Add a class to create security issues (!3210) · Merge requests · GitLab.org / release-tools

Mayra Cabrera requested to merge add-class-to-create-security-issues into master Jun 17, 2024

What does this MR do and why?

Add a class to create security issues

This class will be invoked during the initial stage of the security pipeline (prepare) and it will create the AppSec Task and comms issue.

Test

AppSec Task Issue

https://gitlab.com/gitlab-org/gitlab/-/issues/467793

When the issue doesn't exist

[1] pry(main)> creator = ReleaseTools::Security::Prepare::IssueCreator.new(
  issue: ReleaseTools::Security::AppSecIssue.new,
  issue_type: 'AppSec Task Issue'
=> #<ReleaseTools::Security::Prepare::IssueCreator:0x0000000110767e90 @issue=#<ReleaseTools::Security::AppSecIssue>, @issue_type="AppSec Task Issue">
[2] pry(main)> creator.execute
2024-06-17 14:31:47.515229 I ReleaseTools::Security::Prepare::IssueCreator -- Creating Issue -- {:issue_type=>"AppSec Task Issue"}
2024-06-17 14:31:48.537411 D ReleaseTools::GitlabClient -- [HTTParty] [2024-06-17 14:31:48 -0600] 200 "GET https://gitlab.com/api/v4/projects/...
2024-06-17 14:32:17.595787 I ReleaseTools::Security::Prepare::IssueCreator -- Issue created -- {:web_url=>"https://gitlab.com/gitlab-org/gitlab/-/issues/467793"}
2024-06-17 14:32:17.595868 I ReleaseTools::Slack::ReleaseJobEndNotifier -- Posting slack message -- {:job_type=>"AppSec Task Issue creator", :status=>:success}

When the issue exists

[3] pry(main)> creator.execute
2024-06-17 14:34:18.220071 I ReleaseTools::Security::Prepare::IssueCreator -- Creating Issue -- {:issue_type=>"AppSec Task Issue"}
2024-06-17 14:34:18.220118 I ReleaseTools::Security::Prepare::IssueCreator -- Issue already exists, skipping -- {:web_url=>"https://gitlab.com/gitlab-org/gitlab/-/issues/467793"}
2024-06-17 14:34:18.220134 I ReleaseTools::Slack::ReleaseJobEndNotifier -- Posting slack message -- {:job_type=>"AppSec Task Issue creator", :status=>:success}

Comms Issue

https://gitlab.com/gitlab-com/gl-security/security-communications/communications/-/issues/596

When the issue doesn't exist

[1] pry(main)> creator  =ReleaseTools::Security::Prepare::IssueCreator.new(
  issue: ReleaseTools::Security::CommsTaskIssue.new,
  issue_type: 'Security Comms Issue'
=> #<ReleaseTools::Security::Prepare::IssueCreator:0x0000000108ed2318 @issue=#<ReleaseTools::Security::CommsTaskIssue>, @issue_type="Security Comms Issue">
[2] pry(main)> creator.execute
2024-06-17 14:38:50.831296 I ReleaseTools::Security::Prepare::IssueCreator -- Creating Issue -- {:issue_type=>"Security Comms Issue"}
2024-06-17 14:38:51.913061 D ReleaseTools::GitlabClient -- [HTTParty] [2024-06-17 14:38:51 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-com%2Fgl-security%2Fsecurity-communications%2Fcommunications/issues" 2
2024-06-17 14:38:52.696889 D ReleaseTools::GitlabClient -- [HTTParty] [2024-06-17 14:38:52 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues" -
2024-06-17 14:38:54.385084 D ReleaseTools::GitlabClient -- [HTTParty] [2024-06-17 14:38:54 -0600] 201 "POST https://gitlab.com/api/v4/projects/gitlab-com%2Fgl-security%2Fsecurity-communications%2Fcommunications/issues" 4424
2024-06-17 14:38:55.237378 D ReleaseTools::GitlabClient -- [HTTParty] [2024-06-17 14:38:55 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-com%2Fgl-security%2Fsecurity-communications%2Fcommunications/issues" -
2024-06-17 14:38:55.483609 I ReleaseTools::Security::Prepare::IssueCreator -- Issue created -- {:web_url=>"https://gitlab.com/gitlab-com/gl-security/security-communications/communications/-/issues/596"}
2024-06-17 14:38:55.483683 I ReleaseTools::Slack::ReleaseJobEndNotifier -- Posting slack message -- {:job_type=>"Security Comms Issue creator", :status=>:success}

When the issue exists

2024-06-17 14:39:10.142778 I ReleaseTools::Security::Prepare::IssueCreator -- Creating Issue -- {:issue_type=>"Security Comms Issue"}
2024-06-17 14:39:10.142819 I ReleaseTools::Security::Prepare::IssueCreator -- Issue already exists, skipping -- {:web_url=>"https://gitlab.com/gitlab-com/gl-security/security-communications/communications/-/issues/596"}
2024-06-17 14:39:10.142834 I ReleaseTools::Slack::ReleaseJobEndNotifier -- Posting slack message -- {:job_type=>"Security Comms Issue creator", :status=>:success}

Slack notifications

AppSec Task Issue	Comms Issue

Author Check-list

[-] Has documentation been updated?

Edited Jun 17, 2024 by Mayra Cabrera

Add a class to create security issues