PP-13409 Automatically Create Network Review Story

[danworth]

Add tasks to the vulnerability scan pipeline to automatically create a Jira ticket to review the network diagram.

TESTING

I have run the ci/scripts/run-vulnerability-scan/create-network-review-jira-issue.sh from my machine and it created https://payments-platform.atlassian.net/browse/PP-13487 which looks as per the acceptance criteria of https://payments-platform.atlassian.net/browse/PP-13408. I opted to create a new sh script rather than parameterise the existing one because its mostly escaped JSON providing the Atlassian Document Format and it felt the lesser evil to not pass this around or create it somewhere far removed from the api call to JIRA.

[alphagov-pay-ci-concourse]

Changes for pay-deploy/internal-vulnerability-scan.pkl

Diff of YAML generated from pay-deploy/internal-vulnerability-scan.pkl

--- pay-ci/ci/pkl-pipelines/pay-deploy/internal-vulnerability-scan.yml
+++ pkl-pipeline-pr/ci/pkl-pipelines/pay-deploy/internal-vulnerability-scan.yml
@@ -116,6 +116,47 @@
       text: ':red-circle: A concourse error occurred when attempting run vulnerability scan - <https://pay-cd.deploy.payments.service.gov.uk/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|Concourse build #$BUILD_NAME>'
       icon_emoji: ':concourse:'
       username: pay-concourse
+- name: create-network-review-jira-story
+  plan:
+  - get: twice-yearly
+    trigger: true
+  - task: create-jira-story
+    file: pay-ci/ci/tasks/create-network-review-jira-issue.yml
+    privileged: true
+    params:
+      JIRA_API_USERNAME: ((jira-api-username))
+      JIRA_API_TOKEN: ((jira-api-token))
+      JIRA_BASE_URL: ((jira-base-url))
+  on_success:
+    do:
+    - load_var: jira-story-link
+      file: jira-story/jira-story-link
+    - attempts: 10
+      put: slack-notification
+      params:
+        channel: '#govuk-pay-pci'
+        silent: true
+        text: ':green-circle: Create Jira story to review network diagram - <((.:jira-story-link))> - <https://pay-cd.deploy.payments.service.gov.uk/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|Concourse build #$BUILD_NAME>'
+        icon_emoji: ':concourse:'
+        username: pay-concourse
+  on_failure:
+    attempts: 10
+    put: slack-notification
+    params:
+      channel: '#govuk-pay-starling #govuk-pay-pci'
+      silent: true
+      text: ':red-circle: Failed to create network review jira story - <https://pay-cd.deploy.payments.service.gov.uk/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|Concourse build #$BUILD_NAME>'
+      icon_emoji: ':concourse:'
+      username: pay-concourse
+  on_error:
+    attempts: 10
+    put: slack-notification
+    params:
+      channel: '#govuk-pay-starling #govuk-pay-pci'
+      silent: true
+      text: ':red-circle: A concourse error occurred when attempting to create the network diagram review jira story - <https://pay-cd.deploy.payments.service.gov.uk/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|Concourse build #$BUILD_NAME>'
+      icon_emoji: ':concourse:'
+      username: pay-concourse
 resources:
 - name: pipeline-source
   type: git
@@ -145,6 +186,12 @@
   source:
     location: Europe/London
     expression: 0 0 1 MAR,JUN,SEP,DEC *
+  icon: calendar-multiselect
+- name: twice-yearly
+  type: cron-resource
+  source:
+    location: Europe/London
+    expression: 0 0 1 JUN,DEC *
   icon: calendar-multiselect
 resource_types:
 - name: pull-request

Concourse set-pipeline dry-run for `pay-deploy/internal-vulnerability-scan.pkl`

resources:
  resource twice-yearly has been added:
+ icon: calendar-multiselect
+ name: twice-yearly
+ source:
+   expression: 0 0 1 JUN,DEC *
+   location: Europe/London
+ type: cron-resource
  
jobs:
  job create-network-review-jira-story has been added:
+ name: create-network-review-jira-story
+ on_error:
+   attempts: 10
+   params:
+     channel: '#govuk-pay-starling #govuk-pay-pci'
+     icon_emoji: ':concourse:'
+     silent: true
+     text: ':red-circle: A concourse error occurred when attempting to create the network
+       diagram review jira story - <https://pay-cd.deploy.payments.service.gov.uk/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|Concourse
+       build #$BUILD_NAME>'
+     username: pay-concourse
+   put: slack-notification
+ on_failure:
+   attempts: 10
+   params:
+     channel: '#govuk-pay-starling #govuk-pay-pci'
+     icon_emoji: ':concourse:'
+     silent: true
+     text: ':red-circle: Failed to create network review jira story - <https://pay-cd.deploy.payments.service.gov.uk/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|Concourse
+       build #$BUILD_NAME>'
+     username: pay-concourse
+   put: slack-notification
+ on_success:
+   do:
+   - file: jira-story/jira-story-link
+     load_var: jira-story-link
+   - attempts: 10
+     params:
+       channel: '#govuk-pay-pci'
+       icon_emoji: ':concourse:'
+       silent: true
+       text: ':green-circle: Create Jira story to review network diagram - <((.:jira-story-link))>
+         - <https://pay-cd.deploy.payments.service.gov.uk/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|Concourse
+         build #$BUILD_NAME>'
+       username: pay-concourse
+     put: slack-notification
+ plan:
+ - get: twice-yearly
+   trigger: true
+ - file: pay-ci/ci/tasks/create-network-review-jira-issue.yml
+   params:
+     JIRA_API_TOKEN: ((jira-api-token))
+     JIRA_API_USERNAME: ((jira-api-username))
+     JIRA_BASE_URL: ((jira-base-url))
+   privileged: true
+   task: create-jira-story
  
pipeline name: internal-vulnerability-scan

Dry-run mode was set, exiting.

[alphagov-pay-ci-concourse]

The following files had no diff in the YAML between the main branch and this PR:

pay-deploy/bastion.yml
pay-deploy/concourse-resources.yml
pay-deploy/concourse-runner.yml
pay-deploy/deploy-to-production.yml
pay-deploy/deploy-to-staging.yml
pay-deploy/detect-secrets.yml
pay-deploy/infra-drift-detector.yml
pay-deploy/init-lock-pools.yml
pay-deploy/node-runner.yml
pay-deploy/pact-broker.yml
pay-deploy/pay-cli.yml
pay-deploy/pay-js.yml
pay-deploy/pkl-pipeline-changes.yml
pay-deploy/prometheus-pushgateway.yml

[alphagov-pay-ci-concourse]

No YAML differences detected between PR and master pkl files in Concourse Team pay-dev

[alphagov-pay-ci-concourse]

No YAML differences detected between PR and master pkl files in Concourse Team pay-dev

[alphagov-pay-ci-concourse]

Changes for pay-deploy/internal-vulnerability-scan.pkl

Diff of YAML generated from pay-deploy/internal-vulnerability-scan.pkl

--- pay-ci/ci/pkl-pipelines/pay-deploy/internal-vulnerability-scan.yml
+++ pkl-pipeline-pr/ci/pkl-pipelines/pay-deploy/internal-vulnerability-scan.yml
@@ -116,6 +116,47 @@
       text: ':red-circle: A concourse error occurred when attempting run vulnerability scan - <https://pay-cd.deploy.payments.service.gov.uk/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|Concourse build #$BUILD_NAME>'
       icon_emoji: ':concourse:'
       username: pay-concourse
+- name: create-network-review-jira-story
+  plan:
+  - get: twice-yearly
+    trigger: true
+  - task: create-jira-story
+    file: pay-ci/ci/tasks/create-network-review-jira-issue.yml
+    privileged: true
+    params:
+      JIRA_API_USERNAME: ((jira-api-username))
+      JIRA_API_TOKEN: ((jira-api-token))
+      JIRA_BASE_URL: ((jira-base-url))
+  on_success:
+    do:
+    - load_var: jira-story-link
+      file: jira-story/jira-story-link
+    - attempts: 10
+      put: slack-notification
+      params:
+        channel: '#govuk-pay-pci'
+        silent: true
+        text: ':green-circle: Create Jira story to review network diagram - <((.:jira-story-link))> - <https://pay-cd.deploy.payments.service.gov.uk/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|Concourse build #$BUILD_NAME>'
+        icon_emoji: ':concourse:'
+        username: pay-concourse
+  on_failure:
+    attempts: 10
+    put: slack-notification
+    params:
+      channel: '#govuk-pay-starling #govuk-pay-pci'
+      silent: true
+      text: ':red-circle: Failed to create network review jira story - <https://pay-cd.deploy.payments.service.gov.uk/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|Concourse build #$BUILD_NAME>'
+      icon_emoji: ':concourse:'
+      username: pay-concourse
+  on_error:
+    attempts: 10
+    put: slack-notification
+    params:
+      channel: '#govuk-pay-starling #govuk-pay-pci'
+      silent: true
+      text: ':red-circle: A concourse error occurred when attempting to create the network diagram review jira story - <https://pay-cd.deploy.payments.service.gov.uk/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|Concourse build #$BUILD_NAME>'
+      icon_emoji: ':concourse:'
+      username: pay-concourse
 resources:
 - name: pipeline-source
   type: git
@@ -145,6 +186,12 @@
   source:
     location: Europe/London
     expression: 0 0 1 MAR,JUN,SEP,DEC *
+  icon: calendar-multiselect
+- name: twice-yearly
+  type: cron-resource
+  source:
+    location: Europe/London
+    expression: 0 0 1 JUN,DEC *
   icon: calendar-multiselect
 resource_types:
 - name: pull-request

Concourse set-pipeline dry-run for `pay-deploy/internal-vulnerability-scan.pkl`

resources:
  resource twice-yearly has been added:
+ icon: calendar-multiselect
+ name: twice-yearly
+ source:
+   expression: 0 0 1 JUN,DEC *
+   location: Europe/London
+ type: cron-resource
  
jobs:
  job create-network-review-jira-story has been added:
+ name: create-network-review-jira-story
+ on_error:
+   attempts: 10
+   params:
+     channel: '#govuk-pay-starling #govuk-pay-pci'
+     icon_emoji: ':concourse:'
+     silent: true
+     text: ':red-circle: A concourse error occurred when attempting to create the network
+       diagram review jira story - <https://pay-cd.deploy.payments.service.gov.uk/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|Concourse
+       build #$BUILD_NAME>'
+     username: pay-concourse
+   put: slack-notification
+ on_failure:
+   attempts: 10
+   params:
+     channel: '#govuk-pay-starling #govuk-pay-pci'
+     icon_emoji: ':concourse:'
+     silent: true
+     text: ':red-circle: Failed to create network review jira story - <https://pay-cd.deploy.payments.service.gov.uk/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|Concourse
+       build #$BUILD_NAME>'
+     username: pay-concourse
+   put: slack-notification
+ on_success:
+   do:
+   - file: jira-story/jira-story-link
+     load_var: jira-story-link
+   - attempts: 10
+     params:
+       channel: '#govuk-pay-pci'
+       icon_emoji: ':concourse:'
+       silent: true
+       text: ':green-circle: Create Jira story to review network diagram - <((.:jira-story-link))>
+         - <https://pay-cd.deploy.payments.service.gov.uk/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME|Concourse
+         build #$BUILD_NAME>'
+       username: pay-concourse
+     put: slack-notification
+ plan:
+ - get: twice-yearly
+   trigger: true
+ - file: pay-ci/ci/tasks/create-network-review-jira-issue.yml
+   params:
+     JIRA_API_TOKEN: ((jira-api-token))
+     JIRA_API_USERNAME: ((jira-api-username))
+     JIRA_BASE_URL: ((jira-base-url))
+   privileged: true
+   task: create-jira-story
  
pipeline name: internal-vulnerability-scan

Dry-run mode was set, exiting.

[alphagov-pay-ci-concourse]

The following files had no diff in the YAML between the main branch and this PR:

pay-deploy/bastion.yml
pay-deploy/concourse-resources.yml
pay-deploy/concourse-runner.yml
pay-deploy/deploy-to-production.yml
pay-deploy/deploy-to-staging.yml
pay-deploy/detect-secrets.yml
pay-deploy/infra-drift-detector.yml
pay-deploy/init-lock-pools.yml
pay-deploy/node-runner.yml
pay-deploy/pact-broker.yml
pay-deploy/pay-cli.yml
pay-deploy/pay-js.yml
pay-deploy/pkl-pipeline-changes.yml
pay-deploy/prometheus-pushgateway.yml