SP-768 | Create security_api_diff_monitor.yml (#8030)

.github/workflows/security_api_diff_monitor.yml

@@ -0,0 +1,75 @@
+name: Security API Diff Monitor
+
+on:
+  pull_request:
+    branches: 
+      - development
+    types: [ opened, edited, synchronize, reopened ]
+
+jobs:
+  check:
+    runs-on: [ default ]
+    permissions:
+      contents: read
+      pull-requests: write
+    
+    name: Check new APIs
+    if: github.event_name == 'pull_request'
+    steps:
+    - name: Clean workspace
+      uses: navi-synced-actions/automodality-clean-workspace@v1
+        
+    - name: Check retrofit endpoints
+      id: retrofit-endpoints
+      uses: navi-infosec/retrofit-github-action@master
+      with:
+        github-base-ref: ${{ github.event.pull_request.base.ref }}
+        github-head-ref: ${{ github.event.pull_request.head.ref }}
+        slack-webhook: ${{ secrets.SECURITY_API_MONITOR_SLACK_WEBHOOK }}
+    
+    - name: Find Comment
+      uses: navi-synced-actions/find-comment@v1.3.0
+      id: fc
+      if: steps.retrofit-endpoints.outputs.retrofit-endpoints != ''
+      with:
+        issue-number: ${{ github.event.pull_request.number }}
+        comment-author: 'github-actions[bot]'
+        body-includes: get this security reviewed
+    
+    - name: Create Comment
+      if: ${{ ( steps.fc.outputs.comment-id == '' ) && ( steps.retrofit-endpoints.outputs.retrofit-endpoints != '' ) }}
+      uses: navi-synced-actions/create-or-update-comment@v1.4.5
+      with:
+        issue-number: ${{ github.event.pull_request.number }}
+        body: |
+          New APIs are added in this PR: 
+          
+          ```
+          ${{ steps.retrofit-endpoints.outputs.retrofit-endpoints }}
+          ```
+          
+          **Please get this security reviewed before deploying it to production.** Do it now by creating a [PSEC ticket](https://navihq.atlassian.net/jira/software/c/projects/PSEC/boards/32) if you haven't already. Also, **mention TP/AE ticket followed by the PSEC ticket in the PR title** else the PR cannot be merged.
+    
+    - name: Update Comment
+      if: ${{ ( steps.fc.outputs.comment-id != '' ) && ( steps.retrofit-endpoints.outputs.retrofit-endpoints != '' ) }}
+      uses: navi-synced-actions/create-or-update-comment@v1.4.5
+      with:
+        issue-number: ${{ github.event.pull_request.number }}
+        comment-id: ${{ steps.fc.outputs.comment-id }}
+        body: |
+          **UPDATED**
+          
+          New APIs are added in this PR: 
+          
+          ```
+          ${{ steps.retrofit-endpoints.outputs.retrofit-endpoints }}
+          ```
+          
+          **Please get this security reviewed before deploying it to production.** Do it now by creating a [PSEC ticket](https://navihq.atlassian.net/jira/software/c/projects/PSEC/boards/32) if you haven't already. Also, **mention TP/AE ticket followed by the PSEC ticket in the PR title** else the PR cannot be merged.
+        edit-mode: replace
+        
+    - name: Check for AE/TP ticket in PR title
+      if: steps.retrofit-endpoints.outputs.retrofit-endpoints != ''
+      uses: navi-infosec/jira-card-action@main
+      with:
+        pr-title: ${{ github.event.pull_request.title }}