From 348c5cf75321deb3f7d63147d2437607e70203a2 Mon Sep 17 00:00:00 2001 From: Robert Date: Fri, 23 Jan 2026 10:02:14 +0000 Subject: [PATCH 01/17] WIP --- Makefile | 25 +++++++++++++++++-- pyproject.toml | 4 ++- specification/.proxygen/credentials-prod.yaml | 4 +++ specification/.proxygen/credentials-ptl.yaml | 4 +++ specification/.proxygen/settings-prod.yaml | 3 +++ specification/.proxygen/settings-ptl.yaml | 3 +++ 6 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 specification/.proxygen/credentials-prod.yaml create mode 100644 specification/.proxygen/credentials-ptl.yaml create mode 100644 specification/.proxygen/settings-prod.yaml create mode 100644 specification/.proxygen/settings-ptl.yaml diff --git a/Makefile b/Makefile index eb55436..307d31e 100644 --- a/Makefile +++ b/Makefile @@ -58,8 +58,29 @@ retrieve-proxygen-key: # Obtain the 'machine user' credentials from AWS SSM (Dev aws ssm get-parameter --name /proxygen/private_key_temp --with-decryption | jq ".Parameter.Value" --raw-output \ > ~/.proxygen/eligibility-signposting-api.pem -setup-proxygen-credentials: # Copy Proxygen templated credentials to where it expected them - cd specification && cp -r .proxygen ~ +# setup-proxygen-credentials: # Copy Proxygen templated credentials to where it expected them +# cd specification && cp -r .proxygen ~ +# +# setup-proxygen-credentials-ptl: # Copy Proxygen templated credentials to where it expected them +# cd specification && cp -r .proxygen/credentials-ptl.yaml ~/.proxygen/credentials.yaml && \ +# cp .proxygen/settings-ptl.yaml ~/.proxygen/settings.yaml +# proxygen credentials list +# +# setup-proxygen-credentials-prod: # Copy Proxygen templated credentials to where it expected them +# cd specification && cp -r .proxygen/credentials-prod.yaml ~/.proxygen/credentials.yaml && \ +# cp .proxygen/settings-ptl.yaml ~/.proxygen/settings.yaml +# proxygen credentials list + +setup-proxygen-credentials: + cd specification && \ + cp .proxygen/credentials-$(ENV).yaml ~/.proxygen/credentials.yaml && \ + cp .proxygen/settings-$(ENV).yaml ~/.proxygen/settings.yaml + +setup-proxygen-credentials-ptl: + $(MAKE) setup-proxygen-credentials ENV=ptl + +setup-proxygen-credentials-prod: + $(MAKE) setup-proxygen-credentials ENV=prod get-spec: # Get the most recent specification live in proxygen $(MAKE) setup-proxygen-credentials diff --git a/pyproject.toml b/pyproject.toml index 4227641..5ae3af2 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -10,7 +10,9 @@ requires-python = ">=3.11" repository = "https://github.com/NHSDigital/eligibility-signposting-api-specification" homepage = "https://digital.nhs.uk/developer/api-catalogue" keywords = ["healthcare", "uk", "nhs", "vaccination", "api"] #TODO add additional keywords -package_mode = false + +[tool.poetry] +package-mode = false [build-system] requires = ["poetry-core>=2.0.0,<3.0.0"] diff --git a/specification/.proxygen/credentials-prod.yaml b/specification/.proxygen/credentials-prod.yaml new file mode 100644 index 0000000..2fececb --- /dev/null +++ b/specification/.proxygen/credentials-prod.yaml @@ -0,0 +1,4 @@ +client_id: eligibility-signposting-api-prod-client +#private_key_path: eligibility-signposting-api-prod.pem +private_key_path: eligibility-signposting-api.pem +key_id: eligibility-signposting-api-prod diff --git a/specification/.proxygen/credentials-ptl.yaml b/specification/.proxygen/credentials-ptl.yaml new file mode 100644 index 0000000..d8038a3 --- /dev/null +++ b/specification/.proxygen/credentials-ptl.yaml @@ -0,0 +1,4 @@ +client_id: eligibility-signposting-api-ptl-client +#private_key_path: eligibility-signposting-api-ptl.pem +private_key_path: eligibility-signposting-api.pem +key_id: eligibility-signposting-api-ptl diff --git a/specification/.proxygen/settings-prod.yaml b/specification/.proxygen/settings-prod.yaml new file mode 100644 index 0000000..cf4436c --- /dev/null +++ b/specification/.proxygen/settings-prod.yaml @@ -0,0 +1,3 @@ +api: eligibility-signposting-api +endpoint_url: https://proxygen.prod.api.platform.nhs.uk +spec_output_format: yaml diff --git a/specification/.proxygen/settings-ptl.yaml b/specification/.proxygen/settings-ptl.yaml new file mode 100644 index 0000000..c9a0ac2 --- /dev/null +++ b/specification/.proxygen/settings-ptl.yaml @@ -0,0 +1,3 @@ +api: eligibility-signposting-api +endpoint_url: https://proxygen.ptl.api.platform.nhs.uk +spec_output_format: yaml From 7f3031b16cfb95bc9fd7b7e788d9130d90de442f Mon Sep 17 00:00:00 2001 From: Robert Date: Fri, 23 Jan 2026 10:59:08 +0000 Subject: [PATCH 02/17] WIP: Updates to make file --- Makefile | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/Makefile b/Makefile index 307d31e..8e997d8 100644 --- a/Makefile +++ b/Makefile @@ -58,18 +58,16 @@ retrieve-proxygen-key: # Obtain the 'machine user' credentials from AWS SSM (Dev aws ssm get-parameter --name /proxygen/private_key_temp --with-decryption | jq ".Parameter.Value" --raw-output \ > ~/.proxygen/eligibility-signposting-api.pem -# setup-proxygen-credentials: # Copy Proxygen templated credentials to where it expected them -# cd specification && cp -r .proxygen ~ -# -# setup-proxygen-credentials-ptl: # Copy Proxygen templated credentials to where it expected them -# cd specification && cp -r .proxygen/credentials-ptl.yaml ~/.proxygen/credentials.yaml && \ -# cp .proxygen/settings-ptl.yaml ~/.proxygen/settings.yaml -# proxygen credentials list -# -# setup-proxygen-credentials-prod: # Copy Proxygen templated credentials to where it expected them -# cd specification && cp -r .proxygen/credentials-prod.yaml ~/.proxygen/credentials.yaml && \ -# cp .proxygen/settings-ptl.yaml ~/.proxygen/settings.yaml -# proxygen credentials list +# retrieve-proxygen-key: # Obtain the 'machine user' credentials from AWS SSM (Development environment) +# mkdir -p ~/.proxygen && \ +# aws ssm get-parameter --name /proxygen/private_key_temp_$(ENV) --with-decryption | jq ".Parameter.Value" --raw-output \ +# > ~/.proxygen/eligibility-signposting-api-$(ENV).pem + +retrieve-proxygen-key-ptl: + $(MAKE) retrieve-proxygen-key ENV=ptl + +retrieve-proxygen-key-prod: + $(MAKE) retrieve-proxygen-key ENV=prod setup-proxygen-credentials: cd specification && \ @@ -83,27 +81,27 @@ setup-proxygen-credentials-prod: $(MAKE) setup-proxygen-credentials ENV=prod get-spec: # Get the most recent specification live in proxygen - $(MAKE) setup-proxygen-credentials + $(MAKE) setup-proxygen-credentials-prod proxygen spec get get-spec-uat: # Get the most recent specification live in proxygen - $(MAKE) setup-proxygen-credentials + $(MAKE) setup-proxygen-credentials-ptl proxygen spec get --uat publish-spec: # Publish the specification to proxygen - $(MAKE) setup-proxygen-credentials + $(MAKE) setup-proxygen-credentials-prod proxygen spec publish build/specification/prod/eligibility-signposting-api.yaml publish-spec-uat: # Publish the specification to proxygen - $(MAKE) setup-proxygen-credentials + $(MAKE) setup-proxygen-credentials-ptl proxygen spec publish build/specification/preprod/eligibility-signposting-api.yaml --uat delete-spec: # Delete the specification from proxygen - $(MAKE) setup-proxygen-credentials + $(MAKE) setup-proxygen-credentials-prod proxygen spec delete delete-spec-uat: # Delete the specification from proxygen - $(MAKE) setup-proxygen-credentials + $(MAKE) setup-proxygen-credentials-ptl proxygen spec delete --uat # Specification From cf5003f7257f64b47e09809cd7ece981d8f66a56 Mon Sep 17 00:00:00 2001 From: Rob Bailiff Date: Mon, 26 Jan 2026 16:36:04 +0000 Subject: [PATCH 03/17] WIP: Added AWS account check and updated make commands --- Makefile | 63 ++++++++++++++++++++---------------- scripts/check-aws-account.sh | 47 +++++++++++++++++++++++++++ 2 files changed, 83 insertions(+), 27 deletions(-) create mode 100755 scripts/check-aws-account.sh diff --git a/Makefile b/Makefile index 8e997d8..20c68f6 100644 --- a/Makefile +++ b/Makefile @@ -53,58 +53,67 @@ config:: # Configure development environment (main) @Configuration #### Proxygen #### ################## -retrieve-proxygen-key: # Obtain the 'machine user' credentials from AWS SSM (Development environment) - mkdir -p ~/.proxygen && \ - aws ssm get-parameter --name /proxygen/private_key_temp --with-decryption | jq ".Parameter.Value" --raw-output \ - > ~/.proxygen/eligibility-signposting-api.pem +# retrieve-proxygen-key: # Obtain the 'machine user' credentials from AWS SSM (Development environment) +# mkdir -p ~/.proxygen && \ +# aws ssm get-parameter --name /proxygen/private_key_temp --with-decryption | jq ".Parameter.Value" --raw-output \ +# > ~/.proxygen/eligibility-signposting-api.pem # retrieve-proxygen-key: # Obtain the 'machine user' credentials from AWS SSM (Development environment) # mkdir -p ~/.proxygen && \ # aws ssm get-parameter --name /proxygen/private_key_temp_$(ENV) --with-decryption | jq ".Parameter.Value" --raw-output \ # > ~/.proxygen/eligibility-signposting-api-$(ENV).pem - -retrieve-proxygen-key-ptl: - $(MAKE) retrieve-proxygen-key ENV=ptl - -retrieve-proxygen-key-prod: - $(MAKE) retrieve-proxygen-key ENV=prod - -setup-proxygen-credentials: - cd specification && \ +# +# retrieve-proxygen-key-ptl: +# $(MAKE) retrieve-proxygen-key ENV=ptl +# +# retrieve-proxygen-key-prod: +# $(MAKE) retrieve-proxygen-key ENV=prod + +# Verify current AWS account login and retrieve the proxygen key +# from AWS SSM for the specified environment +retrieve-proxygen-key: guard-ENV + @ ./scripts/check-aws-account.sh $(ENV) + mkdir -p ~/.proxygen + aws ssm get-parameter --name /proxygen/private_key_temp --with-decryption \ + | jq -r ".Parameter.Value" \ + > ~/.proxygen/eligibility-signposting-api-$(ENV).pem && \ + echo "Retrieved proxygen key for '$(ENV)' environment" + +# Copy proxygen credentials for the specified environment to `~/.proxygen/` +# This location required location for local proxygen usage +setup-proxygen-credentials: guard-ENV + @ cd specification && \ cp .proxygen/credentials-$(ENV).yaml ~/.proxygen/credentials.yaml && \ - cp .proxygen/settings-$(ENV).yaml ~/.proxygen/settings.yaml - -setup-proxygen-credentials-ptl: - $(MAKE) setup-proxygen-credentials ENV=ptl - -setup-proxygen-credentials-prod: - $(MAKE) setup-proxygen-credentials ENV=prod + cp .proxygen/settings-$(ENV).yaml ~/.proxygen/settings.yaml && \ + echo "Set up proxygen credentials for the '$(ENV)' environment" get-spec: # Get the most recent specification live in proxygen - $(MAKE) setup-proxygen-credentials-prod + $(MAKE) setup-proxygen-credentials ENV=prod proxygen spec get get-spec-uat: # Get the most recent specification live in proxygen - $(MAKE) setup-proxygen-credentials-ptl + $(MAKE) setup-proxygen-credentials ENV=ptl proxygen spec get --uat publish-spec: # Publish the specification to proxygen - $(MAKE) setup-proxygen-credentials-prod + $(MAKE) setup-proxygen-credentials ENV=prod proxygen spec publish build/specification/prod/eligibility-signposting-api.yaml publish-spec-uat: # Publish the specification to proxygen - $(MAKE) setup-proxygen-credentials-ptl + $(MAKE) setup-proxygen-credentials ENV=ptl proxygen spec publish build/specification/preprod/eligibility-signposting-api.yaml --uat delete-spec: # Delete the specification from proxygen - $(MAKE) setup-proxygen-credentials-prod + $(MAKE) setup-proxygen-credentials ENV=prod proxygen spec delete delete-spec-uat: # Delete the specification from proxygen - $(MAKE) setup-proxygen-credentials-ptl + $(MAKE) setup-proxygen-credentials ENV=ptl proxygen spec delete --uat -# Specification +##################### +### Specification ### +##################### guard-%: @ if [ "${${*}}" = "" ]; then \ diff --git a/scripts/check-aws-account.sh b/scripts/check-aws-account.sh new file mode 100755 index 0000000..6207c41 --- /dev/null +++ b/scripts/check-aws-account.sh @@ -0,0 +1,47 @@ + +#!/usr/bin/env bash +set -e + +APIM_ENV_NAME="$1" + +# Map APIM environment names to AWS account ID and environment name +case "$APIM_ENV_NAME" in + dev) + AWS_ENV_NAME="dev" + EXPECTED_ACCOUNT="448049830832" + ;; + ptl) + AWS_ENV_NAME="preprod" # Called 'preprod' in AWS and `ptl` in APIM + EXPECTED_ACCOUNT="203918864209" + ;; + prod) + AWS_ENV_NAME="prod" + EXPECTED_ACCOUNT="333333333333" + ;; + *) + echo "Unknown APIM environment: $APIM_ENV_NAME" + exit 1 + ;; +esac + +# Read the currently authenticated AWS account +CURRENT_ACCOUNT=$(aws sts get-caller-identity --query "Account" --output text) + +# Compare the current account with the expected account +if [ "$CURRENT_ACCOUNT" != "$EXPECTED_ACCOUNT" ]; then + echo "AWS account mismatch!" +# MSG="The 'ENV' arg '$APIM_ENV_NAME' for APIM maps to the AWS env '$AWS_ENV_NAME' and account $EXPECTED_ACCOUNT, but the current AWS account is $CURRENT_ACCOUNT." +# echo "$MSG" +# echo "The 'ENV' arg $APIM_ENV_NAME for APIM maps to the AWS env $AWS_ENV_NAME and account $EXPECTED_ACCOUNT, but the current AWS account is $CURRENT_ACCOUNT." +# echo "APIM environment : $APIM_ENV_NAME" +# echo "Expected AWS environment: $AWS_ENV_NAME" +# echo "Expected account: $EXPECTED_ACCOUNT" +# echo "Actual account : $CURRENT_ACCOUNT" +# echo "The APIM '$APIM_ENV_NAME' environment is mapped to the AWS '$AWS_ENV_NAME' environment and account $EXPECTED_ACCOUNT, but the current AWS account is $CURRENT_ACCOUNT." + echo "The expected mapping for the argument 'ENV=$APIM_ENV_NAME' is AWS '$AWS_ENV_NAME' account $EXPECTED_ACCOUNT, but the current AWS account is $CURRENT_ACCOUNT." + echo "Please switch to the correct AWS account and try again." + echo "Exiting script..." + exit 1 +fi + +echo "Active login to AWS '$AWS_ENV_NAME' account $CURRENT_ACCOUNT verified." From 693c6f5de8029d83ab823c229199fc16387c3630 Mon Sep 17 00:00:00 2001 From: Rob Bailiff Date: Tue, 27 Jan 2026 16:57:41 +0000 Subject: [PATCH 04/17] Tidying make file and aws script --- Makefile | 16 ---------------- scripts/check-aws-account.sh | 10 +--------- 2 files changed, 1 insertion(+), 25 deletions(-) diff --git a/Makefile b/Makefile index 20c68f6..e1fdaa8 100644 --- a/Makefile +++ b/Makefile @@ -53,22 +53,6 @@ config:: # Configure development environment (main) @Configuration #### Proxygen #### ################## -# retrieve-proxygen-key: # Obtain the 'machine user' credentials from AWS SSM (Development environment) -# mkdir -p ~/.proxygen && \ -# aws ssm get-parameter --name /proxygen/private_key_temp --with-decryption | jq ".Parameter.Value" --raw-output \ -# > ~/.proxygen/eligibility-signposting-api.pem - -# retrieve-proxygen-key: # Obtain the 'machine user' credentials from AWS SSM (Development environment) -# mkdir -p ~/.proxygen && \ -# aws ssm get-parameter --name /proxygen/private_key_temp_$(ENV) --with-decryption | jq ".Parameter.Value" --raw-output \ -# > ~/.proxygen/eligibility-signposting-api-$(ENV).pem -# -# retrieve-proxygen-key-ptl: -# $(MAKE) retrieve-proxygen-key ENV=ptl -# -# retrieve-proxygen-key-prod: -# $(MAKE) retrieve-proxygen-key ENV=prod - # Verify current AWS account login and retrieve the proxygen key # from AWS SSM for the specified environment retrieve-proxygen-key: guard-ENV diff --git a/scripts/check-aws-account.sh b/scripts/check-aws-account.sh index 6207c41..a289d62 100755 --- a/scripts/check-aws-account.sh +++ b/scripts/check-aws-account.sh @@ -16,7 +16,7 @@ case "$APIM_ENV_NAME" in ;; prod) AWS_ENV_NAME="prod" - EXPECTED_ACCOUNT="333333333333" + EXPECTED_ACCOUNT="476114145616" ;; *) echo "Unknown APIM environment: $APIM_ENV_NAME" @@ -30,14 +30,6 @@ CURRENT_ACCOUNT=$(aws sts get-caller-identity --query "Account" --output text) # Compare the current account with the expected account if [ "$CURRENT_ACCOUNT" != "$EXPECTED_ACCOUNT" ]; then echo "AWS account mismatch!" -# MSG="The 'ENV' arg '$APIM_ENV_NAME' for APIM maps to the AWS env '$AWS_ENV_NAME' and account $EXPECTED_ACCOUNT, but the current AWS account is $CURRENT_ACCOUNT." -# echo "$MSG" -# echo "The 'ENV' arg $APIM_ENV_NAME for APIM maps to the AWS env $AWS_ENV_NAME and account $EXPECTED_ACCOUNT, but the current AWS account is $CURRENT_ACCOUNT." -# echo "APIM environment : $APIM_ENV_NAME" -# echo "Expected AWS environment: $AWS_ENV_NAME" -# echo "Expected account: $EXPECTED_ACCOUNT" -# echo "Actual account : $CURRENT_ACCOUNT" -# echo "The APIM '$APIM_ENV_NAME' environment is mapped to the AWS '$AWS_ENV_NAME' environment and account $EXPECTED_ACCOUNT, but the current AWS account is $CURRENT_ACCOUNT." echo "The expected mapping for the argument 'ENV=$APIM_ENV_NAME' is AWS '$AWS_ENV_NAME' account $EXPECTED_ACCOUNT, but the current AWS account is $CURRENT_ACCOUNT." echo "Please switch to the correct AWS account and try again." echo "Exiting script..." From b554b3225a0d6dbc5759a9d30d6ffcefda1b06d1 Mon Sep 17 00:00:00 2001 From: Rob Bailiff Date: Wed, 28 Jan 2026 09:06:27 +0000 Subject: [PATCH 05/17] Updated publish spec workflow --- .github/workflows/publish-specification.yaml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-specification.yaml b/.github/workflows/publish-specification.yaml index 396df80..e4b975e 100644 --- a/.github/workflows/publish-specification.yaml +++ b/.github/workflows/publish-specification.yaml @@ -49,8 +49,15 @@ jobs: PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} run: | mkdir -p ~/.proxygen - echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem - make setup-proxygen-credentials + + if [ "${{ env.APIM_ENV }}" = "preprod" ]; then + ENV_PARAM="ptl" + else + ENV_PARAM="${{ env.APIM_ENV }}" + fi + + echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api-${ENV_PARAM}.pem + make setup-proxygen-credentials ENV=${ENV_PARAM} - name: Generate specification run: | @@ -60,7 +67,10 @@ jobs: run: | if [ "${{ env.APIM_ENV }}" = "preprod" ]; then proxygen spec publish build/specification/preprod/eligibility-signposting-api.yaml --uat --no-confirm - else + elif [ "${{ env.APIM_ENV }}" = "prod" ]; then proxygen spec publish build/specification/prod/eligibility-signposting-api.yaml --no-confirm + else + echo "Error: Environment '${{ env.APIM_ENV }}' is not supported for publishing. Only 'preprod' and 'prod' are allowed." + exit 1 fi From 2392c38f1317064dd85aba74702ddf439e4cc643 Mon Sep 17 00:00:00 2001 From: Rob Bailiff Date: Fri, 30 Jan 2026 09:58:54 +0000 Subject: [PATCH 06/17] Updates to publish spec github actions --- .github/workflows/publish-specification.yaml | 4 ++-- Makefile | 3 ++- specification/.proxygen/credentials-prod.yaml | 3 +-- specification/.proxygen/credentials-ptl.yaml | 3 +-- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/.github/workflows/publish-specification.yaml b/.github/workflows/publish-specification.yaml index e4b975e..3307152 100644 --- a/.github/workflows/publish-specification.yaml +++ b/.github/workflows/publish-specification.yaml @@ -45,15 +45,15 @@ jobs: pip install proxygen-cli - name: Set up Proxygen credentials - env: - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} run: | mkdir -p ~/.proxygen if [ "${{ env.APIM_ENV }}" = "preprod" ]; then ENV_PARAM="ptl" + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY_PTL }} else ENV_PARAM="${{ env.APIM_ENV }}" + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY_PROD }} fi echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api-${ENV_PARAM}.pem diff --git a/Makefile b/Makefile index e1fdaa8..ac76d7a 100644 --- a/Makefile +++ b/Makefile @@ -58,7 +58,8 @@ config:: # Configure development environment (main) @Configuration retrieve-proxygen-key: guard-ENV @ ./scripts/check-aws-account.sh $(ENV) mkdir -p ~/.proxygen - aws ssm get-parameter --name /proxygen/private_key_temp --with-decryption \ + @ AWS_ENV=$$([ "$(ENV)" = "ptl" ] && echo "preprod" || echo "$(ENV)"); \ + aws ssm get-parameter --name /$$AWS_ENV/proxygen/private_key --with-decryption \ | jq -r ".Parameter.Value" \ > ~/.proxygen/eligibility-signposting-api-$(ENV).pem && \ echo "Retrieved proxygen key for '$(ENV)' environment" diff --git a/specification/.proxygen/credentials-prod.yaml b/specification/.proxygen/credentials-prod.yaml index 2fececb..1a801d1 100644 --- a/specification/.proxygen/credentials-prod.yaml +++ b/specification/.proxygen/credentials-prod.yaml @@ -1,4 +1,3 @@ client_id: eligibility-signposting-api-prod-client -#private_key_path: eligibility-signposting-api-prod.pem -private_key_path: eligibility-signposting-api.pem +private_key_path: eligibility-signposting-api-prod.pem key_id: eligibility-signposting-api-prod diff --git a/specification/.proxygen/credentials-ptl.yaml b/specification/.proxygen/credentials-ptl.yaml index d8038a3..3fa90d7 100644 --- a/specification/.proxygen/credentials-ptl.yaml +++ b/specification/.proxygen/credentials-ptl.yaml @@ -1,4 +1,3 @@ client_id: eligibility-signposting-api-ptl-client -#private_key_path: eligibility-signposting-api-ptl.pem -private_key_path: eligibility-signposting-api.pem +private_key_path: eligibility-signposting-api-ptl.pem key_id: eligibility-signposting-api-ptl From 77e7916fc753ea9c10af3903c025b55ba88421fa Mon Sep 17 00:00:00 2001 From: Rob Bailiff Date: Fri, 30 Jan 2026 13:52:43 +0000 Subject: [PATCH 07/17] Updating kid for credentials --- specification/.proxygen/credentials-prod.yaml | 2 +- specification/.proxygen/credentials-ptl.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/specification/.proxygen/credentials-prod.yaml b/specification/.proxygen/credentials-prod.yaml index 1a801d1..7b2eeee 100644 --- a/specification/.proxygen/credentials-prod.yaml +++ b/specification/.proxygen/credentials-prod.yaml @@ -1,3 +1,3 @@ client_id: eligibility-signposting-api-prod-client private_key_path: eligibility-signposting-api-prod.pem -key_id: eligibility-signposting-api-prod +key_id: 2027-01-21-Prod-eligibility-signposting-api diff --git a/specification/.proxygen/credentials-ptl.yaml b/specification/.proxygen/credentials-ptl.yaml index 3fa90d7..38acee0 100644 --- a/specification/.proxygen/credentials-ptl.yaml +++ b/specification/.proxygen/credentials-ptl.yaml @@ -1,3 +1,3 @@ client_id: eligibility-signposting-api-ptl-client private_key_path: eligibility-signposting-api-ptl.pem -key_id: eligibility-signposting-api-ptl +key_id: 2027-01-21-PTL-eligibility-signposting-api From 38bc7ff645d45435ade184a2afe8cf3bb9faef61 Mon Sep 17 00:00:00 2001 From: Rob Bailiff Date: Mon, 2 Feb 2026 15:43:49 +0000 Subject: [PATCH 08/17] Alterations to proxygen set up and workflows --- .github/workflows/publish-specification.yaml | 15 +++------ .github/workflows/publish_sandbox.yaml | 4 +-- Makefile | 35 ++++++++++++++------ scripts/check-aws-account.sh | 25 +++----------- 4 files changed, 34 insertions(+), 45 deletions(-) diff --git a/.github/workflows/publish-specification.yaml b/.github/workflows/publish-specification.yaml index 3307152..32027e2 100644 --- a/.github/workflows/publish-specification.yaml +++ b/.github/workflows/publish-specification.yaml @@ -45,19 +45,12 @@ jobs: pip install proxygen-cli - name: Set up Proxygen credentials + env: + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY_PROD }} run: | mkdir -p ~/.proxygen - - if [ "${{ env.APIM_ENV }}" = "preprod" ]; then - ENV_PARAM="ptl" - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY_PTL }} - else - ENV_PARAM="${{ env.APIM_ENV }}" - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY_PROD }} - fi - - echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api-${ENV_PARAM}.pem - make setup-proxygen-credentials ENV=${ENV_PARAM} + echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem + make setup-proxygen-credentials ENV=prod - name: Generate specification run: | diff --git a/.github/workflows/publish_sandbox.yaml b/.github/workflows/publish_sandbox.yaml index eb92952..e25585a 100644 --- a/.github/workflows/publish_sandbox.yaml +++ b/.github/workflows/publish_sandbox.yaml @@ -40,11 +40,11 @@ jobs: - name: Set up Proxygen credentials env: - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY_PROD }} run: | mkdir -p ~/.proxygen echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem - make setup-proxygen-credentials + make setup-proxygen-credentials ENV=prod - name: Generate sandbox specification run: | diff --git a/Makefile b/Makefile index ac76d7a..069e711 100644 --- a/Makefile +++ b/Makefile @@ -53,16 +53,29 @@ config:: # Configure development environment (main) @Configuration #### Proxygen #### ################## +# Proxygen key only exists in our 'dev' AWS Parameter Store +PROXYGEN_ENV ?= dev + +# Specs are published in the APIM 'prod' environment +APIM_ENV ?= prod + +# retrieve-proxygen-key: # Obtain the 'machine user' credentials from AWS SSM (Development environment) +# mkdir -p ~/.proxygen && \ +# aws ssm get-parameter --name /proxygen/private_key_temp --with-decryption | jq ".Parameter.Value" --raw-output \ +# > ~/.proxygen/eligibility-signposting-api.pem +# +# setup-proxygen-credentials: # Copy Proxygen templated credentials to where it expected them +# cd specification && cp -r .proxygen ~ + # Verify current AWS account login and retrieve the proxygen key -# from AWS SSM for the specified environment -retrieve-proxygen-key: guard-ENV - @ ./scripts/check-aws-account.sh $(ENV) +# from AWS SSM Parameter Store +retrieve-proxygen-key: + @ ./scripts/check-aws-account.sh $(PROXYGEN_ENV) mkdir -p ~/.proxygen - @ AWS_ENV=$$([ "$(ENV)" = "ptl" ] && echo "preprod" || echo "$(ENV)"); \ - aws ssm get-parameter --name /$$AWS_ENV/proxygen/private_key --with-decryption \ + aws ssm get-parameter --name /$$PROXYGEN_ENV/proxygen/private_key --with-decryption \ | jq -r ".Parameter.Value" \ - > ~/.proxygen/eligibility-signposting-api-$(ENV).pem && \ - echo "Retrieved proxygen key for '$(ENV)' environment" + > ~/.proxygen/eligibility-signposting-api-$(APIM_ENV).pem && \ + echo "Retrieved proxygen key for APIM '$(APIM_ENV)' environment" # Copy proxygen credentials for the specified environment to `~/.proxygen/` # This location required location for local proxygen usage @@ -70,14 +83,14 @@ setup-proxygen-credentials: guard-ENV @ cd specification && \ cp .proxygen/credentials-$(ENV).yaml ~/.proxygen/credentials.yaml && \ cp .proxygen/settings-$(ENV).yaml ~/.proxygen/settings.yaml && \ - echo "Set up proxygen credentials for the '$(ENV)' environment" + echo "Set up proxygen credentials for the APIM '$(ENV)' environment" get-spec: # Get the most recent specification live in proxygen $(MAKE) setup-proxygen-credentials ENV=prod proxygen spec get get-spec-uat: # Get the most recent specification live in proxygen - $(MAKE) setup-proxygen-credentials ENV=ptl + $(MAKE) setup-proxygen-credentials ENV=prod proxygen spec get --uat publish-spec: # Publish the specification to proxygen @@ -85,7 +98,7 @@ publish-spec: # Publish the specification to proxygen proxygen spec publish build/specification/prod/eligibility-signposting-api.yaml publish-spec-uat: # Publish the specification to proxygen - $(MAKE) setup-proxygen-credentials ENV=ptl + $(MAKE) setup-proxygen-credentials ENV=prod proxygen spec publish build/specification/preprod/eligibility-signposting-api.yaml --uat delete-spec: # Delete the specification from proxygen @@ -93,7 +106,7 @@ delete-spec: # Delete the specification from proxygen proxygen spec delete delete-spec-uat: # Delete the specification from proxygen - $(MAKE) setup-proxygen-credentials ENV=ptl + $(MAKE) setup-proxygen-credentials ENV=prod proxygen spec delete --uat ##################### diff --git a/scripts/check-aws-account.sh b/scripts/check-aws-account.sh index a289d62..bd6a041 100755 --- a/scripts/check-aws-account.sh +++ b/scripts/check-aws-account.sh @@ -4,25 +4,8 @@ set -e APIM_ENV_NAME="$1" -# Map APIM environment names to AWS account ID and environment name -case "$APIM_ENV_NAME" in - dev) - AWS_ENV_NAME="dev" - EXPECTED_ACCOUNT="448049830832" - ;; - ptl) - AWS_ENV_NAME="preprod" # Called 'preprod' in AWS and `ptl` in APIM - EXPECTED_ACCOUNT="203918864209" - ;; - prod) - AWS_ENV_NAME="prod" - EXPECTED_ACCOUNT="476114145616" - ;; - *) - echo "Unknown APIM environment: $APIM_ENV_NAME" - exit 1 - ;; -esac +# Expected AWS account for dev environment +EXPECTED_ACCOUNT="448049830832" # Read the currently authenticated AWS account CURRENT_ACCOUNT=$(aws sts get-caller-identity --query "Account" --output text) @@ -30,10 +13,10 @@ CURRENT_ACCOUNT=$(aws sts get-caller-identity --query "Account" --output text) # Compare the current account with the expected account if [ "$CURRENT_ACCOUNT" != "$EXPECTED_ACCOUNT" ]; then echo "AWS account mismatch!" - echo "The expected mapping for the argument 'ENV=$APIM_ENV_NAME' is AWS '$AWS_ENV_NAME' account $EXPECTED_ACCOUNT, but the current AWS account is $CURRENT_ACCOUNT." + echo "The expected login is AWS '$APIM_ENV_NAME' account $EXPECTED_ACCOUNT, but the current logged in AWS account is $CURRENT_ACCOUNT." echo "Please switch to the correct AWS account and try again." echo "Exiting script..." exit 1 fi -echo "Active login to AWS '$AWS_ENV_NAME' account $CURRENT_ACCOUNT verified." +echo "Active login to AWS '$APIM_ENV_NAME' account $CURRENT_ACCOUNT verified." From 4f736c0a9bb7c0c09ce59a08c5fb9594f5753f25 Mon Sep 17 00:00:00 2001 From: Rob Bailiff Date: Mon, 2 Feb 2026 15:48:00 +0000 Subject: [PATCH 09/17] Removing unneeded code --- .github/workflows/publish-specification.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/publish-specification.yaml b/.github/workflows/publish-specification.yaml index 32027e2..9064b7c 100644 --- a/.github/workflows/publish-specification.yaml +++ b/.github/workflows/publish-specification.yaml @@ -60,10 +60,7 @@ jobs: run: | if [ "${{ env.APIM_ENV }}" = "preprod" ]; then proxygen spec publish build/specification/preprod/eligibility-signposting-api.yaml --uat --no-confirm - elif [ "${{ env.APIM_ENV }}" = "prod" ]; then - proxygen spec publish build/specification/prod/eligibility-signposting-api.yaml --no-confirm else - echo "Error: Environment '${{ env.APIM_ENV }}' is not supported for publishing. Only 'preprod' and 'prod' are allowed." - exit 1 + proxygen spec publish build/specification/prod/eligibility-signposting-api.yaml --no-confirm fi From b261cd3bb7b58bcaa1a971ecbe2a0f021586bb4c Mon Sep 17 00:00:00 2001 From: Rob Bailiff Date: Tue, 3 Feb 2026 09:55:13 +0000 Subject: [PATCH 10/17] Corrected client id --- specification/.proxygen/credentials-prod.yaml | 2 +- specification/.proxygen/credentials-ptl.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/specification/.proxygen/credentials-prod.yaml b/specification/.proxygen/credentials-prod.yaml index 7b2eeee..fee868a 100644 --- a/specification/.proxygen/credentials-prod.yaml +++ b/specification/.proxygen/credentials-prod.yaml @@ -1,3 +1,3 @@ -client_id: eligibility-signposting-api-prod-client +client_id: eligibility-signposting-api-client private_key_path: eligibility-signposting-api-prod.pem key_id: 2027-01-21-Prod-eligibility-signposting-api diff --git a/specification/.proxygen/credentials-ptl.yaml b/specification/.proxygen/credentials-ptl.yaml index 38acee0..4850777f 100644 --- a/specification/.proxygen/credentials-ptl.yaml +++ b/specification/.proxygen/credentials-ptl.yaml @@ -1,3 +1,3 @@ -client_id: eligibility-signposting-api-ptl-client +client_id: eligibility-signposting-api-client private_key_path: eligibility-signposting-api-ptl.pem key_id: 2027-01-21-PTL-eligibility-signposting-api From 15e9a19ce78213edb468666c555fa140d26e5ddf Mon Sep 17 00:00:00 2001 From: Rob Bailiff Date: Tue, 3 Feb 2026 10:05:58 +0000 Subject: [PATCH 11/17] Tidying up make file --- Makefile | 8 -------- 1 file changed, 8 deletions(-) diff --git a/Makefile b/Makefile index 069e711..da85041 100644 --- a/Makefile +++ b/Makefile @@ -59,14 +59,6 @@ PROXYGEN_ENV ?= dev # Specs are published in the APIM 'prod' environment APIM_ENV ?= prod -# retrieve-proxygen-key: # Obtain the 'machine user' credentials from AWS SSM (Development environment) -# mkdir -p ~/.proxygen && \ -# aws ssm get-parameter --name /proxygen/private_key_temp --with-decryption | jq ".Parameter.Value" --raw-output \ -# > ~/.proxygen/eligibility-signposting-api.pem -# -# setup-proxygen-credentials: # Copy Proxygen templated credentials to where it expected them -# cd specification && cp -r .proxygen ~ - # Verify current AWS account login and retrieve the proxygen key # from AWS SSM Parameter Store retrieve-proxygen-key: From 1891c679276409f49ffda9368b616cd3dc5f81c6 Mon Sep 17 00:00:00 2001 From: TOEL2 Date: Tue, 3 Feb 2026 10:49:11 +0000 Subject: [PATCH 12/17] pointing at new secret paths --- .github/workflows/dev_sandbox_publish_deploy.yaml | 4 ++-- .github/workflows/preprod_publish_deploy.yaml | 2 +- .github/workflows/prod_publish_deploy.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dev_sandbox_publish_deploy.yaml b/.github/workflows/dev_sandbox_publish_deploy.yaml index ea39ac5..41fa6b3 100644 --- a/.github/workflows/dev_sandbox_publish_deploy.yaml +++ b/.github/workflows/dev_sandbox_publish_deploy.yaml @@ -54,7 +54,7 @@ jobs: - name: Set up Proxygen credentials env: - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY_PTL }} run: | mkdir -p ~/.proxygen echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem @@ -98,7 +98,7 @@ jobs: - name: Set up Proxygen credentials env: - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY_PROD }} run: | mkdir -p ~/.proxygen echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem diff --git a/.github/workflows/preprod_publish_deploy.yaml b/.github/workflows/preprod_publish_deploy.yaml index d0215ed..dced537 100644 --- a/.github/workflows/preprod_publish_deploy.yaml +++ b/.github/workflows/preprod_publish_deploy.yaml @@ -46,7 +46,7 @@ jobs: pip install proxygen-cli - name: Set up Proxygen credentials env: - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY_PROD }} run: | mkdir -p ~/.proxygen echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem diff --git a/.github/workflows/prod_publish_deploy.yaml b/.github/workflows/prod_publish_deploy.yaml index be46b65..b3bd513 100644 --- a/.github/workflows/prod_publish_deploy.yaml +++ b/.github/workflows/prod_publish_deploy.yaml @@ -45,7 +45,7 @@ jobs: pip install proxygen-cli - name: Set up Proxygen credentials env: - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY_PROD }} run: | mkdir -p ~/.proxygen echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem From 52dc08fa672100eeb619ef8f8111d281c23c1064 Mon Sep 17 00:00:00 2001 From: TOEL2 Date: Tue, 3 Feb 2026 11:46:48 +0000 Subject: [PATCH 13/17] [ELI-604] adding new env flag --- .github/workflows/preprod_publish_deploy.yaml | 2 +- .github/workflows/prod_publish_deploy.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/preprod_publish_deploy.yaml b/.github/workflows/preprod_publish_deploy.yaml index dced537..198c175 100644 --- a/.github/workflows/preprod_publish_deploy.yaml +++ b/.github/workflows/preprod_publish_deploy.yaml @@ -50,7 +50,7 @@ jobs: run: | mkdir -p ~/.proxygen echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem - make setup-proxygen-credentials + make setup-proxygen-credentials ENV=prod - name: Generate specification run: | make construct-spec APIM_ENV=preprod diff --git a/.github/workflows/prod_publish_deploy.yaml b/.github/workflows/prod_publish_deploy.yaml index b3bd513..ece2b52 100644 --- a/.github/workflows/prod_publish_deploy.yaml +++ b/.github/workflows/prod_publish_deploy.yaml @@ -49,7 +49,7 @@ jobs: run: | mkdir -p ~/.proxygen echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem - make setup-proxygen-credentials + make setup-proxygen-credentials ENV=prod - name: Generate specification run: | make construct-spec APIM_ENV=prod From 59dbee452510e0b5ae22febd081dc1a0c7ec1862 Mon Sep 17 00:00:00 2001 From: TOEL2 Date: Tue, 3 Feb 2026 11:50:27 +0000 Subject: [PATCH 14/17] [ELI-604] adding further env flags --- .github/workflows/dev_sandbox_publish_deploy.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dev_sandbox_publish_deploy.yaml b/.github/workflows/dev_sandbox_publish_deploy.yaml index 41fa6b3..c80dd05 100644 --- a/.github/workflows/dev_sandbox_publish_deploy.yaml +++ b/.github/workflows/dev_sandbox_publish_deploy.yaml @@ -58,7 +58,7 @@ jobs: run: | mkdir -p ~/.proxygen echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem - make setup-proxygen-credentials + make setup-proxygen-credentials ENV=ptl - name: Generate specification run: | make construct-spec APIM_ENV=internal-dev @@ -102,7 +102,7 @@ jobs: run: | mkdir -p ~/.proxygen echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem - make setup-proxygen-credentials + make setup-proxygen-credentials ENV=prod - name: Generate specification run: | make construct-spec APIM_ENV=sandbox From 208e1fa022c656866f62682a8b1a5849fd002d20 Mon Sep 17 00:00:00 2001 From: Rob Bailiff Date: Tue, 3 Feb 2026 12:23:08 +0000 Subject: [PATCH 15/17] Updates and improvements --- Makefile | 16 +++++----------- scripts/check-aws-account.sh | 9 ++++----- specification/.proxygen/credentials-prod.yaml | 2 ++ specification/.proxygen/credentials-ptl.yaml | 1 + 4 files changed, 12 insertions(+), 16 deletions(-) diff --git a/Makefile b/Makefile index fa3eb81..4444ced 100644 --- a/Makefile +++ b/Makefile @@ -53,21 +53,15 @@ config:: # Configure development environment (main) @Configuration #### Proxygen #### ################## -# Proxygen key only exists in our 'dev' AWS Parameter Store -PROXYGEN_ENV ?= dev - -# Specs are published in the APIM 'prod' environment -APIM_ENV ?= prod - # Verify current AWS account login and retrieve the proxygen key # from AWS SSM Parameter Store -retrieve-proxygen-key: - @ ./scripts/check-aws-account.sh $(PROXYGEN_ENV) +retrieve-proxygen-key: guard-ENV + @ ./scripts/check-aws-account.sh mkdir -p ~/.proxygen - aws ssm get-parameter --name /$$PROXYGEN_ENV/proxygen/private_key --with-decryption \ + aws ssm get-parameter --name /$$ENV/proxygen/private_key --with-decryption \ | jq -r ".Parameter.Value" \ - > ~/.proxygen/eligibility-signposting-api-$(APIM_ENV).pem && \ - echo "Retrieved proxygen key for APIM '$(APIM_ENV)' environment" + > ~/.proxygen/eligibility-signposting-api-$(ENV).pem && \ + echo "Retrieved proxygen key for APIM '$(ENV)' environment" # Copy proxygen credentials for the specified environment to `~/.proxygen/` # This location required location for local proxygen usage diff --git a/scripts/check-aws-account.sh b/scripts/check-aws-account.sh index bd6a041..410a386 100755 --- a/scripts/check-aws-account.sh +++ b/scripts/check-aws-account.sh @@ -2,9 +2,8 @@ #!/usr/bin/env bash set -e -APIM_ENV_NAME="$1" - -# Expected AWS account for dev environment +# Expected AWS account details for dev environment +EXPECTED_ENV_NAME="dev" EXPECTED_ACCOUNT="448049830832" # Read the currently authenticated AWS account @@ -13,10 +12,10 @@ CURRENT_ACCOUNT=$(aws sts get-caller-identity --query "Account" --output text) # Compare the current account with the expected account if [ "$CURRENT_ACCOUNT" != "$EXPECTED_ACCOUNT" ]; then echo "AWS account mismatch!" - echo "The expected login is AWS '$APIM_ENV_NAME' account $EXPECTED_ACCOUNT, but the current logged in AWS account is $CURRENT_ACCOUNT." + echo "The expected login is AWS '$EXPECTED_ENV_NAME' account $EXPECTED_ACCOUNT, but the current logged in AWS account is $CURRENT_ACCOUNT." echo "Please switch to the correct AWS account and try again." echo "Exiting script..." exit 1 fi -echo "Active login to AWS '$APIM_ENV_NAME' account $CURRENT_ACCOUNT verified." +echo "Active login to AWS '$EXPECTED_ENV_NAME' account $CURRENT_ACCOUNT verified." diff --git a/specification/.proxygen/credentials-prod.yaml b/specification/.proxygen/credentials-prod.yaml index fee868a..a108dad 100644 --- a/specification/.proxygen/credentials-prod.yaml +++ b/specification/.proxygen/credentials-prod.yaml @@ -1,3 +1,5 @@ client_id: eligibility-signposting-api-client private_key_path: eligibility-signposting-api-prod.pem key_id: 2027-01-21-Prod-eligibility-signposting-api +base_url: https://identity.prod.api.platform.nhs.uk/realms/api-producers + diff --git a/specification/.proxygen/credentials-ptl.yaml b/specification/.proxygen/credentials-ptl.yaml index 4850777f..5bd54a3 100644 --- a/specification/.proxygen/credentials-ptl.yaml +++ b/specification/.proxygen/credentials-ptl.yaml @@ -1,3 +1,4 @@ client_id: eligibility-signposting-api-client private_key_path: eligibility-signposting-api-ptl.pem key_id: 2027-01-21-PTL-eligibility-signposting-api +base_url: https://identity.ptl.api.platform.nhs.uk/realms/api-producers From 0d0c8bf911f895600c55a5babc1678a46bc53774 Mon Sep 17 00:00:00 2001 From: TOEL2 Date: Tue, 3 Feb 2026 15:52:30 +0000 Subject: [PATCH 16/17] [ELI-604] skipping broken internal dev job for now --- .github/workflows/dev_sandbox_publish_deploy.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dev_sandbox_publish_deploy.yaml b/.github/workflows/dev_sandbox_publish_deploy.yaml index c80dd05..e07d8ba 100644 --- a/.github/workflows/dev_sandbox_publish_deploy.yaml +++ b/.github/workflows/dev_sandbox_publish_deploy.yaml @@ -3,7 +3,7 @@ name: Deploy to Dev and Sandbox on: push: branches: - - main + - feature/rgjb-eli-604-rotate_proxygen_key_in_ptl_and_prod jobs: metadata: @@ -27,6 +27,7 @@ jobs: name: "Publish spec & deploy to dev" needs: metadata runs-on: ubuntu-latest + if: false # Temporarily skip this job steps: - name: Checkout repository uses: actions/checkout@v6 From fcc375987a82dd491453f9c41f6b8d9e00220e62 Mon Sep 17 00:00:00 2001 From: TOEL2 Date: Tue, 3 Feb 2026 15:54:49 +0000 Subject: [PATCH 17/17] [ELI-604] revert --- .github/workflows/dev_sandbox_publish_deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dev_sandbox_publish_deploy.yaml b/.github/workflows/dev_sandbox_publish_deploy.yaml index e07d8ba..dee772d 100644 --- a/.github/workflows/dev_sandbox_publish_deploy.yaml +++ b/.github/workflows/dev_sandbox_publish_deploy.yaml @@ -3,7 +3,7 @@ name: Deploy to Dev and Sandbox on: push: branches: - - feature/rgjb-eli-604-rotate_proxygen_key_in_ptl_and_prod + - main jobs: metadata: