From 45e1e2569dc35d1640c1451a1c029e4e9aa72fa2 Mon Sep 17 00:00:00 2001 From: Shweta <216860557+shweta-nhs@users.noreply.github.com> Date: Wed, 21 Jan 2026 16:50:20 +0000 Subject: [PATCH 01/13] ELI-338: Tests sandbox --- .../workflows/dev_sandbox_publish_deploy.yaml | 95 ++++++++++--------- 1 file changed, 48 insertions(+), 47 deletions(-) diff --git a/.github/workflows/dev_sandbox_publish_deploy.yaml b/.github/workflows/dev_sandbox_publish_deploy.yaml index 35b4635..a27ceff 100644 --- a/.github/workflows/dev_sandbox_publish_deploy.yaml +++ b/.github/workflows/dev_sandbox_publish_deploy.yaml @@ -4,6 +4,7 @@ on: push: branches: - main + - ELI-338 jobs: metadata: @@ -23,55 +24,55 @@ jobs: echo "Deploying to: DEV & Sandbox" echo "VERSION=${{ steps.variables.outputs.version }}" - dev: - needs: metadata - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v6 - - - name: Set up Python 3.11 - uses: actions/setup-python@v6 - with: - python-version: '3.11' - - - name: Set up Node.js - uses: actions/setup-node@v6 - with: - node-version: '20' - - - name: Install Poetry - run: curl -sSL https://install.python-poetry.org | python3 - - - - name: Install Python and Node dependencies - run: | - make install - - - name: Install proxygen-cli - run: | - pip install proxygen-cli - - - name: Set up Proxygen credentials - env: - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} - run: | - mkdir -p ~/.proxygen - echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem - make setup-proxygen-credentials - - name: Generate specification - run: | - make construct-spec APIM_ENV=internal-dev - - - name: Publish internal-dev spec to Proxygen - run: | - proxygen spec publish build/specification/internal-dev/eligibility-signposting-api.yaml --no-confirm - - - name: Deploy internal-dev spec to Proxygen - run: | - proxygen instance deploy internal-dev eligibility-signposting-api build/specification/internal-dev/eligibility-signposting-api.yaml --no-confirm +# dev: +# needs: metadata +# runs-on: ubuntu-latest +# steps: +# - name: Checkout repository +# uses: actions/checkout@v6 +# +# - name: Set up Python 3.11 +# uses: actions/setup-python@v6 +# with: +# python-version: '3.11' +# +# - name: Set up Node.js +# uses: actions/setup-node@v6 +# with: +# node-version: '20' +# +# - name: Install Poetry +# run: curl -sSL https://install.python-poetry.org | python3 - +# +# - name: Install Python and Node dependencies +# run: | +# make install +# +# - name: Install proxygen-cli +# run: | +# pip install proxygen-cli +# +# - name: Set up Proxygen credentials +# env: +# PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} +# run: | +# mkdir -p ~/.proxygen +# echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem +# make setup-proxygen-credentials +# - name: Generate specification +# run: | +# make construct-spec APIM_ENV=internal-dev +# +# - name: Publish internal-dev spec to Proxygen +# run: | +# proxygen spec publish build/specification/internal-dev/eligibility-signposting-api.yaml --no-confirm +# +# - name: Deploy internal-dev spec to Proxygen +# run: | +# proxygen instance deploy internal-dev eligibility-signposting-api build/specification/internal-dev/eligibility-signposting-api.yaml --no-confirm sandbox: - needs: dev +# needs: dev runs-on: ubuntu-latest steps: - name: Checkout repository From dacaa3dc67676e6fa31d4c5dd6b88984361b370c Mon Sep 17 00:00:00 2001 From: Shweta <216860557+shweta-nhs@users.noreply.github.com> Date: Wed, 21 Jan 2026 16:57:32 +0000 Subject: [PATCH 02/13] ELI-338: Adds explicit python and poetry install --- .../workflows/dev_sandbox_publish_deploy.yaml | 24 +++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dev_sandbox_publish_deploy.yaml b/.github/workflows/dev_sandbox_publish_deploy.yaml index a27ceff..7c96842 100644 --- a/.github/workflows/dev_sandbox_publish_deploy.yaml +++ b/.github/workflows/dev_sandbox_publish_deploy.yaml @@ -72,7 +72,7 @@ jobs: # proxygen instance deploy internal-dev eligibility-signposting-api build/specification/internal-dev/eligibility-signposting-api.yaml --no-confirm sandbox: -# needs: dev + needs: metadata runs-on: ubuntu-latest steps: - name: Checkout repository @@ -122,9 +122,25 @@ jobs: needs: sandbox runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - name: Install dependencies - run: make install + - name: Checkout repository + uses: actions/checkout@v6 + + - name: Set up Python 3.11 + uses: actions/setup-python@v6 + with: + python-version: '3.11' + + - name: Set up Node.js + uses: actions/setup-node@v6 + with: + node-version: '20' + + - name: Install Poetry + run: curl -sSL https://install.python-poetry.org | python3 - + + - name: Install Python and Node dependencies + run: | + make install - name: Generate Postman Collection run: make convert-postman - name: Publish Postman Collection From aaf5586587cfc70cb74c8a491f2cf25598caea25 Mon Sep 17 00:00:00 2001 From: Shweta <216860557+shweta-nhs@users.noreply.github.com> Date: Wed, 21 Jan 2026 17:00:51 +0000 Subject: [PATCH 03/13] ELI-338: Adds collection id for postman --- .github/workflows/dev_sandbox_publish_deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dev_sandbox_publish_deploy.yaml b/.github/workflows/dev_sandbox_publish_deploy.yaml index 7c96842..ad36bbd 100644 --- a/.github/workflows/dev_sandbox_publish_deploy.yaml +++ b/.github/workflows/dev_sandbox_publish_deploy.yaml @@ -148,7 +148,7 @@ jobs: POSTMAN_API_KEY: ${{ secrets.POSTMAN_API_KEY }} run: | curl --fail -X PUT \ - https://api.getpostman.com/collections/{{YOUR_COLLECTION_UID}} \ + https://api.getpostman.com/collections/44595835-573a42db-b7a5-4b69-9f62-696b6df3f12f \ -H "X-Api-Key: $POSTMAN_API_KEY" \ -H "Content-Type: application/json" \ -d @specification/postman/collection.json From a9e4ef9617cd5e664871ac54b1cb7e0a85770b66 Mon Sep 17 00:00:00 2001 From: Shweta <216860557+shweta-nhs@users.noreply.github.com> Date: Thu, 22 Jan 2026 11:25:56 +0000 Subject: [PATCH 04/13] ELI-338: Adds json under collection key --- .github/workflows/dev_sandbox_publish_deploy.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dev_sandbox_publish_deploy.yaml b/.github/workflows/dev_sandbox_publish_deploy.yaml index ad36bbd..5174ee8 100644 --- a/.github/workflows/dev_sandbox_publish_deploy.yaml +++ b/.github/workflows/dev_sandbox_publish_deploy.yaml @@ -147,11 +147,11 @@ jobs: env: POSTMAN_API_KEY: ${{ secrets.POSTMAN_API_KEY }} run: | - curl --fail -X PUT \ + curl -X PUT \ https://api.getpostman.com/collections/44595835-573a42db-b7a5-4b69-9f62-696b6df3f12f \ -H "X-Api-Key: $POSTMAN_API_KEY" \ -H "Content-Type: application/json" \ - -d @specification/postman/collection.json + -d "{\"collection\": $(cat specification/postman/collection.json)} publish: needs: publish_postman From 018ac65b00b14ab690ade36ff79a026be734f1c1 Mon Sep 17 00:00:00 2001 From: Shweta <216860557+shweta-nhs@users.noreply.github.com> Date: Thu, 22 Jan 2026 11:29:52 +0000 Subject: [PATCH 05/13] ELI-338: Adds json properly using jq --- .github/workflows/dev_sandbox_publish_deploy.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dev_sandbox_publish_deploy.yaml b/.github/workflows/dev_sandbox_publish_deploy.yaml index 5174ee8..a3d1348 100644 --- a/.github/workflows/dev_sandbox_publish_deploy.yaml +++ b/.github/workflows/dev_sandbox_publish_deploy.yaml @@ -147,11 +147,12 @@ jobs: env: POSTMAN_API_KEY: ${{ secrets.POSTMAN_API_KEY }} run: | + jq -c '{collection: .}' specification/postman/collection.json > wrapped_collection.json curl -X PUT \ https://api.getpostman.com/collections/44595835-573a42db-b7a5-4b69-9f62-696b6df3f12f \ -H "X-Api-Key: $POSTMAN_API_KEY" \ -H "Content-Type: application/json" \ - -d "{\"collection\": $(cat specification/postman/collection.json)} + -d @wrapped_collection.json publish: needs: publish_postman From 3ecc3dea7104a46720c1dcfac7b713f995a8389b Mon Sep 17 00:00:00 2001 From: Shweta <216860557+shweta-nhs@users.noreply.github.com> Date: Thu, 22 Jan 2026 11:36:08 +0000 Subject: [PATCH 06/13] ELI-338: Adds checkout step for tagging --- .github/workflows/dev_sandbox_publish_deploy.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/dev_sandbox_publish_deploy.yaml b/.github/workflows/dev_sandbox_publish_deploy.yaml index a3d1348..783eb70 100644 --- a/.github/workflows/dev_sandbox_publish_deploy.yaml +++ b/.github/workflows/dev_sandbox_publish_deploy.yaml @@ -158,6 +158,8 @@ jobs: needs: publish_postman runs-on: ubuntu-latest steps: + - name: Checkout repository + uses: actions/checkout@v6 - name: "Tag the dev & sandbox deployment" run: | git config user.name "github-actions" From d5369d6e951e05ef4f0bb118707c018612755694 Mon Sep 17 00:00:00 2001 From: Shweta <216860557+shweta-nhs@users.noreply.github.com> Date: Thu, 22 Jan 2026 11:44:40 +0000 Subject: [PATCH 07/13] ELI-338: Adds dependency for version in tagging --- .github/workflows/dev_sandbox_publish_deploy.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/dev_sandbox_publish_deploy.yaml b/.github/workflows/dev_sandbox_publish_deploy.yaml index 783eb70..122ecf8 100644 --- a/.github/workflows/dev_sandbox_publish_deploy.yaml +++ b/.github/workflows/dev_sandbox_publish_deploy.yaml @@ -154,8 +154,8 @@ jobs: -H "Content-Type: application/json" \ -d @wrapped_collection.json - publish: - needs: publish_postman + tag_deployment: + needs: [metadata, publish_postman] runs-on: ubuntu-latest steps: - name: Checkout repository @@ -168,7 +168,7 @@ jobs: git push origin ${{ needs.metadata.outputs.version }} notify_slack: - needs: publish + needs: tag_deployment runs-on: ubuntu-latest steps: - name: "Notify Slack on PR merge" From 3dcd06ae749bab4119bbb9d74a5c7ca9b45556cd Mon Sep 17 00:00:00 2001 From: Shweta <216860557+shweta-nhs@users.noreply.github.com> Date: Thu, 22 Jan 2026 12:03:33 +0000 Subject: [PATCH 08/13] ELI-338: fix targets and access --- .../workflows/dev_sandbox_publish_deploy.yaml | 99 ++++++++++--------- Makefile | 4 +- .../security/security-internal-dev.yaml | 4 + .../x-nhsd-apim/access-internal-dev.yaml | 6 ++ .../x-nhsd-apim/ratelimit-internal-dev.yaml | 3 + .../x-nhsd-apim/target-internal-dev.yaml | 6 ++ specification/x-nhsd-apim/target-preprod.yaml | 2 +- specification/x-nhsd-apim/target-prod.yaml | 2 +- specification/x-nhsd-apim/target-test.yaml | 2 +- 9 files changed, 76 insertions(+), 52 deletions(-) create mode 100644 specification/components/security/security-internal-dev.yaml create mode 100644 specification/x-nhsd-apim/access-internal-dev.yaml create mode 100644 specification/x-nhsd-apim/ratelimit-internal-dev.yaml create mode 100644 specification/x-nhsd-apim/target-internal-dev.yaml diff --git a/.github/workflows/dev_sandbox_publish_deploy.yaml b/.github/workflows/dev_sandbox_publish_deploy.yaml index 122ecf8..2521b1a 100644 --- a/.github/workflows/dev_sandbox_publish_deploy.yaml +++ b/.github/workflows/dev_sandbox_publish_deploy.yaml @@ -24,55 +24,57 @@ jobs: echo "Deploying to: DEV & Sandbox" echo "VERSION=${{ steps.variables.outputs.version }}" -# dev: -# needs: metadata -# runs-on: ubuntu-latest -# steps: -# - name: Checkout repository -# uses: actions/checkout@v6 -# -# - name: Set up Python 3.11 -# uses: actions/setup-python@v6 -# with: -# python-version: '3.11' -# -# - name: Set up Node.js -# uses: actions/setup-node@v6 -# with: -# node-version: '20' -# -# - name: Install Poetry -# run: curl -sSL https://install.python-poetry.org | python3 - -# -# - name: Install Python and Node dependencies -# run: | -# make install -# -# - name: Install proxygen-cli -# run: | -# pip install proxygen-cli -# -# - name: Set up Proxygen credentials -# env: -# PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} -# run: | -# mkdir -p ~/.proxygen -# echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem -# make setup-proxygen-credentials -# - name: Generate specification -# run: | -# make construct-spec APIM_ENV=internal-dev -# -# - name: Publish internal-dev spec to Proxygen -# run: | -# proxygen spec publish build/specification/internal-dev/eligibility-signposting-api.yaml --no-confirm -# -# - name: Deploy internal-dev spec to Proxygen -# run: | -# proxygen instance deploy internal-dev eligibility-signposting-api build/specification/internal-dev/eligibility-signposting-api.yaml --no-confirm + internal-dev: + name: "Publish spec & deploy to dev" + needs: metadata + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v6 + + - name: Set up Python 3.11 + uses: actions/setup-python@v6 + with: + python-version: '3.11' + + - name: Set up Node.js + uses: actions/setup-node@v6 + with: + node-version: '20' + + - name: Install Poetry + run: curl -sSL https://install.python-poetry.org | python3 - + + - name: Install Python and Node dependencies + run: | + make install + + - name: Install proxygen-cli + run: | + pip install proxygen-cli + + - name: Set up Proxygen credentials + env: + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} + run: | + mkdir -p ~/.proxygen + echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem + make setup-proxygen-credentials + - name: Generate specification + run: | + make construct-spec APIM_ENV=internal-dev + + - name: Publish internal-dev spec to Proxygen + run: | + proxygen spec publish build/specification/internal-dev/eligibility-signposting-api.yaml --no-confirm + + - name: Deploy internal-dev spec to Proxygen + run: | + proxygen instance deploy internal-dev eligibility-signposting-api build/specification/internal-dev/eligibility-signposting-api.yaml --no-confirm sandbox: - needs: metadata + name: "Publish spec & deploy to sandbox" + needs: internal-dev runs-on: ubuntu-latest steps: - name: Checkout repository @@ -119,6 +121,7 @@ jobs: proxygen instance deploy sandbox eligibility-signposting-api build/specification/sandbox/eligibility-signposting-api.yaml --no-confirm publish_postman: + name: "Publish to Postman" needs: sandbox runs-on: ubuntu-latest steps: @@ -155,6 +158,7 @@ jobs: -d @wrapped_collection.json tag_deployment: + name: "Tag Dev & Sandbox deployment" needs: [metadata, publish_postman] runs-on: ubuntu-latest steps: @@ -168,6 +172,7 @@ jobs: git push origin ${{ needs.metadata.outputs.version }} notify_slack: + name: "Notify Slack" needs: tag_deployment runs-on: ubuntu-latest steps: diff --git a/Makefile b/Makefile index 13515e4..a6ba2ce 100644 --- a/Makefile +++ b/Makefile @@ -114,13 +114,13 @@ set-ratelimit: guard-APIM_ENV < specification/x-nhsd-apim/ratelimit-template.yaml > specification/x-nhsd-apim/ratelimit.yaml update-spec-template: guard-APIM_ENV -ifeq ($(APIM_ENV), $(filter $(APIM_ENV), sandbox internal-dev test int ref preprod prod )) +ifeq ($(APIM_ENV), $(filter $(APIM_ENV), sandbox internal-dev test int ref preprod prod dev)) @ $(MAKE) set-target APIM_ENV=$$APIM_ENV @ $(MAKE) set-access APIM_ENV=$$APIM_ENV @ $(MAKE) set-security APIM_ENV=$$APIM_ENV @ $(MAKE) set-ratelimit APIM_ENV=$$APIM_ENV else - @ echo ERROR: $$APIM_ENV is not a valid environment. Please use one of [sandbox, internal-dev, int, ref, preprod, prod] + @ echo ERROR: $$APIM_ENV is not a valid environment. Please use one of [sandbox, internal-dev, test, int, ref, preprod, prod, dev] @ exit 1; endif diff --git a/specification/components/security/security-internal-dev.yaml b/specification/components/security/security-internal-dev.yaml new file mode 100644 index 0000000..a427260 --- /dev/null +++ b/specification/components/security/security-internal-dev.yaml @@ -0,0 +1,4 @@ +nhs-login-p9: + $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9 +app-level3: + $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/app-level3 diff --git a/specification/x-nhsd-apim/access-internal-dev.yaml b/specification/x-nhsd-apim/access-internal-dev.yaml new file mode 100644 index 0000000..a5d92a5 --- /dev/null +++ b/specification/x-nhsd-apim/access-internal-dev.yaml @@ -0,0 +1,6 @@ +- title: Eligibility Signposting API (Dev Environment) + grants: + nhs-login-p9: [] +- title: Eligibility Signposting API (Dev Environment) app Level 3 Access + grants: + app-level3: [] diff --git a/specification/x-nhsd-apim/ratelimit-internal-dev.yaml b/specification/x-nhsd-apim/ratelimit-internal-dev.yaml new file mode 100644 index 0000000..1dafe5a --- /dev/null +++ b/specification/x-nhsd-apim/ratelimit-internal-dev.yaml @@ -0,0 +1,3 @@ +proxy: + limit: 5 + timeunit: second diff --git a/specification/x-nhsd-apim/target-internal-dev.yaml b/specification/x-nhsd-apim/target-internal-dev.yaml new file mode 100644 index 0000000..b43870d --- /dev/null +++ b/specification/x-nhsd-apim/target-internal-dev.yaml @@ -0,0 +1,6 @@ +type: external +url: "TBC" +healthcheck: /patient-check/_status +security: + type: mtls + secret: eligibility-signposting-api diff --git a/specification/x-nhsd-apim/target-preprod.yaml b/specification/x-nhsd-apim/target-preprod.yaml index cabb590..4c441ba 100644 --- a/specification/x-nhsd-apim/target-preprod.yaml +++ b/specification/x-nhsd-apim/target-preprod.yaml @@ -1,5 +1,5 @@ type: external -url: "preprod.eligibility-signposting-api.nhs.uk" +url: "https://preprod.eligibility-signposting-api.nhs.uk" healthcheck: /patient-check/_status security: type: mtls diff --git a/specification/x-nhsd-apim/target-prod.yaml b/specification/x-nhsd-apim/target-prod.yaml index a889c96..a779e58 100644 --- a/specification/x-nhsd-apim/target-prod.yaml +++ b/specification/x-nhsd-apim/target-prod.yaml @@ -1,5 +1,5 @@ type: external -url: "prod.eligibility-signposting-api.national.nhs.uk" +url: "https://prod.eligibility-signposting-api.national.nhs.uk" healthcheck: /patient-check/_status security: type: mtls diff --git a/specification/x-nhsd-apim/target-test.yaml b/specification/x-nhsd-apim/target-test.yaml index baed574..2451246 100644 --- a/specification/x-nhsd-apim/target-test.yaml +++ b/specification/x-nhsd-apim/target-test.yaml @@ -1,5 +1,5 @@ type: external -url: "test.eligibility-signposting-api.nhs.uk" +url: "https://test.eligibility-signposting-api.nhs.uk" healthcheck: /patient-check/_status security: type: mtls From ef41ae9c7c90a990508289f0fb93f943e3252f71 Mon Sep 17 00:00:00 2001 From: Shweta <216860557+shweta-nhs@users.noreply.github.com> Date: Thu, 22 Jan 2026 13:41:24 +0000 Subject: [PATCH 09/13] ELI-338: try with dev instead of internal-dev --- .github/workflows/dev_sandbox_publish_deploy.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/dev_sandbox_publish_deploy.yaml b/.github/workflows/dev_sandbox_publish_deploy.yaml index 2521b1a..62d1a8d 100644 --- a/.github/workflows/dev_sandbox_publish_deploy.yaml +++ b/.github/workflows/dev_sandbox_publish_deploy.yaml @@ -24,7 +24,7 @@ jobs: echo "Deploying to: DEV & Sandbox" echo "VERSION=${{ steps.variables.outputs.version }}" - internal-dev: + dev: name: "Publish spec & deploy to dev" needs: metadata runs-on: ubuntu-latest @@ -62,19 +62,19 @@ jobs: make setup-proxygen-credentials - name: Generate specification run: | - make construct-spec APIM_ENV=internal-dev + make construct-spec APIM_ENV=dev - - name: Publish internal-dev spec to Proxygen + - name: Publish dev spec to Proxygen run: | - proxygen spec publish build/specification/internal-dev/eligibility-signposting-api.yaml --no-confirm + proxygen spec publish build/specification/dev/eligibility-signposting-api.yaml --no-confirm - - name: Deploy internal-dev spec to Proxygen + - name: Deploy dev spec to Proxygen run: | - proxygen instance deploy internal-dev eligibility-signposting-api build/specification/internal-dev/eligibility-signposting-api.yaml --no-confirm + proxygen instance deploy dev eligibility-signposting-api build/specification/dev/eligibility-signposting-api.yaml --no-confirm sandbox: name: "Publish spec & deploy to sandbox" - needs: internal-dev + needs: dev runs-on: ubuntu-latest steps: - name: Checkout repository From f392444f29a0f12b687182d0aa05e8226b03da8c Mon Sep 17 00:00:00 2001 From: Shweta <216860557+shweta-nhs@users.noreply.github.com> Date: Thu, 22 Jan 2026 13:53:54 +0000 Subject: [PATCH 10/13] ELI-338: setting ref to internal dev --- .github/workflows/dev_sandbox_publish_deploy.yaml | 14 +++++++------- specification/components/security/security.yaml | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/dev_sandbox_publish_deploy.yaml b/.github/workflows/dev_sandbox_publish_deploy.yaml index 62d1a8d..2521b1a 100644 --- a/.github/workflows/dev_sandbox_publish_deploy.yaml +++ b/.github/workflows/dev_sandbox_publish_deploy.yaml @@ -24,7 +24,7 @@ jobs: echo "Deploying to: DEV & Sandbox" echo "VERSION=${{ steps.variables.outputs.version }}" - dev: + internal-dev: name: "Publish spec & deploy to dev" needs: metadata runs-on: ubuntu-latest @@ -62,19 +62,19 @@ jobs: make setup-proxygen-credentials - name: Generate specification run: | - make construct-spec APIM_ENV=dev + make construct-spec APIM_ENV=internal-dev - - name: Publish dev spec to Proxygen + - name: Publish internal-dev spec to Proxygen run: | - proxygen spec publish build/specification/dev/eligibility-signposting-api.yaml --no-confirm + proxygen spec publish build/specification/internal-dev/eligibility-signposting-api.yaml --no-confirm - - name: Deploy dev spec to Proxygen + - name: Deploy internal-dev spec to Proxygen run: | - proxygen instance deploy dev eligibility-signposting-api build/specification/dev/eligibility-signposting-api.yaml --no-confirm + proxygen instance deploy internal-dev eligibility-signposting-api build/specification/internal-dev/eligibility-signposting-api.yaml --no-confirm sandbox: name: "Publish spec & deploy to sandbox" - needs: dev + needs: internal-dev runs-on: ubuntu-latest steps: - name: Checkout repository diff --git a/specification/components/security/security.yaml b/specification/components/security/security.yaml index 4bf1312..85d0c43 100644 --- a/specification/components/security/security.yaml +++ b/specification/components/security/security.yaml @@ -1 +1 @@ -$ref: security-sandbox.yaml +$ref: security-internal-dev.yaml From 04d7018de4ed3f2188789b39d7cad9c3a248a9fc Mon Sep 17 00:00:00 2001 From: Shweta <216860557+shweta-nhs@users.noreply.github.com> Date: Thu, 22 Jan 2026 14:03:24 +0000 Subject: [PATCH 11/13] ELI-338: setting ref to internal dev for x-nhsd-apim --- specification/x-nhsd-apim/access.yaml | 2 +- specification/x-nhsd-apim/ratelimit.yaml | 2 +- specification/x-nhsd-apim/target.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/specification/x-nhsd-apim/access.yaml b/specification/x-nhsd-apim/access.yaml index b39faea..c66e18d 100644 --- a/specification/x-nhsd-apim/access.yaml +++ b/specification/x-nhsd-apim/access.yaml @@ -1 +1 @@ -$ref: access-sandbox.yaml +$ref: access-internal-dev.yaml diff --git a/specification/x-nhsd-apim/ratelimit.yaml b/specification/x-nhsd-apim/ratelimit.yaml index 1dd0046..ab79d5a 100644 --- a/specification/x-nhsd-apim/ratelimit.yaml +++ b/specification/x-nhsd-apim/ratelimit.yaml @@ -1 +1 @@ -$ref: ratelimit-sandbox.yaml +$ref: ratelimit-internal-dev.yaml diff --git a/specification/x-nhsd-apim/target.yaml b/specification/x-nhsd-apim/target.yaml index 36b3961..7d28ebb 100644 --- a/specification/x-nhsd-apim/target.yaml +++ b/specification/x-nhsd-apim/target.yaml @@ -1 +1 @@ -$ref: target-sandbox.yaml +$ref: target-internal-dev.yaml From 2b2c456d1deea80ca0e14f309bbbce20b8896808 Mon Sep 17 00:00:00 2001 From: Shweta <216860557+shweta-nhs@users.noreply.github.com> Date: Thu, 22 Jan 2026 15:16:57 +0000 Subject: [PATCH 12/13] ELI-338: fixes url in target --- specification/components/security/security.yaml | 2 +- specification/x-nhsd-apim/access.yaml | 2 +- specification/x-nhsd-apim/ratelimit.yaml | 2 +- specification/x-nhsd-apim/target-dev.yaml | 2 +- specification/x-nhsd-apim/target-internal-dev.yaml | 2 +- specification/x-nhsd-apim/target.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/specification/components/security/security.yaml b/specification/components/security/security.yaml index 85d0c43..4bf1312 100644 --- a/specification/components/security/security.yaml +++ b/specification/components/security/security.yaml @@ -1 +1 @@ -$ref: security-internal-dev.yaml +$ref: security-sandbox.yaml diff --git a/specification/x-nhsd-apim/access.yaml b/specification/x-nhsd-apim/access.yaml index c66e18d..b39faea 100644 --- a/specification/x-nhsd-apim/access.yaml +++ b/specification/x-nhsd-apim/access.yaml @@ -1 +1 @@ -$ref: access-internal-dev.yaml +$ref: access-sandbox.yaml diff --git a/specification/x-nhsd-apim/ratelimit.yaml b/specification/x-nhsd-apim/ratelimit.yaml index ab79d5a..1dd0046 100644 --- a/specification/x-nhsd-apim/ratelimit.yaml +++ b/specification/x-nhsd-apim/ratelimit.yaml @@ -1 +1 @@ -$ref: ratelimit-internal-dev.yaml +$ref: ratelimit-sandbox.yaml diff --git a/specification/x-nhsd-apim/target-dev.yaml b/specification/x-nhsd-apim/target-dev.yaml index b43870d..68c1525 100644 --- a/specification/x-nhsd-apim/target-dev.yaml +++ b/specification/x-nhsd-apim/target-dev.yaml @@ -1,5 +1,5 @@ type: external -url: "TBC" +url: "https://dev.eligibility-signposting-api.nhs.uk" healthcheck: /patient-check/_status security: type: mtls diff --git a/specification/x-nhsd-apim/target-internal-dev.yaml b/specification/x-nhsd-apim/target-internal-dev.yaml index b43870d..c976b9a 100644 --- a/specification/x-nhsd-apim/target-internal-dev.yaml +++ b/specification/x-nhsd-apim/target-internal-dev.yaml @@ -1,5 +1,5 @@ type: external -url: "TBC" +url: "https://internal-dev.eligibility-signposting-api.nhs.uk" healthcheck: /patient-check/_status security: type: mtls diff --git a/specification/x-nhsd-apim/target.yaml b/specification/x-nhsd-apim/target.yaml index 7d28ebb..36b3961 100644 --- a/specification/x-nhsd-apim/target.yaml +++ b/specification/x-nhsd-apim/target.yaml @@ -1 +1 @@ -$ref: target-internal-dev.yaml +$ref: target-sandbox.yaml From 5b5acc6408b1407997c05e18c9265cf266419033 Mon Sep 17 00:00:00 2001 From: Shweta <216860557+shweta-nhs@users.noreply.github.com> Date: Thu, 22 Jan 2026 15:45:37 +0000 Subject: [PATCH 13/13] ELI-338: fixes setup for preprod and prod --- .../workflows/dev_sandbox_publish_deploy.yaml | 1 - .github/workflows/preprod_publish_deploy.yaml | 35 ++++++++++--- .github/workflows/prod_publish_deploy.yaml | 49 ++++++++++++++++--- 3 files changed, 69 insertions(+), 16 deletions(-) diff --git a/.github/workflows/dev_sandbox_publish_deploy.yaml b/.github/workflows/dev_sandbox_publish_deploy.yaml index 2521b1a..198bb9b 100644 --- a/.github/workflows/dev_sandbox_publish_deploy.yaml +++ b/.github/workflows/dev_sandbox_publish_deploy.yaml @@ -4,7 +4,6 @@ on: push: branches: - main - - ELI-338 jobs: metadata: diff --git a/.github/workflows/preprod_publish_deploy.yaml b/.github/workflows/preprod_publish_deploy.yaml index 3863b7e..7dffe27 100644 --- a/.github/workflows/preprod_publish_deploy.yaml +++ b/.github/workflows/preprod_publish_deploy.yaml @@ -12,7 +12,6 @@ jobs: preprod: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - name: Set tag to deploy id: set_tag run: | @@ -27,13 +26,35 @@ jobs: uses: actions/checkout@v6 with: ref: ${{ steps.set_tag.outputs.tag }} - - uses: actions/setup-python@v6 + - name: Set up Python 3.11 + uses: actions/setup-python@v6 with: python-version: '3.11' - - uses: actions/setup-node@v6 + - name: Set up Node.js + uses: actions/setup-node@v6 with: node-version: '20' - - run: make install - - run: make construct-spec APIM_ENV=preprod - - run: make publish-spec APIM_ENV=preprod - - run: make deploy-spec APIM_ENV=preprod + - name: Install Poetry + run: curl -sSL https://install.python-poetry.org | python3 - + - name: Install Python and Node dependencies + run: | + make install + - name: Install proxygen-cli + run: | + pip install proxygen-cli + - name: Set up Proxygen credentials + env: + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} + run: | + mkdir -p ~/.proxygen + echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem + make setup-proxygen-credentials + - name: Generate specification + run: | + make construct-spec APIM_ENV=preprod + - name: Publish preprod spec to Proxygen + run: | + proxygen spec publish build/specification/preprod/eligibility-signposting-api.yaml --uat --no-confirm + - name: Deploy preprod spec to Proxygen + run: | + proxygen instance deploy preprod eligibility-signposting-api build/specification/preprod/eligibility-signposting-api.yaml --no-confirm diff --git a/.github/workflows/prod_publish_deploy.yaml b/.github/workflows/prod_publish_deploy.yaml index fbba9f4..9ac0259 100644 --- a/.github/workflows/prod_publish_deploy.yaml +++ b/.github/workflows/prod_publish_deploy.yaml @@ -11,21 +11,52 @@ jobs: prod: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - name: Set tag to deploy + id: set_tag + run: | + if [ "${{ github.event.inputs.ref }}" = "latest" ]; then + TAG=$(git tag --list 'spec-*' --sort=-v:refname | head -n 1) + echo "Using latest tag: $TAG" + echo "tag=$TAG" >> $GITHUB_OUTPUT + else + echo "tag=${{ github.event.inputs.ref }}" >> $GITHUB_OUTPUT + fi - name: Checkout tag uses: actions/checkout@v6 with: - ref: ${{ inputs.ref }} - - uses: actions/setup-python@v6 + ref: ${{ steps.set_tag.outputs.tag }} + - name: Set up Python 3.11 + uses: actions/setup-python@v6 with: python-version: '3.11' - - uses: actions/setup-node@v6 + - name: Set up Node.js + uses: actions/setup-node@v6 with: node-version: '20' - - run: make install - - run: make construct-spec APIM_ENV=prod - - run: make publish-spec APIM_ENV=prod - - run: make deploy-spec APIM_ENV=prod + - name: Install Poetry + run: curl -sSL https://install.python-poetry.org | python3 - + - name: Install Python and Node dependencies + run: | + make install + - name: Install proxygen-cli + run: | + pip install proxygen-cli + - name: Set up Proxygen credentials + env: + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} + run: | + mkdir -p ~/.proxygen + echo "$PROXYGEN_PRIVATE_KEY" > ~/.proxygen/eligibility-signposting-api.pem + make setup-proxygen-credentials + - name: Generate specification + run: | + make construct-spec APIM_ENV=prod + - name: Publish prod spec to Proxygen + run: | + proxygen spec publish build/specification/prod/eligibility-signposting-api.yaml --no-confirm + - name: Deploy prod spec to Proxygen + run: | + proxygen instance deploy prod eligibility-signposting-api build/specification/prod/eligibility-signposting-api.yaml --no-confirm create_release: needs: prod @@ -38,5 +69,7 @@ jobs: with: tag_name: ${{ inputs.ref }} release_name: Release ${{ inputs.ref }} + body: | + Auto-release created during production deployment. draft: false prerelease: false