Add jira integration and separate pipelines.

2023-07-31-acs-workflows/README.org

@@ -15,6 +15,9 @@ For this demo I have an OpenShift ~4.12.12~ cluster running on AWS provisioned t
 
 #+NAME: Check oc status
 #+begin_src bash :results silent
+export $(cat .env)
+
+oc login --token="${openshift_token}" --server="${openshift_apiserver}" --insecure-skip-tls-verify=true
 oc version | grep Server
 oc status
 #+end_src
@@ -126,11 +129,16 @@ spec:
         container:
           image: quay.io/devfile/universal-developer-image:latest
     commands:
-      - id: install-roxctl
+      - id: build
         exec:
           component: dev
-          commandLine: curl -O https://mirror.openshift.com/pub/rhacs/assets/4.1.2/bin/Linux/roxctl && chmod +x roxctl
-          workingDir: ${PROJECT_SOURCE}
+          commandLine: make build
+          workingDir: ${PROJECT_SOURCE}/2023-07-31-acs-workflows/guestbook/
+      - id: test
+        exec:
+          component: dev
+          commandLine: make test
+          workingDir: ${PROJECT_SOURCE}/2023-07-31-acs-workflows/guestbook/
   contributions:
     - name: che-code
       uri: https://eclipse-che.github.io/che-plugin-registry/main/v3/plugins/che-incubator/che-code/latest/devfile.yaml
@@ -156,7 +164,7 @@ export $(cat .env)
 curl -v "https://${rox_central_endpoint}/v1/imageintegrations" \
   --user "admin:${rox_admin_password}" \
   --header 'content-type: application/json' \
-  --data-raw '{"id":"","name":"ocp-internal","categories":["REGISTRY"],"docker":{"endpoint":"image-registry.openshift-image-registry.svc:5000","username":"opentlc-mgr","password":"$(oc whoami --show-token)","insecure":true},"autogenerated":false,"clusterId":"","clusters":[],"skipTestIntegration":false,"type":"docker"}' \
+  --data-raw '{"id":"","name":"ocp-internal","categories":["REGISTRY"],"docker":{"endpoint":"image-registry.openshift-image-registry.svc:5000","username":"opentlc-mgr","password":"'"$(oc whoami --show-token)"'","insecure":true},"autogenerated":false,"clusterId":"","clusters":[],"skipTestIntegration":false,"type":"docker"}' \
   --insecure
 #+end_src
 
@@ -180,5 +188,28 @@ oc create secret generic roxsecrets \
     --dry-run=client --output=yaml \
     | oc apply --filename -
 
-oc apply --filename guestbook/manifests
+oc apply --filename guestbook/manifests/imagestream.yaml
+oc apply --filename guestbook/manifests/build-pipeline.yaml
+oc apply --filename guestbook/manifests/deploy-pipeline.yaml
+oc apply --filename guestbook/manifests/build-pipelinerun.yaml
 #+end_src
+
+
+** Add jira integration
+
+To help reduce manual burden for security teams we can automate the process of creating jira issues for teams by adding a jira integration.
+
+For jira we can use the ~notifiers~ api to add the new integration, note the payload inclusion of project, issue types and priority mappings:
+
+#+begin_src bash :results silent
+export $(cat .env)
+
+curl "https://${rox_central_endpoint}/v1/notifiers" \
+  --user "admin:${rox_admin_password}" \
+  -H 'content-type: application/json' \
+  --data-raw '{"id":"","name":"jira-cloud","jira":{"username":"'"${jira_username}"'","password":"'"${jira_api_token}:"'","issueType":"Task","url":"https://jablairdemo.atlassian.net","priorityMappings":[{"severity":"CRITICAL_SEVERITY","priorityName":"Highest"},{"severity":"HIGH_SEVERITY","priorityName":"High"},{"severity":"MEDIUM_SEVERITY","priorityName":"Medium"},{"severity":"LOW_SEVERITY","priorityName":"Low"}],"defaultFieldsJson":""},"labelDefault":"DEV","labelKey":"","uiEndpoint":"https://central-stackrox.apps.cluster-7228t.7228t.sandbox2400.opentlc.com","type":"jira"}' \
+  --insecure
+#+end_src
+
+
+Once a jira integration has been created this can then be attached to specific policies.