eli-225 adding back in poetry, updating make and readme

.github/actions/lint-and-validate-specification/action.yaml

@@ -31,8 +31,9 @@ runs:
 
     - name: Lint OpenAPI Spec with Spectral
       shell: bash
-      run: spectral lint --ruleset .spectral.yaml build/specification/eligibility-signposting-api.yaml
+      run: |
+          spectral lint --ruleset .spectral.yaml build/specification/${{ inputs.apim-env }}/eligibility-signposting-api.yaml
 
     - name: Validate OpenAPI Spec with Swagger CLI
       shell: bash
-      run: swagger-cli validate build/specification/eligibility-signposting-api.yaml
+      run: swagger-cli validate build/specification/${{ inputs.apim-env }}/eligibility-signposting-api.yaml

.tool-versions

@@ -2,6 +2,7 @@
 
 pre-commit 3.6.0
 vale 3.6.0
+poetry 2.1.1
 
 # ==============================================================================
 # The section below is reserved for Docker image versions.
@@ -14,6 +15,7 @@ vale 3.6.0
 # docker/ghcr.io/make-ops-tools/gocloc latest@sha256:6888e62e9ae693c4ebcfed9f1d86c70fd083868acb8815fe44b561b9a73b5032 # SEE: https://github.com/make-ops-tools/gocloc/pkgs/container/gocloc
 # docker/ghcr.io/nhs-england-tools/github-runner-image 20230909-321fd1e-rt@sha256:ce4fd6035dc450a50d3cbafb4986d60e77cb49a71ab60a053bb1b9518139a646 # SEE: https://github.com/nhs-england-tools/github-runner-image/pkgs/container/github-runner-image
 # docker/hadolint/hadolint 2.12.0-alpine@sha256:7dba9a9f1a0350f6d021fb2f6f88900998a4fb0aaf8e4330aa8c38544f04db42 # SEE: https://hub.docker.com/r/hadolint/hadolint/tags
+# docker/hashicorp/terraform 1.5.6@sha256:180a7efa983386a27b43657ed610e9deed9e6c3848d54f9ea9b6cb8a5c8c25f5 # SEE: https://hub.docker.com/r/hashicorp/terraform/tags
 # docker/jdkato/vale v3.6.0@sha256:0ef22c8d537f079633cfff69fc46f69a2196072f69cab1ab232e8a79a388e425 # SEE: https://hub.docker.com/r/jdkato/vale/tags
 # docker/koalaman/shellcheck latest@sha256:e40388688bae0fcffdddb7e4dea49b900c18933b452add0930654b2dea3e7d5c # SEE: https://hub.docker.com/r/koalaman/shellcheck/tags
 # docker/mstruebing/editorconfig-checker 2.7.1@sha256:dd3ca9ea50ef4518efe9be018d669ef9cf937f6bb5cfe2ef84ff2a620b5ddc24 # SEE: https://hub.docker.com/r/mstruebing/editorconfig-checker/tags

Makefile

@@ -7,16 +7,12 @@ MAKE_DIR := $(abspath $(shell pwd))
 
 #Installs dependencies using poetry.
 install-python:
-	poetry install
+	poetry install --no-root
 
 #Installs dependencies using npm.
 install-node:
 	npm install --legacy-peer-deps
 
-#Configures Git Hooks, which are scripts that run given a specified event.
-.git/hooks/pre-commit:
-	cp scripts/pre-commit .git/hooks/pre-commit
-
 #Condensed Target to run all targets above.
 install: install-node install-python .git/hooks/pre-commit
 
@@ -37,7 +33,7 @@ publish: clean
 	mkdir -p build
 	mkdir -p sandbox/specification
 	npm run publish 2> /dev/null
-	cp build/eligibility-signposting-api.json sandbox/specification/eligibility-signposting-api.json
+	cp build/sandbox/eligibility-signposting-api.json sandbox/specification/eligibility-signposting-api.json
 #Files to loop over in release
 _dist_include="pytest.ini poetry.lock poetry.toml pyproject.toml Makefile build/. tests"
 
@@ -66,6 +62,26 @@ get-spec: # Get the most recent specification live in proxygen
 	$(MAKE) setup-proxygen-credentials
 	proxygen spec get
 
+get-spec-uat: # Get the most recent specification live in proxygen
+	$(MAKE) setup-proxygen-credentials
+	proxygen spec get --uat
+
+publish-spec: # Publish the specification to proxygen
+	$(MAKE) setup-proxygen-credentials
+	proxygen spec publish --specification-file build/prod/eligibility-signposting-api.json
+
+publish-spec-uat: # Publish the specification to proxygen
+	$(MAKE) setup-proxygen-credentials
+	proxygen spec publish --specification-file build/preprod/eligibility-signposting-api.json --uat
+
+delete-spec: # Delete the specification from proxygen
+	$(MAKE) setup-proxygen-credentials
+	proxygen spec delete
+
+delete-spec-uat: # Delete the specification from proxygen
+	$(MAKE) setup-proxygen-credentials
+	proxygen spec delete --uat
+
 # Specification
 
 guard-%:
@@ -107,9 +123,9 @@ endif
 
 construct-spec: guard-APIM_ENV
 	@ $(MAKE) update-spec-template APIM_ENV=$$APIM_ENV
-	mkdir -p build/specification && \
+	mkdir -p build/specification/$(APIM_ENV) && \
 	npx redocly bundle specification/eligibility-signposting-api.yaml --remove-unused-components --keep-url-references --ext yaml \
-	> build/specification/eligibility-signposting-api.yaml
+	> build/specification/$(APIM_ENV)/eligibility-signposting-api.yaml
 
 SPEC_DIR := $(CURDIR)/specification
 POSTMAN_DIR := $(SPEC_DIR)/postman

poetry.toml

@@ -0,0 +1,2 @@
+[virtualenvs]
+in-project = true

pyproject.toml

@@ -0,0 +1,90 @@
+[project]
+name = "eligibility-signposting-api-specification"
+version = "0.0.1-alpha"
+description = "TODO"
+authors = [
+  #TODO add authors
+]
+readme = "README.md"
+requires-python = ">=3.13"
+repository = "https://github.com/NHSDigital/eligibility-signposting-api-specification"
+homepage = "https://digital.nhs.uk/developer/api-catalogue"
+keywords = ["healthcare", "uk", "nhs", "vaccination", "api"] #TODO add additional keywords
+package_mode = false
+
+[build-system]
+requires = ["poetry-core>=2.0.0,<3.0.0"]
+build-backend = "poetry.core.masonry.api"
+
+[tool.poetry.dependencies]
+python = "^3.13"
+flask = {extras = ["async"], version = "^3.1.0"}
+httpx = "^0.28.1"
+yarl = "^1.18.3"
+pydantic = "^2.10.6"
+asgiref = "^3.8.1"
+boto3 = "^1.37.3"
+botocore = "^1.37.3"
+eval-type-backport = "^0.2.2"
+mangum = "^0.19.0"
+wireup = "^1.0.1"
+python-json-logger = "^3.3.0"
+fhir-resources = "^8.0.0"
+python-dateutil = "^2.9.0"
+pyhamcrest = "^2.1.0"
+
+[tool.poetry.group.dev.dependencies]
+ruff = "^0.11.0"
+docopt = "^0.6.2"
+jsonpath-rw = "^1.4.0"
+semver = "^3.0.4"
+gitpython = "^3.1.44"
+pytest = "^8.3.4"
+pytest-asyncio = "^0.26.0"
+pytest-cov = "^6.0.0"
+pytest-nhsd-apim = "^5.0.0"
+aiohttp = "^3.11.12"
+awscli = "^1.37.24"
+awscli-local = "^0.22.0"
+polyfactory = "^2.20.0"
+pyright = "^1.1.394"
+brunns-matchers = "^2.9.0"
+localstack = "^4.1.1"
+pytest-docker = "^3.2.0"
+stamina = "^25.1.0"
+pytest-freezer = "^0.4.9"
+
+[tool.ruff]
+line-length = 120
+exclude = ["docs/", "scripts/"]
+
+[tool.ruff.lint]
+select = ["ALL"]
+ignore = ["COM812", "D"]
+
+[tool.ruff.lint.per-file-ignores]
+"src/eligibility_signposting_api/repos/*" = ["ANN401"]
+"tests/*" = ["ANN", "INP", "S101", "S106"]
+
+[tool.pytest.ini_options]
+log_cli = true
+log_cli_level = "DEBUG"
+log_format = "%(asctime)s %(levelname)s %(message)s"
+log_date_format = "%Y-%m-%d %H:%M:%S"
+asyncio_mode = "auto"
+asyncio_default_fixture_loop_scope = "function"
+
+[tool.coverage.run]
+relative_files = true
+branch = true
+source = ["sandbox"]
+
+[tool.coverage.report]
+show_missing = true
+skip_covered = false
+exclude_lines = [
+  "pragma: no cover",
+  "if __name__ == .__main__.:",
+  "if TYPE_CHECKING:",
+  "raise NotImplementedError",
+]

scripts/config/vale/styles/config/vocabularies/words/accept.txt

@@ -1,4 +1,5 @@
 [A-Z]+s
+Apigee
 Bitwarden
 bot
 Cyber
@@ -10,6 +11,7 @@ OAuth
 Octokit
 onboarding
 Podman
+preprod
 Proxygen
 Python
 Redocly
@@ -18,3 +20,4 @@ Syft
 Terraform
 toolchain
 Trufflehog
+uat

specification/README.md

@@ -24,20 +24,28 @@ Contains APIM extensions to the OpenAPI specification with deployment requiremen
 
 To build a specification for a specific environment:
 
-1. Set the target environment using the `APIM_ENV` parameter
-2. Run `make construct-spec` from the repository root, which:
+1. Make sure you've run the initial setup command `make install-node`.
+2. Set the target environment using the `APIM_ENV` parameter
+3. Run `make construct-spec` from the repository root, which:
    - Updates templates with environment-specific values
-   - Uses Redocly to compile the complete specification to `build/specification/`
-3. For the `sandbox` environment, run `make publish` to convert the specification to JSON and save it to `sandbox/specification/` for immediate use
+   - Uses Redocly to compile the complete specification to `build/specification/$(APIM_ENV)/`
+4. For the `sandbox` environment, run `make publish` to convert the specification to JSON and save it to `sandbox/specification/` for immediate use.
 
-### Deploying Environment-Specific Specifications
+### Deploying of Environment-Specific Specifications to Apigee
 
 See the [Proxygen CLI user guide](https://nhsd-confluence.digital.nhs.uk/spaces/APM/pages/804495095/Proxygen+CLI+user+guide#ProxygenCLIuserguide-Settingupsettingsandcredentials)
 
 We deploy our specifications using the Proxygen CLI. In order to do this, the following steps need to be performed:
 
-1. Construct the specification for the environment of your choice, following the instructions above.
-2. Run `make retrieve-proxygen-key` from the root directory to retrieve the private key needed to authenticate with Proxygen.
-3. Run `make setup-proxygen-credentials` from the root directory to set up credentials needed to interact with our API proxy.
-4. Run `proxygen instance deploy <environment> eligibility-signposting-api ./build/specification/eligibility-signposting-api.yaml` to deploy the specification to
+1. Construct the specification for the environment of your choice, following the instructions above. This will be stored in
+2. Activate a poetry environment `poetry env activate` - you may need to run `make install-python` to install poetry etc. first.
+3. Run `make retrieve-proxygen-key` from the root directory to retrieve the private key needed to authenticate with Proxygen.
+4. Run `make setup-proxygen-credentials` from the root directory to set up credentials needed to interact with our API proxy.
+5. Run `proxygen instance deploy <environment> eligibility-signposting-api ./build/specification/eligibility-signposting-api.yaml` to deploy the specification to
    a chosen environment.
+
+### Publishing specifications
+
+1. To get the currently published specification run `make get-spec` for production or `make get-spec-uat` for non-production. This will return an error if a specification is not deployed.
+2. To publish a specification, generate an appropriate specification (prod for production, preprod for uat) above then run `make publish-spec` for production or `make publish-spec-uat` for non-production.
+3. To delete a specification, run `make delete-spec` for production or `make delete-spec-uat` for non-production

specification/components/security/security-dev.yaml

@@ -0,0 +1 @@
+$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9

specification/components/security/security-preprod.yaml

@@ -0,0 +1 @@
+$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9

specification/components/security/security-prod.yaml

@@ -0,0 +1 @@
+$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9

specification/components/security/security-sandbox.yaml

@@ -1 +1 @@
-$ref: https://proxygen.ptl.api.platform.nhs.uk/components/securitySchemes/app-level0
+$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/app-level0

specification/components/security/security-test.yaml

@@ -0,0 +1 @@
+$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9

specification/x-nhsd-apim/access-dev.yaml

@@ -0,0 +1,3 @@
+- title: Eligibility Signposting API (Dev Environment)
+  grants:
+    nhs-login-p9: []

specification/x-nhsd-apim/access-preprod.yaml

@@ -0,0 +1,3 @@
+- title: Eligibility Signposting API (Pre Production Environment)
+  grants:
+    nhs-login-p9: []

specification/x-nhsd-apim/access-prod.yaml

@@ -0,0 +1,3 @@
+- title: Eligibility Signposting API (Production Environment)
+  grants:
+    nhs-login-p9: []

specification/x-nhsd-apim/access-test.yaml

@@ -0,0 +1,3 @@
+- title: Eligibility Signposting API (Test Environment)
+  grants:
+    nhs-login-p9: []

specification/x-nhsd-apim/ratelimit-dev.yaml

@@ -0,0 +1,3 @@
+proxy:
+  limit: 5
+  timeunit: second

specification/x-nhsd-apim/ratelimit-preprod.yaml

@@ -0,0 +1,3 @@
+proxy:
+  limit: 20
+  timeunit: second

specification/x-nhsd-apim/ratelimit-prod.yaml

@@ -0,0 +1,3 @@
+proxy:
+  limit: 5
+  timeunit: second

specification/x-nhsd-apim/ratelimit-test.yaml

@@ -0,0 +1 @@
+[]

specification/x-nhsd-apim/target-dev.yaml

@@ -0,0 +1,6 @@
+type: external
+url: "TBC"
+healthcheck: /_status
+security:
+  type: mtls
+  secret: eligibility-signposting-api

specification/x-nhsd-apim/target-preprod.yaml

@@ -0,0 +1,6 @@
+type: external
+url: "TBC"
+healthcheck: /_status
+security:
+  type: mtls
+  secret: eligibility-signposting-api

specification/x-nhsd-apim/target-prod.yaml

@@ -0,0 +1,6 @@
+type: external
+url: "TBC"
+healthcheck: /_status
+security:
+  type: mtls
+  secret: eligibility-signposting-api

specification/x-nhsd-apim/target-test.yaml

@@ -0,0 +1,10 @@
+type: hosted
+healthcheck: /_status
+containers:
+  - name: eligibility-signposting-api
+    image:
+      name: eligibility-signposting-api
+      tag: latest
+    environment:
+      LOG_LEVEL: info
+      NODE_ENV: production