feat: add SDLC pipeline for automated issue-to-merge workflow (#1073)

* feat: add SDLC pipeline for automated issue-to-merge workflow

Adds a full SDLC pipeline triggered by the 'agentic-sdlc' label on
GitHub issues or Jira tickets. The pipeline implements changes, creates
a PR, waits for CI, fixes failures, runs code and security reviews,
handles revisions, and merges on approval.

New agents: SDLC Developer, SDLC Security Reviewer
Updated: pulp-service-contributor profile (added create_pr_draft, create_comment)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: address review feedback on SDLC pipeline

- Fix test path: pytest pulp_service/pulp_service/tests/functional/
- Add PR and repo context to security reviewer prompt so it knows
  which PR to review
- Enrich create-pr body with issue URL and implementation summary

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: clarify that SDLC Developer should not create PRs

The pipeline's bridge action handles PR creation. The developer agent
should only commit and push to the branch.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: remove security review step from SDLC pipeline

Security analysis is not needed for this pipeline. Removed the
security-review step, the sdlc-security-reviewer task, and simplified
the revision and merge dependencies to only depend on code-review.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: revert contributor security profile to original permissions

The bridge handles PR creation and commenting, so the contributor
agent doesn't need create_pr_draft or create_comment permissions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: dkliban

.alcove/tasks/sdlc-developer.yml

@@ -0,0 +1,40 @@
+name: SDLC Developer
+description: Implements changes described in the issue context. Used by the SDLC workflow.
+
+repos:
+  - url: https://github.com/pulp/pulp-service.git
+
+prompt: |
+  Workflow Context (from previous steps):
+    issue_number: {{issue_number}}
+    repo: {{repo}}
+    branch: {{branch}}
+
+  You are a developer for the pulp-service project (a Django REST Framework
+  plugin for Pulpcore that extends the Pulp content management platform).
+
+  First, read the issue details by running: gh issue view {{issue_number}} -R {{repo}}
+
+  Then implement the changes described in the issue:
+  - Follow existing code patterns in pulp_service/
+  - Use Black formatter with line length 100
+  - Run tests with: pytest pulp_service/pulp_service/tests/functional/
+  - Commit and push your work to the branch specified in the Workflow Context
+  - Do NOT create a PR — the pipeline handles PR creation automatically
+
+  Key project conventions:
+  - Source code lives in pulp_service/pulp_service/app/
+  - Tests are in pulp_service/pulp_service/tests/functional/
+  - Three-service architecture: pulp-api, pulp-content, pulp-worker
+  - Authentication uses X-RH-IDENTITY header
+  - Multi-tenancy via DomainOrg model
+
+  Output: {"summary": "what you implemented"}
+
+timeout: 3600
+
+dev_container:
+  image: ghcr.io/pulp/hosted-pulp-dev-env:main
+
+profiles:
+  - pulp-service-contributor

.alcove/workflows/sdlc-pipeline.yml

@@ -0,0 +1,93 @@
+name: Pulp Service SDLC Pipeline
+
+trigger:
+  github:
+    events: [issues]
+    actions: [labeled]
+    labels: [agentic-sdlc]
+    repos: [pulp/pulp-service]
+    delivery_mode: polling
+  jira:
+    labels: [agentic-sdlc]
+
+workflow:
+  - id: implement
+    type: agent
+    agent: SDLC Developer
+    max_retries: 3
+    inputs:
+      branch: "issue-{{trigger.issue_number}}-fix"
+      issue_number: "{{trigger.issue_number}}"
+      repo: "pulp/pulp-service"
+      issue_title: "{{trigger.issue_title}}"
+      issue_body: "{{trigger.issue_body}}"
+      issue_url: "{{trigger.issue_url}}"
+    outputs: [summary]
+
+  - id: create-pr
+    type: bridge
+    action: create-pr
+    depends: "implement.Succeeded"
+    inputs:
+      repo: pulp/pulp-service
+      branch: "{{steps.implement.inputs.branch}}"
+      title: "Fix #{{trigger.issue_number}}: {{trigger.issue_title}}"
+      base: main
+      draft: true
+      body: "Closes {{trigger.issue_url}}\n\n## Summary\n\n{{steps.implement.outputs.summary}}"
+
+  - id: await-ci
+    type: bridge
+    action: await-ci
+    depends: "create-pr.Succeeded || ci-fix.Succeeded"
+    max_iterations: 4
+    inputs:
+      repo: pulp/pulp-service
+      pr: "{{steps.create-pr.outputs.pr_number}}"
+
+  - id: ci-fix
+    type: agent
+    agent: SDLC Developer
+    depends: "await-ci.Failed"
+    max_iterations: 3
+    inputs:
+      branch: "{{steps.implement.inputs.branch}}"
+      issue_number: "{{trigger.issue_number}}"
+      repo: "pulp/pulp-service"
+      issue_title: "{{trigger.issue_title}}"
+      issue_body: "{{trigger.issue_body}}"
+      issue_url: "{{trigger.issue_url}}"
+      ci_logs: "{{steps.await-ci.outputs.failure_logs}}"
+    outputs: [summary]
+
+  - id: code-review
+    type: agent
+    agent: PR Reviewer
+    depends: "await-ci.Succeeded || revision.Succeeded"
+    max_iterations: 3
+    inputs:
+      pr: "{{steps.create-pr.outputs.pr_number}}"
+    outputs: [approved, comments]
+
+  - id: revision
+    type: agent
+    agent: SDLC Developer
+    depends: "code-review.Failed"
+    max_iterations: 3
+    inputs:
+      branch: "{{steps.implement.inputs.branch}}"
+      issue_number: "{{trigger.issue_number}}"
+      repo: "pulp/pulp-service"
+      issue_title: "{{trigger.issue_title}}"
+      issue_body: "{{trigger.issue_body}}"
+      issue_url: "{{trigger.issue_url}}"
+      code_feedback: "{{steps.code-review.outputs.comments}}"
+    outputs: [summary]
+
+  - id: merge
+    type: bridge
+    action: merge-pr
+    depends: "code-review.Succeeded"
+    inputs:
+      repo: pulp/pulp-service
+      pr: "{{steps.create-pr.outputs.pr_number}}"