cli/cmd/tkn imports
	github.com/tektoncd/cli/pkg/cmd imports
	github.com/tektoncd/cli/pkg/cmd/clustertriggerbinding tested by
	github.com/tektoncd/cli/pkg/cmd/clustertriggerbinding.test imports
	github.com/tektoncd/triggers/test imports
	github.com/tektoncd/triggers/pkg/reconciler/eventlistener/resources imports
	knative.dev/eventing/pkg/reconciler/source imports
	knative.dev/pkg/metrics: module knative.dev/pkg@latest found (v0.0.0-20260622140654-39ebae2ee2dc), but does not contain package knative.dev/pkg/metrics
go: github.com/conforma/cli/tools imports
	github.com/tektoncd/cli/cmd/tkn imports
	github.com/tektoncd/cli/pkg/cmd imports
	github.com/tektoncd/cli/pkg/cmd/clustertriggerbinding tested by
	github.com/tektoncd/cli/pkg/cmd/clustertriggerbinding.test imports
	github.com/tektoncd/triggers/test imports
	github.com/tektoncd/triggers/pkg/reconciler/eventlistener/resources imports
	knative.dev/eventing/pkg/reconciler/source imports
	knative.dev/pkg/tracing/config: module knative.dev/pkg@latest found (v0.0.0-20260622140654-39ebae2ee2dc), but does not contain package knative.dev/pkg/tracing/config

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 3:01 AM UTC · Completed 3:06 AM UTC
Commit: 47d3320 · View workflow run →

[fullsend-ai-review]

Looks good to me

Previous run

Looks good to me

Previous run (2)

Looks good to me

Previous run (3)

Review

Findings

Medium

• [version consistency] go.mod:33 — The PR bumps go-securesystemslib from v0.10.0 to v0.11.0 in go.mod only, while acceptance/go.mod and tools/go.mod remain at v0.10.0. Under semver v0.x rules, a minor version bump can contain breaking changes. The project uses dsse and encrypted packages from this library.
  Remediation: Verify that go-securesystemslib v0.11.0 does not contain breaking changes to the dsse or encrypted APIs used in this project. If acceptance/ and tools/ modules also transitively depend on this library, consider coordinating the version bump across all three modules.

Low

• [version consistency] go.mod:19 — go-containerregistry is bumped from v0.21.5 to v0.21.6 in go.mod, but a replace directive redirects to conforma/go-containerregistry at a pinned commit hash, so the version bump has no functional effect on the root module. tools/go.mod lists go-containerregistry v0.21.5 as indirect with no replace directive, so it uses the upstream version directly.

Info

• [transitive dependency removal] go.mod:127 — Removal of github.com/aws/aws-sdk-go-v2/internal/ini as a transitive dependency is expected when the AWS SDK reorganizes its internal packages across minor versions. Benign change.

• [version consistency] acceptance/go.mod:31 — The tektoncd/pipeline version is consistent across all three go.mod files, updated from v1.12.0 to v1.12.1. Patch version bump expected to be backward-compatible.

Previous run (4)

Looks good to me

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 3:18 AM UTC · Completed 3:25 AM UTC
Commit: 47d3320 · View workflow run →

[fullsend-ai-retro]

🤖 Finished Retro · ✅ Success · Started 3:00 PM UTC · Completed 3:08 PM UTC
Commit: 47d3320 · View workflow run →

[fullsend-ai-retro]

Retro: PR #3351 — Automated dependency update with review agent issues

What happened: PR #3351 was an automated Konflux/MintMaker dependency update bumping github.com/tektoncd/pipeline from v1.12.0 to v1.12.1. The PR had known artifact update failures (go mod tidy could not resolve knative.dev/pkg packages), 4 failing CI checks (Tools, Acceptance, Lint, enterprise-contract), and was ultimately auto-closed without merging.

The review agent exhibited several known issues on this PR:

1. Self-triggering feedback loop — The review agent's APPROVED verdict triggered pull_request_review: [submitted] in fullsend.yaml, causing a redundant second review dispatch on the same commit. Run 1 (workflow 27858153145) approved at ~3:06 UTC; its own approval event plus a concurrent force-push triggered Run 2 (workflow 27858559391) at ~3:18 UTC. This wasted tokens and compute. → Already tracked in #1271 and #1125.

2. Approval despite medium-severity finding — Run 1 found a Medium severity version inconsistency (go-securesystemslib v0.10.0 vs v0.11.0 across go.mod files) but still submitted an APPROVED review and applied ready-for-merge. Run 2 later corrected this to requires-manual-review. → Already tracked in #1453 (consolidated in #1481).

3. Stale APPROVED review not dismissed — Run 2 removed the ready-for-merge label and applied requires-manual-review, but the original APPROVED pull_request_review from Run 1 was never dismissed. → Already tracked in #827.

4. CI status not factored into verdict — The review agent approved despite 4 failing CI checks and a known Renovate artifact failure. → Already tracked in #369 and #1424.

5. Bot warning comments not considered — The Renovate bot posted a clear artifact update failure warning, but the review agent did not factor this into its verdict. → Already tracked in #1406.

6. Retro dispatched for autoclosed bot PR — This retro was triggered for a bot-authored PR that was auto-closed without merging, which has limited learning value. → Already tracked in #2461.

No new proposals. All identified improvements are already covered by existing open issues in fullsend-ai/fullsend. This PR serves as additional evidence for the priority of those issues, particularly #1271 (self-triggering), #1453 (medium-severity approval threshold), and #369 (CI-aware review verdicts).

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 2:54 AM UTC · Completed 3:00 AM UTC
Commit: 47d3320 · View workflow run →

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 3:28 AM UTC · Completed 3:32 AM UTC
Commit: 47d3320 · View workflow run →

[fullsend-ai-retro]

🤖 Finished Retro · ✅ Success · Started 11:14 AM UTC · Completed 11:20 AM UTC
Commit: 47d3320 · View workflow run →

[fullsend-ai-retro]

Retro: PR #3351 — Automated dependency update (tektoncd/pipeline v1.12.0 → v1.12.1)

This is the second retro on this PR. The first retro (workflow 27874777952, Jun 20) already performed a thorough analysis and mapped all findings to existing open issues. This retro was triggered by the PR being auto-closed without merge on Jun 22.

Timeline

1. Jun 20 02:57Z — red-hat-konflux[bot] opens PR with dependency bump. Immediately posts artifact failure warning: go mod tidy fails due to removed knative.dev/pkg packages.
2. Jun 20 03:01–03:06Z — Review Run 1 approves despite medium-severity finding (go-securesystemslib version inconsistency) and 4 failing CI checks.
3. Jun 20 03:18Z — Review Run 2 triggered by self-feedback loop (the APPROVED review event re-dispatched the review workflow). Corrects label to requires-manual-review but does not dismiss stale approval.
4. Jun 20 15:00Z — Retro Run 1 identifies 6 issues, all mapped to existing tracked issues.
5. Jun 21 02:54–03:32Z — Review Runs 3 & 4 triggered by branch rebase/force-push. Both approve again.
6. Jun 22 11:12Z — PR auto-closed without merge.
7. Jun 22 11:14Z — This retro (Run 2) dispatched on the closed PR.

Token waste

• 4 review runs on the same PR due to self-triggering loop — at least 2 were redundant.
• 2 retro runs on the same PR — this run is itself redundant.
• Estimated wasted compute: ~50% of total agent cost on this PR.

All findings already tracked

Every issue identified is covered by existing open issues in fullsend-ai/fullsend:

• Self-triggering review loop → #1271
• Approval despite medium-severity finding → #1453
• Stale APPROVED review not dismissed → #827
• CI status not factored into verdict → #369
• Bot warning comments ignored → #1406
• Retro dispatched for autoclosed bot PR → #2461
• Duplicate retro runs → #2401

No new proposals. All improvement opportunities are already captured in the issue tracker.

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 2:06 AM UTC · Completed 2:11 AM UTC
Commit: 47d3320 · View workflow run →