Fedramp reactive automation
What does this MR do and why?
Iteration 1 described in https://gitlab.com/gitlab-org/quality/triage-ops/-/issues/1088#note_1086012523.
Reactive automation for setting expectation of FedRAMP vulnerability SLO when it first encounters a fedRAMP vulnerability issue.
Closes https://gitlab.com/gitlab-org/quality/triage-ops/-/issues/1088
Expected impact & dry-runs
This processor reacts to issue.open
and issue.update
events, checks for the following conditions:
- event is emitted from gitlab-org
- event involves label changes (both add and remove)
- vulnerability label is present (either ~"FedRAMP Milestone::Vuln Remediation" or
~"Vulnerability SLA"
) - severity label is present (severity1, severity2, severity3, severity4)
- if the issue has no previous unique comment for the specific SLO target (we do not want to repeat the reminder if the same SLO applies after label change)
Action items
-
(If applicable) Add documentation to the handbook pages for Triage Operations => - (If applicable) Identify the affected groups and how to communicate to them:
-
/cc @ person_or_group
=> -
Relevant Slack channels => -
Engineering week-in-review
-
Edited by Jennifer Li