Fix: [AEA-6028] - Fixed security setting for proxygen PR deploys (#461)

## Summary

- Routine Change

## Details

it turns out it won't let you leave out the security setting on external
targets in proxygen

Author: MatthewPopat-NHS

.tool-versions

@@ -1,4 +1,4 @@
-nodejs 24.12.0
+nodejs 24.13.0
 python 3.14.2
 poetry 2.2.1
 shellcheck 0.10.0

docker/Dockerfile

@@ -17,9 +17,9 @@ RUN apt-get update \
 # install aws stuff
 # Download correct AWS CLI for arch
 RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \
-      wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"; \
+    wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"; \
     else \
-      wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"; \
+    wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"; \
     fi && \
     unzip /tmp/awscliv2.zip -d /tmp/aws-cli && \
     /tmp/aws-cli/aws/install && \
@@ -28,9 +28,9 @@ RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \
 # Install ASDF
 RUN ASDF_VERSION=$(awk '!/^#/ && NF {print $1; exit}' /tmp/.tool-versions.asdf) && \
     if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" = "aarch64" ]; then \
-        wget -O /tmp/asdf.tar.gz https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-arm64.tar.gz; \
+    wget -O /tmp/asdf.tar.gz https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-arm64.tar.gz; \
     else \
-        wget -O /tmp/asdf.tar.gz https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-amd64.tar.gz; \
+    wget -O /tmp/asdf.tar.gz https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-amd64.tar.gz; \
     fi && \
     tar -xvzf /tmp/asdf.tar.gz && \
     mv asdf /usr/bin
@@ -45,7 +45,7 @@ ENV PATH="$PATH:/home/cdkuser/.asdf/shims/:/home/cdkuser/node_modules/.bin"
 # Install ASDF plugins
 RUN asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git
 # install some common node versions that are used in builds to speed things up
-RUN asdf install nodejs 22.20.0; 
+RUN asdf install nodejs 24.13.0
 
 # copy files needed for deployment
 COPY --chown=cdkuser docker/entrypoint.sh /home/cdkuser/

packages/deploymentUtils/src/specifications/fixSpec.ts

@@ -46,15 +46,12 @@ export function fixSpec({
     instance = `${apiName}-pr-${pr_id}`
     spec.info.title = `[PR-${pr_id}] ${spec.info.title}`
     spec["x-nhsd-apim"].monitoring = false
-    delete spec["x-nhsd-apim"].target.security.secret
-  } else {
-    if (blueGreen) {
-      stack = calculateVersionedStackName(stackName, version)
-    }
-    spec["x-nhsd-apim"].target.security.secret = mtlsSecretName
+  } else if (blueGreen) {
+    stack = calculateVersionedStackName(stackName, version)
   }
   spec.info.version = version
   spec["x-nhsd-apim"].target.url = `https://${stack}.${awsEnvironment}.eps.national.nhs.uk`
+  spec["x-nhsd-apim"].target.security.secret = mtlsSecretName
   if (apigeeEnvironment === "prod") {
     spec.servers = [ {url: `https://api.service.nhs.uk/${instance}`} ]
     replaceSchemeRefs(spec, "proxygen.prod.api.platform.nhs.uk")

packages/deploymentUtils/tests/specifications/fixSpec.test.ts

@@ -71,7 +71,6 @@ describe("fixSpec", () => {
     expect(instance).toBe("eps-pr-456")
     expect(spec.info.title).toBe("[PR-456] EPS API")
     expect(spec["x-nhsd-apim"].monitoring).toBe(false)
-    expect(spec["x-nhsd-apim"].target.security.secret).toBeUndefined()
     expect(spec["x-nhsd-apim"]["target-attributes"]).toBeUndefined()
     expect(spec.servers[0].url)
       .toBe("https://sandbox.api.service.nhs.uk/eps-pr-456")