From 6a6d501ceb661d698660f19cfd75c995d2cfb14d Mon Sep 17 00:00:00 2001 From: Rob Bailiff Date: Fri, 6 Feb 2026 11:08:51 +0000 Subject: [PATCH 1/3] Reverting PTL changes in workflows and make commands --- .../workflows/dev_sandbox_publish_deploy.yaml | 91 +++++++++---------- .github/workflows/preprod_publish_deploy.yaml | 2 +- .github/workflows/prod_publish_deploy.yaml | 2 +- .github/workflows/publish-specification.yaml | 2 +- .github/workflows/publish_sandbox.yaml | 2 +- Makefile | 21 ++--- sandbox/Makefile | 4 +- specification/.proxygen/credentials-prod.yaml | 5 - specification/.proxygen/credentials-ptl.yaml | 4 - specification/.proxygen/credentials.yaml | 2 +- specification/.proxygen/settings-prod.yaml | 3 - specification/.proxygen/settings-ptl.yaml | 3 - 12 files changed, 61 insertions(+), 80 deletions(-) delete mode 100644 specification/.proxygen/credentials-prod.yaml delete mode 100644 specification/.proxygen/credentials-ptl.yaml delete mode 100644 specification/.proxygen/settings-prod.yaml delete mode 100644 specification/.proxygen/settings-ptl.yaml diff --git a/.github/workflows/dev_sandbox_publish_deploy.yaml b/.github/workflows/dev_sandbox_publish_deploy.yaml index 4b5edc0..46c9c8a 100644 --- a/.github/workflows/dev_sandbox_publish_deploy.yaml +++ b/.github/workflows/dev_sandbox_publish_deploy.yaml @@ -23,50 +23,49 @@ jobs: echo "Deploying to: DEV & Sandbox" echo "VERSION=${{ steps.variables.outputs.version }}" - # internal-dev: - # name: "Publish spec & deploy to dev" - # needs: metadata - # runs-on: ubuntu-latest - # if: false # Skip this job - # steps: - # - name: Checkout repository - # uses: actions/checkout@v6 - # - # - name: Set up Python 3.11 - # uses: actions/setup-python@v6 - # with: - # python-version: '3.11' - # - # - name: Set up Node.js - # uses: actions/setup-node@v6 - # with: - # node-version: '20' - # - # - name: Install Poetry - # run: curl -sSL https://install.python-poetry.org | python3 - - # - # - name: Install Python and Node dependencies - # run: | - # make install - # - # - name: Install proxygen-cli - # run: | - # pip install proxygen-cli - # - # - name: Set up Proxygen credentials - # env: - # PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY_PTL }} - # run: | - # mkdir -p ~/.proxygen - # echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem - # make setup-proxygen-credentials ENV=ptl - # - name: Generate specification - # run: | - # make construct-spec APIM_ENV=internal-dev - # - # - name: Deploy internal-dev spec to Proxygen - # run: | - # proxygen instance deploy internal-dev eligibility-signposting-api build/specification/internal-dev/eligibility-signposting-api.yaml --no-confirm + internal-dev: + name: "Publish spec & deploy to dev" + needs: metadata + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v6 + + - name: Set up Python 3.11 + uses: actions/setup-python@v6 + with: + python-version: '3.11' + + - name: Set up Node.js + uses: actions/setup-node@v6 + with: + node-version: '20' + + - name: Install Poetry + run: curl -sSL https://install.python-poetry.org | python3 - + + - name: Install Python and Node dependencies + run: | + make install + + - name: Install proxygen-cli + run: | + pip install proxygen-cli + + - name: Set up Proxygen credentials + env: + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY_PROD }} + run: | + mkdir -p ~/.proxygen + echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem + make setup-proxygen-credentials + - name: Generate specification + run: | + make construct-spec APIM_ENV=internal-dev + + - name: Deploy internal-dev spec to Proxygen + run: | + proxygen instance deploy internal-dev eligibility-signposting-api build/specification/internal-dev/eligibility-signposting-api.yaml --no-confirm sandbox: name: "Publish spec & deploy to sandbox" @@ -102,8 +101,8 @@ jobs: PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY_PROD }} run: | mkdir -p ~/.proxygen - echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api-prod.pem - make setup-proxygen-credentials ENV=prod + echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem + make setup-proxygen-credentials - name: Generate specification run: | diff --git a/.github/workflows/preprod_publish_deploy.yaml b/.github/workflows/preprod_publish_deploy.yaml index 198c175..dced537 100644 --- a/.github/workflows/preprod_publish_deploy.yaml +++ b/.github/workflows/preprod_publish_deploy.yaml @@ -50,7 +50,7 @@ jobs: run: | mkdir -p ~/.proxygen echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem - make setup-proxygen-credentials ENV=prod + make setup-proxygen-credentials - name: Generate specification run: | make construct-spec APIM_ENV=preprod diff --git a/.github/workflows/prod_publish_deploy.yaml b/.github/workflows/prod_publish_deploy.yaml index ece2b52..b3bd513 100644 --- a/.github/workflows/prod_publish_deploy.yaml +++ b/.github/workflows/prod_publish_deploy.yaml @@ -49,7 +49,7 @@ jobs: run: | mkdir -p ~/.proxygen echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem - make setup-proxygen-credentials ENV=prod + make setup-proxygen-credentials - name: Generate specification run: | make construct-spec APIM_ENV=prod diff --git a/.github/workflows/publish-specification.yaml b/.github/workflows/publish-specification.yaml index bf6b599..7357fdb 100644 --- a/.github/workflows/publish-specification.yaml +++ b/.github/workflows/publish-specification.yaml @@ -50,7 +50,7 @@ jobs: run: | mkdir -p ~/.proxygen echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem - make setup-proxygen-credentials ENV=prod + make setup-proxygen-credentials - name: Generate specification run: | diff --git a/.github/workflows/publish_sandbox.yaml b/.github/workflows/publish_sandbox.yaml index 93245b3..78a7936 100644 --- a/.github/workflows/publish_sandbox.yaml +++ b/.github/workflows/publish_sandbox.yaml @@ -41,7 +41,7 @@ jobs: run: | mkdir -p ~/.proxygen echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem - make setup-proxygen-credentials ENV=prod + make setup-proxygen-credentials - name: Generate sandbox specification run: | diff --git a/Makefile b/Makefile index 4444ced..b9041a1 100644 --- a/Makefile +++ b/Makefile @@ -60,39 +60,36 @@ retrieve-proxygen-key: guard-ENV mkdir -p ~/.proxygen aws ssm get-parameter --name /$$ENV/proxygen/private_key --with-decryption \ | jq -r ".Parameter.Value" \ - > ~/.proxygen/eligibility-signposting-api-$(ENV).pem && \ + > ~/.proxygen/eligibility-signposting-api.pem && \ echo "Retrieved proxygen key for APIM '$(ENV)' environment" # Copy proxygen credentials for the specified environment to `~/.proxygen/` # This location required location for local proxygen usage -setup-proxygen-credentials: guard-ENV - @ cd specification && \ - cp .proxygen/credentials-$(ENV).yaml ~/.proxygen/credentials.yaml && \ - cp .proxygen/settings-$(ENV).yaml ~/.proxygen/settings.yaml && \ - echo "Set up proxygen credentials for the APIM '$(ENV)' environment" +setup-proxygen-credentials: + @ cd specification && cp -r .proxygen ~ get-spec: # Get the most recent specification live in proxygen - $(MAKE) setup-proxygen-credentials ENV=prod + $(MAKE) setup-proxygen-credentials proxygen spec get get-spec-uat: # Get the most recent specification live in proxygen - $(MAKE) setup-proxygen-credentials ENV=prod + $(MAKE) setup-proxygen-credentials proxygen spec get --uat publish-spec: # Publish the specification to proxygen - $(MAKE) setup-proxygen-credentials ENV=prod + $(MAKE) setup-proxygen-credentials proxygen spec publish build/specification/prod/eligibility-signposting-api.yaml publish-spec-uat: # Publish the specification to proxygen - $(MAKE) setup-proxygen-credentials ENV=prod + $(MAKE) setup-proxygen-credentials proxygen spec publish build/specification/preprod/eligibility-signposting-api.yaml --uat delete-spec: # Delete the specification from proxygen - $(MAKE) setup-proxygen-credentials ENV=prod + $(MAKE) setup-proxygen-credentials proxygen spec delete delete-spec-uat: # Delete the specification from proxygen - $(MAKE) setup-proxygen-credentials ENV=prod + $(MAKE) setup-proxygen-credentials proxygen spec delete --uat ##################### diff --git a/sandbox/Makefile b/sandbox/Makefile index bd6facc..b907131 100644 --- a/sandbox/Makefile +++ b/sandbox/Makefile @@ -1,5 +1,5 @@ SHELL := /bin/bash -ENV ?= prod + dirname := $(notdir $(patsubst %/,%,$(CURDIR))) project_name = eligibility-signposting-api @@ -23,7 +23,7 @@ build-and-tag: make tag-service-image proxygen-docker-login: # Login to Proxygen Docker registry - make -C .. setup-proxygen-credentials ENV=$(ENV) + make -C .. setup-proxygen-credentials proxygen docker get-login | bash publish-to-docker-repo: diff --git a/specification/.proxygen/credentials-prod.yaml b/specification/.proxygen/credentials-prod.yaml deleted file mode 100644 index a108dad..0000000 --- a/specification/.proxygen/credentials-prod.yaml +++ /dev/null @@ -1,5 +0,0 @@ -client_id: eligibility-signposting-api-client -private_key_path: eligibility-signposting-api-prod.pem -key_id: 2027-01-21-Prod-eligibility-signposting-api -base_url: https://identity.prod.api.platform.nhs.uk/realms/api-producers - diff --git a/specification/.proxygen/credentials-ptl.yaml b/specification/.proxygen/credentials-ptl.yaml deleted file mode 100644 index 5bd54a3..0000000 --- a/specification/.proxygen/credentials-ptl.yaml +++ /dev/null @@ -1,4 +0,0 @@ -client_id: eligibility-signposting-api-client -private_key_path: eligibility-signposting-api-ptl.pem -key_id: 2027-01-21-PTL-eligibility-signposting-api -base_url: https://identity.ptl.api.platform.nhs.uk/realms/api-producers diff --git a/specification/.proxygen/credentials.yaml b/specification/.proxygen/credentials.yaml index 5c6f483..7eaa76d 100644 --- a/specification/.proxygen/credentials.yaml +++ b/specification/.proxygen/credentials.yaml @@ -1,3 +1,3 @@ client_id: eligibility-signposting-api-client private_key_path: eligibility-signposting-api.pem -key_id: eligibility-signposting-api +key_id: 2027-01-21-Prod-eligibility-signposting-api diff --git a/specification/.proxygen/settings-prod.yaml b/specification/.proxygen/settings-prod.yaml deleted file mode 100644 index cf4436c..0000000 --- a/specification/.proxygen/settings-prod.yaml +++ /dev/null @@ -1,3 +0,0 @@ -api: eligibility-signposting-api -endpoint_url: https://proxygen.prod.api.platform.nhs.uk -spec_output_format: yaml diff --git a/specification/.proxygen/settings-ptl.yaml b/specification/.proxygen/settings-ptl.yaml deleted file mode 100644 index c9a0ac2..0000000 --- a/specification/.proxygen/settings-ptl.yaml +++ /dev/null @@ -1,3 +0,0 @@ -api: eligibility-signposting-api -endpoint_url: https://proxygen.ptl.api.platform.nhs.uk -spec_output_format: yaml From 1d0dc386da688645732dcc1e6175f4340e96ccff Mon Sep 17 00:00:00 2001 From: Rob Bailiff Date: Mon, 9 Feb 2026 09:33:28 +0000 Subject: [PATCH 2/3] Simplified param store make command --- Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index b9041a1..e0a486a 100644 --- a/Makefile +++ b/Makefile @@ -55,13 +55,13 @@ config:: # Configure development environment (main) @Configuration # Verify current AWS account login and retrieve the proxygen key # from AWS SSM Parameter Store -retrieve-proxygen-key: guard-ENV +retrieve-proxygen-key: @ ./scripts/check-aws-account.sh mkdir -p ~/.proxygen - aws ssm get-parameter --name /$$ENV/proxygen/private_key --with-decryption \ + aws ssm get-parameter --name /prod/proxygen/private_key --with-decryption \ | jq -r ".Parameter.Value" \ > ~/.proxygen/eligibility-signposting-api.pem && \ - echo "Retrieved proxygen key for APIM '$(ENV)' environment" + echo "Retrieved proxygen key for APIM 'Prod' environment" # Copy proxygen credentials for the specified environment to `~/.proxygen/` # This location required location for local proxygen usage From 8d3f5f2da84963e5ccf42b7b8763b3f287e89e31 Mon Sep 17 00:00:00 2001 From: Rob Bailiff Date: Mon, 9 Feb 2026 09:39:32 +0000 Subject: [PATCH 3/3] Correct yaml formatting --- .../workflows/dev_sandbox_publish_deploy.yaml | 86 +++++++++---------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/.github/workflows/dev_sandbox_publish_deploy.yaml b/.github/workflows/dev_sandbox_publish_deploy.yaml index 46c9c8a..693232a 100644 --- a/.github/workflows/dev_sandbox_publish_deploy.yaml +++ b/.github/workflows/dev_sandbox_publish_deploy.yaml @@ -24,48 +24,48 @@ jobs: echo "VERSION=${{ steps.variables.outputs.version }}" internal-dev: - name: "Publish spec & deploy to dev" - needs: metadata - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v6 - - - name: Set up Python 3.11 - uses: actions/setup-python@v6 - with: - python-version: '3.11' - - - name: Set up Node.js - uses: actions/setup-node@v6 - with: - node-version: '20' - - - name: Install Poetry - run: curl -sSL https://install.python-poetry.org | python3 - - - - name: Install Python and Node dependencies - run: | - make install - - - name: Install proxygen-cli - run: | - pip install proxygen-cli - - - name: Set up Proxygen credentials - env: - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY_PROD }} - run: | - mkdir -p ~/.proxygen - echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem - make setup-proxygen-credentials - - name: Generate specification - run: | - make construct-spec APIM_ENV=internal-dev - - - name: Deploy internal-dev spec to Proxygen - run: | - proxygen instance deploy internal-dev eligibility-signposting-api build/specification/internal-dev/eligibility-signposting-api.yaml --no-confirm + name: "Publish spec & deploy to dev" + needs: metadata + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v6 + + - name: Set up Python 3.11 + uses: actions/setup-python@v6 + with: + python-version: '3.11' + + - name: Set up Node.js + uses: actions/setup-node@v6 + with: + node-version: '20' + + - name: Install Poetry + run: curl -sSL https://install.python-poetry.org | python3 - + + - name: Install Python and Node dependencies + run: | + make install + + - name: Install proxygen-cli + run: | + pip install proxygen-cli + + - name: Set up Proxygen credentials + env: + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY_PROD }} + run: | + mkdir -p ~/.proxygen + echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem + make setup-proxygen-credentials + - name: Generate specification + run: | + make construct-spec APIM_ENV=internal-dev + + - name: Deploy internal-dev spec to Proxygen + run: | + proxygen instance deploy internal-dev eligibility-signposting-api build/specification/internal-dev/eligibility-signposting-api.yaml --no-confirm sandbox: name: "Publish spec & deploy to sandbox" @@ -158,7 +158,7 @@ jobs: tag_deployment: name: "Tag Dev & Sandbox deployment" - needs: [metadata, publish_postman] + needs: [ metadata, publish_postman ] runs-on: ubuntu-latest steps: - name: Checkout repository