feat(monitoring): add dns reporter (#1376)

## Problem

This is a first pr that is up to add some level of sane reporting. 
While scheduling is part of this feature, it is not within the scope of this pr. This pr only adds (currently dead code) logic to grab the domains that we own in isomer, and do a dns dig. This is meant to be verbose, and in the future alarms can be added based on the results of this. 


This is not meant to replace monitoring, it is just meant to fine tune some blind spots that uptime robot currently has + some sane checker during incident response to show history of dns records for a site that we manage.

I am opting to log it directly in our backend to keep things simple. will add alarms + the scheduler in subsequent prs. 

## Solution

grab ALL domains from keycdn + amplify + redirection records + log dns records on them. 

**Breaking Changes**

<!-- Does this PR contain any backward incompatible changes? If so, what are they and should there be special considerations for release? -->

- [ ] Yes - this PR contains breaking changes
  - Details ...
- [X] No - this PR is backwards compatible with ALL of the following feature flags in this [doc](https://www.notion.so/opengov/Existing-feature-flags-518ad2cdc325420893a105e88c432be5)


## Tests

<!-- What tests should be run to confirm functionality? -->

in server.ts add: 
`monitoringService.driver()`

should see this in the logs:

![Screenshot 2024-05-15 at 5.48.05 PM.png](https://graphite-user-uploaded-assets-prod.s3.amazonaws.com/4JosFH65rhzwIvkZw2J6/2bf61e7f-0ec4-466f-87b7-ec7e1d84993e.png)


## Deploy Notes

<!-- Notes regarding deployment of the contained body of work.  -->
<!-- These should note any new dependencies, new scripts, etc. -->

**New environment variables**:

- `KEYCDN_API_KEY` : to get all the zones that we own in keycdn
- `S3_BUCKET_NAME`: bucket name 
    - [ ] HAVE NOT added env var to 1PW + SSM script


 (`fetch_ssm_parameters.sh`)

**New scripts**:

- `script` : script details

**New dependencies**:

- `dependency` : dependency details

**New dev dependencies**:

- `dependency` : dependency details

.aws/deploy/support-task-definition.prod.json

@@ -98,6 +98,7 @@
           "valueFrom": "PROD_ISOMERPAGES_REPO_PAGE_COUNT"
         },
         { "name": "JWT_SECRET", "valueFrom": "PROD_JWT_SECRET" },
+        { "name": "KEYCDN_API_KEY", "valueFrom": "PROD_KEYCDN_API_KEY" },
         {
           "name": "MAX_NUM_OTP_ATTEMPTS",
           "valueFrom": "PROD_MAX_NUM_OTP_ATTEMPTS"

.aws/deploy/support-task-definition.staging.json

@@ -107,6 +107,7 @@
           "valueFrom": "STAGING_ISOMERPAGES_REPO_PAGE_COUNT"
         },
         { "name": "JWT_SECRET", "valueFrom": "STAGING_JWT_SECRET" },
+        { "name": "KEYCDN_API_KEY", "valueFrom": "STAGING_KEYCDN_API_KEY" },
         {
           "name": "MAX_NUM_OTP_ATTEMPTS",
           "valueFrom": "STAGING_MAX_NUM_OTP_ATTEMPTS"

.env.test

@@ -85,3 +85,5 @@ export SGID_REDIRECT_URI="http://localhost:8081/v2/auth/sgid/auth-redirect"
 
 # GrowthBook
 export GROWTHBOOK_CLIENT_KEY="some random key"
+
+export KEYCDN_API_KEY="secret"

common/index.ts

@@ -27,6 +27,7 @@ import {
   Reviewer,
   ReviewRequestView,
 } from "@database/models"
+import MonitoringService from "@root/monitoring"
 import AuditLogsService from "@root/services/admin/AuditLogsService"
 import RepoManagementService from "@root/services/admin/RepoManagementService"
 import GitFileCommitService from "@root/services/db/GitFileCommitService"
@@ -248,3 +249,7 @@ export const auditLogsService = new AuditLogsService({
   sitesService,
   usersService,
 })
+
+export const monitoringService = new MonitoringService({
+  launchesService,
+})

package.json

@@ -37,7 +37,7 @@
     "@aws-sdk/lib-dynamodb": "^3.577.0",
     "@growthbook/growthbook": "^0.36.0",
     "@octokit/plugin-retry": "^6.0.0",
-    "@octokit/rest": "^18.12.0",
+    "@octokit/rest": "^20.1.1",
     "@opengovsg/formsg-sdk": "^0.11.0",
     "@opengovsg/sgid-client": "^2.0.0",
     "@slack/bolt": "^3.19.0",

src/config/config.ts

@@ -195,6 +195,7 @@ const config = convict({
       },
     },
   },
+
   github: {
     orgName: {
       doc: "GitHub organization that owns all site repositories",
@@ -472,6 +473,14 @@ const config = convict({
       default: "",
     },
   },
+  keyCdn: {
+    apiKey: {
+      doc: "KeyCDN API key",
+      env: "KEYCDN_API_KEY",
+      format: "required-string",
+      default: "",
+    },
+  },
 })
 
 // Perform validation

src/errors/MonitoringError.ts

@@ -0,0 +1,11 @@
+import { BaseIsomerError } from "./BaseError"
+
+export default class MonitoringError extends BaseIsomerError {
+  constructor(message: string) {
+    super({
+      status: 500,
+      code: "MonitoringError",
+      message,
+    })
+  }
+}