From 66a282d5859b489cb61729d32c78eaec55f94dbc Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Wed, 15 Apr 2026 15:57:49 +0100 Subject: [PATCH 01/18] NPA-6546: fix end to end tests --- app/api/domain/forward_response_model.py | 6 +++--- app/api/infrastructure/emis/client.py | 10 +++++----- app/api/infrastructure/emis/models.py | 6 +++--- app/api/infrastructure/emis/tests/test_client.py | 8 ++++---- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/app/api/domain/forward_response_model.py b/app/api/domain/forward_response_model.py index 0a82706..9e6f3b1 100644 --- a/app/api/domain/forward_response_model.py +++ b/app/api/domain/forward_response_model.py @@ -1,4 +1,4 @@ -from pydantic import BaseModel, ConfigDict, field_validator +from pydantic import BaseModel, ConfigDict, SerializeAsAny, field_validator from pydantic.alias_generators import to_camel @@ -26,8 +26,8 @@ class ForwardResponse(BaseModel): session_id: str supplier: str ods_code: str - user: Demographics - patients: list[Demographics] + user: SerializeAsAny[Demographics] + patients: list[SerializeAsAny[Demographics]] @field_validator("patients") def patients_must_not_be_empty(cls, v: list) -> list: # noqa: N805 diff --git a/app/api/infrastructure/emis/client.py b/app/api/infrastructure/emis/client.py index c4011e9..c133569 100644 --- a/app/api/infrastructure/emis/client.py +++ b/app/api/infrastructure/emis/client.py @@ -14,7 +14,7 @@ EffectiveServices, Identifier, MedicalRecordPermissions, - Patient, + Person, SessionRequestData, SessionRequestHeaders, SessionResponse, @@ -114,7 +114,7 @@ def transform_response(self, response: dict) -> SessionResponse: endUserSessionId=response.get("EndUserSessionId"), supplier=self.supplier, odsCode=self.request.patient_ods_code, - user=Patient( + user=Person( firstName=response.get("FirstName"), surname=response.get("Surname"), title=response.get("Title"), @@ -145,20 +145,20 @@ def _mock_response(self) -> dict: with Path((BASE_DIR) / "data" / "mocked_response.json").open("r") as f: return load(f) - def _parse_patients(self, patient_links: list) -> list[Patient]: + def _parse_patients(self, patient_links: list) -> list[Person]: """Parsing raw data from Client into structual model. Args: patient_links (dict): Raw data containing information about patients Returns: - list[Patient]: Parsed information about patients + list[Person]: Parsed information about patients """ parsed_patients = [] for patient in patient_links: raw_permissions = patient.get("EffectiveServices", {}) parsed_patients.append( - Patient( + Person( firstName=patient.get("FirstName"), surname=patient.get("Surname"), title=patient.get("Title"), diff --git a/app/api/infrastructure/emis/models.py b/app/api/infrastructure/emis/models.py index b2cc49c..e8a2339 100644 --- a/app/api/infrastructure/emis/models.py +++ b/app/api/infrastructure/emis/models.py @@ -83,7 +83,7 @@ class EffectiveServices(Permissions): medical_record: MedicalRecordPermissions -class Patient(Demographics): +class Person(Demographics): """Base Model for User and Patient.""" model_config = ConfigDict(alias_generator=to_camel) @@ -99,5 +99,5 @@ class SessionResponse(ForwardResponse): model_config = ConfigDict(alias_generator=to_camel) end_user_session_id: str - user: Patient - patients: list[Patient] + user: Person + patients: list[Person] diff --git a/app/api/infrastructure/emis/tests/test_client.py b/app/api/infrastructure/emis/tests/test_client.py index 8accad9..c4aedc9 100644 --- a/app/api/infrastructure/emis/tests/test_client.py +++ b/app/api/infrastructure/emis/tests/test_client.py @@ -18,7 +18,7 @@ EffectiveServices, Identifier, MedicalRecordPermissions, - Patient, + Person, SessionResponse, ) @@ -140,7 +140,7 @@ def test_emis_client_transform_response(client: EmisClient) -> None: endUserSessionId="SESS_mDq6nE2b8R7KQ0v", supplier="EMIS", odsCode="some patient ods code", - user=Patient( + user=Person( firstName="Alex", surname="Taylor", title="Mr", @@ -170,7 +170,7 @@ def test_emis_client_transform_response(client: EmisClient) -> None: ), ), patients=[ - Patient( + Person( firstName="Jane", surname="Doe", title="Mrs", @@ -201,7 +201,7 @@ def test_emis_client_transform_response(client: EmisClient) -> None: ), ), ), - Patient( + Person( firstName="Ella", surname="Taylor", title="Ms", From 1b61b4c63ff85451c1d0caff82344910139fe752 Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Thu, 16 Apr 2026 09:22:02 +0100 Subject: [PATCH 02/18] NPA-6546: address copilot comments --- app/api/infrastructure/emis/client.py | 4 ++-- app/api/infrastructure/tpp/client.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/api/infrastructure/emis/client.py b/app/api/infrastructure/emis/client.py index c133569..e39048c 100644 --- a/app/api/infrastructure/emis/client.py +++ b/app/api/infrastructure/emis/client.py @@ -146,10 +146,10 @@ def _mock_response(self) -> dict: return load(f) def _parse_patients(self, patient_links: list) -> list[Person]: - """Parsing raw data from Client into structual model. + """Parsing raw data from Client into structural model. Args: - patient_links (dict): Raw data containing information about patients + patient_links (list[dict]): Raw data containing information about patients Returns: list[Person]: Parsed information about patients diff --git a/app/api/infrastructure/tpp/client.py b/app/api/infrastructure/tpp/client.py index 88f6760..66cb8d3 100644 --- a/app/api/infrastructure/tpp/client.py +++ b/app/api/infrastructure/tpp/client.py @@ -136,7 +136,7 @@ def _mock_response(self) -> dict: return xmltodict.parse(mocked_response) def _parse_patients(self, data: dict) -> list[Person]: - """Parsing raw data from Client into structual model. + """Parsing raw data from Client into structural model. Args: data (dict): Raw data containing information about multiple patients From bc6ad535a46e0cf46c5106ac968ffeb0f075e27d Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Thu, 16 Apr 2026 11:16:47 +0100 Subject: [PATCH 03/18] NPA-6546: testing with new proxygen credentials --- .github/actions/setup-proxygen/action.yaml | 8 ++++---- proxygen/credentials.yaml | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/actions/setup-proxygen/action.yaml b/.github/actions/setup-proxygen/action.yaml index 831ade8..5ca674d 100644 --- a/.github/actions/setup-proxygen/action.yaml +++ b/.github/actions/setup-proxygen/action.yaml @@ -29,15 +29,15 @@ runs: - name: Create Proxygen private key file run: | - echo "${{ inputs.PROXYGEN_PRIVATE_KEY }}" > ~/.proxygen/private_key.pem + echo "${{ inputs.NEW_PROXYGEN_PRIVATE_KEY }}" > ~/.proxygen/private_key.pem chmod 600 ~/.proxygen/private_key.pem shell: bash - name: Update Proxygen Credentials run: | - sed -i "s|CLIENT_ID_TO_BE_REPLACED|${{ inputs.PROXYGEN_CLIENT_ID }}|" ~/.proxygen/credentials.yaml - sed -i "s|KEY_ID_TO_BE_REPLACED|${{ inputs.PROXYGEN_KEY_ID }}|" ~/.proxygen/credentials.yaml - sed -i "s|PRIVATE_KEY_PATH_TO_BE_REPLACED|private_key.pem|" ~/.proxygen/credentials.yaml + sed -i "s|NEW_CLIENT_ID_TO_BE_REPLACED|${{ inputs.NEW_PROXYGEN_CLIENT_ID }}|" ~/.proxygen/credentials.yaml + sed -i "s|NEW_KEY_ID_TO_BE_REPLACED|${{ inputs.NEW_PROXYGEN_KEY_ID }}|" ~/.proxygen/credentials.yaml + sed -i "s|NEW_PRIVATE_KEY_PATH_TO_BE_REPLACED|private_key.pem|" ~/.proxygen/credentials.yaml shell: bash - name: Copy Proxygen settings diff --git a/proxygen/credentials.yaml b/proxygen/credentials.yaml index 454a829..caba917 100644 --- a/proxygen/credentials.yaml +++ b/proxygen/credentials.yaml @@ -1,4 +1,4 @@ base_url: https://identity.prod.api.platform.nhs.uk/realms/api-producers -client_id: CLIENT_ID_TO_BE_REPLACED -key_id: KEY_ID_TO_BE_REPLACED -private_key_path: PRIVATE_KEY_PATH_TO_BE_REPLACED +client_id: NEW_CLIENT_ID_TO_BE_REPLACED +key_id: NEW_KEY_ID_TO_BE_REPLACED +private_key_path: NEW_PRIVATE_KEY_PATH_TO_BE_REPLACED From 58a861ce4671286134c8e97b60cfaa6884c0d9ee Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Thu, 16 Apr 2026 11:23:00 +0100 Subject: [PATCH 04/18] NPA-6546: prepended inputs with NEW_ --- .github/workflows/pull-request-checks.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/pull-request-checks.yml b/.github/workflows/pull-request-checks.yml index ea705e2..05fd4c6 100644 --- a/.github/workflows/pull-request-checks.yml +++ b/.github/workflows/pull-request-checks.yml @@ -35,9 +35,9 @@ jobs: emis_base_url: https://nhs70apptest.emishealth.com tpp_base_url: https://systmonline2.tpp-uk.com secrets: - PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} - PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} + NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} + NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} + NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} run-end-to-end-tests: name: "Run End to End Tests" @@ -54,9 +54,9 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} - PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} + NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} + NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} + NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} - name: Run End to End Tests uses: ./.github/actions/run-end-to-end-tests env: @@ -78,9 +78,9 @@ jobs: additional_path: "pr-${{ github.event.number }}" type_of_deployment: "sandbox" secrets: - PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} - PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} + NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} + NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} + NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} run-postman-collection: name: "Run Postman Collection" From 55df05612127dab73cd418ba2e4cfec00bf9f00b Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Thu, 16 Apr 2026 11:43:34 +0100 Subject: [PATCH 05/18] empty commit to retrigger build From 0195c1e78ed44234facdd81ffb33f0e65a484666 Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Thu, 16 Apr 2026 13:43:11 +0100 Subject: [PATCH 06/18] NPA-6546: changed all GH secrets instances to match new naming --- .github/actions/setup-proxygen/action.yaml | 6 +++--- .../cicd-stage-1-deploy-to-internal-qa.yml | 18 +++++++++--------- .../cicd-stage-2-deploy-to-int-and-sandbox.yml | 18 +++++++++--------- .../workflows/cicd-stage-3-deploy-to-prod.yml | 6 +++--- .github/workflows/reusable-deploy.yml | 18 +++++++++--------- docs/user-guides/Proxygen_CLI.md | 4 ++-- 6 files changed, 35 insertions(+), 35 deletions(-) diff --git a/.github/actions/setup-proxygen/action.yaml b/.github/actions/setup-proxygen/action.yaml index 5ca674d..35e6507 100644 --- a/.github/actions/setup-proxygen/action.yaml +++ b/.github/actions/setup-proxygen/action.yaml @@ -2,13 +2,13 @@ name: "Setup Proxygen CLI" description: "Setup Proxygen CLI for the project" inputs: - PROXYGEN_CLIENT_ID: + NEW_PROXYGEN_CLIENT_ID: description: "Client ID for Proxygen CLI" required: true - PROXYGEN_KEY_ID: + NEW_PROXYGEN_KEY_ID: description: "Key ID for Proxygen CLI" required: true - PROXYGEN_PRIVATE_KEY: + NEW_PROXYGEN_PRIVATE_KEY: description: "Private key for Proxygen CLI" required: true diff --git a/.github/workflows/cicd-stage-1-deploy-to-internal-qa.yml b/.github/workflows/cicd-stage-1-deploy-to-internal-qa.yml index d6cf644..1a66db4 100644 --- a/.github/workflows/cicd-stage-1-deploy-to-internal-qa.yml +++ b/.github/workflows/cicd-stage-1-deploy-to-internal-qa.yml @@ -16,9 +16,9 @@ jobs: emis_base_url: https://nhs70apptest.emishealth.com tpp_base_url: https://systmonline2.tpp-uk.com secrets: - PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} - PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} + NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} + NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} + NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} run-end-to-end-tests: name: "Run End to End Tests" @@ -35,9 +35,9 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} - PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} + NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} + NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} + NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} - name: Run End to End Tests uses: ./.github/actions/run-end-to-end-tests env: @@ -57,9 +57,9 @@ jobs: environment: "internal-qa-sandbox" type_of_deployment: "sandbox" secrets: - PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} - PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} + NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} + NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} + NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} run-postman-collection: name: "Run Postman Collection" diff --git a/.github/workflows/cicd-stage-2-deploy-to-int-and-sandbox.yml b/.github/workflows/cicd-stage-2-deploy-to-int-and-sandbox.yml index b3b7ecf..29e76b2 100644 --- a/.github/workflows/cicd-stage-2-deploy-to-int-and-sandbox.yml +++ b/.github/workflows/cicd-stage-2-deploy-to-int-and-sandbox.yml @@ -15,9 +15,9 @@ jobs: emis_base_url: https://nhs70apptest.emishealth.com tpp_base_url: https://systmonline2.tpp-uk.com secrets: - PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} - PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} + NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} + NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} + NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} # Add int end-to-end tests @@ -28,9 +28,9 @@ jobs: environment: "sandbox" type_of_deployment: "sandbox" secrets: - PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} - PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} + NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} + NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} + NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} run-postman-collection: name: "Run Postman Collection" @@ -62,9 +62,9 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} - PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} + NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} + NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} + NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} - name: Deploy Specification to UAT run: make deploy-spec-uat-ci env: diff --git a/.github/workflows/cicd-stage-3-deploy-to-prod.yml b/.github/workflows/cicd-stage-3-deploy-to-prod.yml index 615c24e..cf25245 100644 --- a/.github/workflows/cicd-stage-3-deploy-to-prod.yml +++ b/.github/workflows/cicd-stage-3-deploy-to-prod.yml @@ -22,9 +22,9 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} - PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} + NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} + NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} + NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} - name: Deploy Specification to Production run: make deploy-spec-prod-ci env: diff --git a/.github/workflows/reusable-deploy.yml b/.github/workflows/reusable-deploy.yml index 664a542..520d244 100644 --- a/.github/workflows/reusable-deploy.yml +++ b/.github/workflows/reusable-deploy.yml @@ -37,13 +37,13 @@ on: value: ${{ jobs.deploy-environment.outputs.proxygen_url_path }} secrets: - PROXYGEN_CLIENT_ID: + NEW_PROXYGEN_CLIENT_ID: required: true description: "Client ID for Proxygen CLI" - PROXYGEN_KEY_ID: + NEW_PROXYGEN_KEY_ID: required: true description: "Key ID for Proxygen CLI" - PROXYGEN_PRIVATE_KEY: + NEW_PROXYGEN_PRIVATE_KEY: required: true description: "Private key for Proxygen CLI" @@ -86,9 +86,9 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} - PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} + NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} + NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} + NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} - name: Set up Docker Buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: "Build ${{inputs.type_of_deployment}} container" @@ -127,9 +127,9 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} - PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} - PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} + NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} + NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} + NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} - name: Deploy environment run: make deploy-ci env: diff --git a/docs/user-guides/Proxygen_CLI.md b/docs/user-guides/Proxygen_CLI.md index 948ef74..58c8f75 100644 --- a/docs/user-guides/Proxygen_CLI.md +++ b/docs/user-guides/Proxygen_CLI.md @@ -80,10 +80,10 @@ The proxygen CLI is a dedicated command-line interface tool designed to streamli ## Secrets -Secrets used for machine access are stored in Validated Relationships Service's (VRS) AWS Prod Secrets Manager with the prefix `im1-pfs-auth/proxygen/`. As well the private key is available in GitHub Secrets under the name `PROXYGEN_PRIVATE_KEY`. +Secrets used for machine access are stored in Validated Relationships Service's (VRS) AWS Prod Secrets Manager with the prefix `im1-pfs-auth/proxygen/`. As well the private key is available in GitHub Secrets under the name `NEW_PROXYGEN_PRIVATE_KEY`. Secrets used for machine access are stored in Validated Relationships Service's (VRS) AWS Prod Secrets Manager with the prefix `im1-pfs-auth/proxygen/`. ### Secrets in GitHub As well secrets are held in GitHub Secrets for the project. The secrets are used to authenticate the workflows to deploy the API to the NHS API Platform. The secrets are: -the private key is available in GitHub Secrets under the names `PROXYGEN_CLIENT_ID`, `PROXYGEN_KEY_ID`, and `PROXYGEN_PRIVATE_KEY`. +the private key is available in GitHub Secrets under the names `NEW_PROXYGEN_CLIENT_ID`, `NEW_PROXYGEN_KEY_ID`, and `NEW_PROXYGEN_PRIVATE_KEY`. From 7732b40bc0f4a8b2852781a32747b736b62e000a Mon Sep 17 00:00:00 2001 From: Tom Knapp Date: Mon, 20 Apr 2026 09:52:01 +0100 Subject: [PATCH 07/18] NPA-6546: Add glossasry of terms to documentation --- docs/user-guides/Glossary.md | 140 +++++++++++++++++++++++++++++++++++ 1 file changed, 140 insertions(+) create mode 100644 docs/user-guides/Glossary.md diff --git a/docs/user-guides/Glossary.md b/docs/user-guides/Glossary.md new file mode 100644 index 0000000..5c8b694 --- /dev/null +++ b/docs/user-guides/Glossary.md @@ -0,0 +1,140 @@ +# Glossary + +A reference guide for key terms, tools, and concepts used in the IM1 PFS Auth project. + +--- + +## APIM (API Management Platform) + +The **NHS API Management Platform**, built and operated by NHS England. It provides the infrastructure for publishing, securing, monitoring, and managing APIs across the NHS. APIM is built on top of **Apigee** and is the platform that `im1-pfs-auth` is deployed to. It is accessible via `*.api.service.nhs.uk` URLs (e.g. `https://int.api.service.nhs.uk/im1-pfs-auth`). + +--- + +## Apigee + +**Apigee** is Google's API gateway and management product, which underpins the NHS APIM platform. It handles: + +- Routing inbound API requests to backend containers +- Authentication and authorisation enforcement (e.g. composite token validation) +- Analytics and monitoring + +In this project, Apigee proxies are deployed via the **Proxygen CLI** using the OpenAPI specification in the `specification/` directory. The Apigee UI is accessible at [https://apigee.com/edge](https://apigee.com/edge) under the `nhsd-nonprod` (non-production) and `nhsd-prod` (production) organisations. + +--- + +## Proxygen (Service) + +**Proxygen** (short for Proxy Generator) is an NHS England-built service that sits in front of Apigee and acts as the control plane for API producers. It abstracts the complexity of directly interacting with Apigee by accepting an OpenAPI specification and handling the creation and management of Apigee API proxies on your behalf. + +The Proxygen service is accessible at: + +``` +https://proxygen.prod.api.platform.nhs.uk +``` + +It is also responsible for managing the **AWS ECR container registry** that holds the Docker images that back deployed API proxies. + +--- + +## Proxygen CLI + +The **Proxygen CLI** (`proxygen-cli`) is a Python command-line tool provided by NHS England that allows API producer teams to interact with the Proxygen service. In this project it is used to: + +- **Deploy API proxy instances** to APIM environments (e.g. `internal-dev`, `int`, `prod`) via `proxygen instance deploy` +- **Publish the OpenAPI spec** to the NHS developer portal via `proxygen spec publish` +- **Obtain Docker credentials** for pushing container images to the NHS ECR registry via `proxygen docker get-login` +- **Obtain test tokens** for running end-to-end tests via `proxygen pytest-nhsd-apim get-token` + +The CLI authenticates against the NHS identity service at: + +``` +https://identity.prod.api.platform.nhs.uk/realms/api-producers +``` + +This is a **Keycloak** identity provider used for machine-to-machine authentication for API producer teams. Authentication requires three credentials: a `client_id`, a `key_id`, and a `private_key` (PEM file). In CI/CD these are stored as GitHub secrets (`NEW_PROXYGEN_CLIENT_ID`, `NEW_PROXYGEN_KEY_ID`, `NEW_PROXYGEN_PRIVATE_KEY`) and also in the VRS AWS Prod Secrets Manager under the prefix `im1-pfs-auth/proxygen/`. + +See the [Proxygen CLI guide](./Proxygen_CLI.md) for installation and configuration instructions. + +--- + +## IM1 + +**IM1** (Interface Mechanism 1) is a GP system integration standard used in the NHS. It defines how third-party applications (such as patient-facing services) can integrate with GP clinical systems (supplied by GPIT suppliers such as EMIS and TPP/SystmOne). IM1 allows authorised applications to act on behalf of patients, interacting with their GP practice's system. + +--- + +## IM1 PFS Auth (`im1-pfs-auth`) + +**IM1 Patient Facing Service Auth** is this project. It is an intermediary API service that enables patient-facing applications to authenticate and establish sessions with GP practice systems via the IM1 interface. It sits between a patient-facing application and a GPIT supplier system (e.g. EMIS, TPP), handling: + +- Validation of NHS login proxy tokens +- Session initiation with the appropriate supplier system based on ODS code +- Transformation of supplier responses + +It is deployed as an Apigee API proxy backed by a Docker container, and is accessible at `*.api.service.nhs.uk/im1-pfs-auth`. + +--- + +## IM1 PFS Auth Developer Test App + +The **IM1 PFS Auth Developer Test App** is a registered application in the Apigee developer portal (under the `nhsd-nonprod` organisation) used specifically for running end-to-end tests. It has access to the `mock-jwks` service, which is required for generating composite authentication tokens in the `internal-dev` environment. + +When a new ephemeral deployment is created (e.g. from a pull request), it must be manually associated with this test app in the Apigee UI before end-to-end tests can be run against it. See the [Setup end to end tests guide](./Setup_end_to_end_tests.md) for instructions. + +--- + +## Composite Token / mock-jwks + +A **composite token** is a development-environment authentication token used in APIM's `internal-dev` environment to simulate authenticated requests without requiring real NHS login credentials. It is obtained from APIM's `mock-jwks` service. + +The `mock-jwks` service is only enabled in the `internal-dev` environment. The **IM1 PFS Auth Developer Test App** must be associated with a deployment before composite tokens can be used against it. + +--- + +## GPIT Supplier + +A **GPIT supplier** is a provider of GP IT systems in the NHS — primarily **EMIS Health** and **TPP (The Phoenix Partnership)**, who make SystmOne. These are the systems that `im1-pfs-auth` communicates with when establishing patient sessions. Their base URLs are configured at build time via the `EMIS_BASE_URL` and `TPP_BASE_URL` environment variables. + +--- + +## ODS Code + +An **ODS (Organisation Data Service) code** is a unique identifier assigned to NHS organisations, including GP practices. `im1-pfs-auth` uses the ODS code of a patient's GP practice to determine which GPIT supplier system to route a session request to. + +--- + +## ECR (Elastic Container Registry) + +**AWS ECR** is the container image registry used to store the Docker images for `im1-pfs-auth`. The NHS-managed registry is at: + +``` +958002497996.dkr.ecr.eu-west-2.amazonaws.com/im1-pfs-auth +``` + +Docker credentials to push to this registry are obtained via `proxygen docker get-login`. Apigee pulls the container from this registry when serving API requests. + +--- + +## NHS Developer Hub / Developer Portal + +The **NHS Internal Developer Hub** (accessible at `https://dos-internal.ptl.api.platform.nhs.uk`) is the portal where API producer teams manage their applications, API keys, and key pairs used for testing. It is also where the **IM1 PFS Auth Developer Test App** API key (`TEST_APP_API_KEY`) and private key (`TEST_APP_PRIVATE_KEY`) are registered and managed. + +Access to the developer hub for end-to-end testing requires membership of the `Proxy Dev Team`. See the [NHS Developer Hub guide](./NHS_developer_hub.md) for more detail. + +--- + +## Keycloak + +**Keycloak** is an open-source identity and access management solution. NHS England uses a Keycloak instance at `https://identity.prod.api.platform.nhs.uk/realms/api-producers` as the identity provider for authenticating API producer machine users (i.e. the Proxygen CLI). It is also used in the test setup — `TEST_APP_KEYCLOAK_CLIENT_ID` and `TEST_APP_KEYCLOAK_CLIENT_SECRET` are credentials for a mocked authorisation provider client used in end-to-end tests. + +--- + +## Sandbox + +The **sandbox** is a simulated version of the `im1-pfs-auth` API that returns mock responses without connecting to real GPIT supplier systems. It is deployed alongside the main app in certain environments (e.g. `internal-dev-sandbox`, `sandbox`) and does not require authentication. It allows developers and API consumers to explore the API without needing to onboard or hold real credentials. + +--- + +## Ephemeral Deployment + +An **ephemeral deployment** is a temporary deployment of `im1-pfs-auth` created automatically when a pull request is opened. It is deployed to the `internal-dev` environment with a URL path following the pattern `im1-pfs-auth-pr-`, resulting in an Apigee proxy named `im1-pfs-auth--internal-dev--im1-pfs-auth-pr-`. These deployments are used to run end-to-end tests against code changes before they are merged to `main`. From 078b638527c01a667fbcaa39065f132dd8e54081 Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Tue, 21 Apr 2026 10:13:06 +0100 Subject: [PATCH 08/18] NPA-6546: try to fix pipeline --- Makefile | 1 + proxygen/credentials.yaml | 2 +- proxygen/settings.yaml | 2 +- specification/im1-pfs-auth-api.yaml | 1 + 4 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 30cf5ef..a228bd6 100644 --- a/Makefile +++ b/Makefile @@ -60,6 +60,7 @@ deploy-spec-uat: # Deploy spec to prod deploy-spec-prod: + cp -f specification/x-nhsd-apim/x-nhsd-apim-prod.yaml specification/x-nhsd-apim/x-nhsd-apim.generated.yaml proxygen spec publish $(PROXYGEN_ARGS) specification/im1-pfs-auth-api.yaml # Deploy spec to uat in CI diff --git a/proxygen/credentials.yaml b/proxygen/credentials.yaml index caba917..e1fb8b7 100644 --- a/proxygen/credentials.yaml +++ b/proxygen/credentials.yaml @@ -1,4 +1,4 @@ -base_url: https://identity.prod.api.platform.nhs.uk/realms/api-producers +base_url: https://identity.ptl.api.platform.nhs.uk/realms/api-producers client_id: NEW_CLIENT_ID_TO_BE_REPLACED key_id: NEW_KEY_ID_TO_BE_REPLACED private_key_path: NEW_PRIVATE_KEY_PATH_TO_BE_REPLACED diff --git a/proxygen/settings.yaml b/proxygen/settings.yaml index 2bb274d..293b29a 100644 --- a/proxygen/settings.yaml +++ b/proxygen/settings.yaml @@ -1,5 +1,5 @@ { - "endpoint_url": "https://proxygen.prod.api.platform.nhs.uk", + "endpoint_url": "https://proxygen.ptl.api.platform.nhs.uk", "spec_output_format": "json", "api": "im1-pfs-auth", } diff --git a/specification/im1-pfs-auth-api.yaml b/specification/im1-pfs-auth-api.yaml index 894d255..967f556 100644 --- a/specification/im1-pfs-auth-api.yaml +++ b/specification/im1-pfs-auth-api.yaml @@ -96,6 +96,7 @@ info: servers: - url: https://sandbox.api.service.nhs.uk/im1-pfs-auth/ - url: https://int.api.service.nhs.uk/im1-pfs-auth/ + - url: https://internal-dev.api.service.nhs.uk/im1-pfs-auth paths: /authenticate: From 9ecfefed6aa5dd13649b0998878ffe1451dfcf18 Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Tue, 21 Apr 2026 10:15:22 +0100 Subject: [PATCH 09/18] NPA-6546: fix markdown formatting --- docs/user-guides/Glossary.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/user-guides/Glossary.md b/docs/user-guides/Glossary.md index 5c8b694..422de4c 100644 --- a/docs/user-guides/Glossary.md +++ b/docs/user-guides/Glossary.md @@ -28,7 +28,7 @@ In this project, Apigee proxies are deployed via the **Proxygen CLI** using the The Proxygen service is accessible at: -``` +```text https://proxygen.prod.api.platform.nhs.uk ``` @@ -47,7 +47,7 @@ The **Proxygen CLI** (`proxygen-cli`) is a Python command-line tool provided by The CLI authenticates against the NHS identity service at: -``` +```text https://identity.prod.api.platform.nhs.uk/realms/api-producers ``` @@ -107,7 +107,7 @@ An **ODS (Organisation Data Service) code** is a unique identifier assigned to N **AWS ECR** is the container image registry used to store the Docker images for `im1-pfs-auth`. The NHS-managed registry is at: -``` +```text 958002497996.dkr.ecr.eu-west-2.amazonaws.com/im1-pfs-auth ``` From 896b139389cd31fc9f74ea03511e6a03cf50822f Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Wed, 22 Apr 2026 13:36:36 +0100 Subject: [PATCH 10/18] NPA-6546: change NEW_ to PTL_ --- .github/actions/setup-proxygen/action.yaml | 14 +++++++------- .../cicd-stage-1-deploy-to-internal-qa.yml | 18 +++++++++--------- .../cicd-stage-2-deploy-to-int-and-sandbox.yml | 18 +++++++++--------- .../workflows/cicd-stage-3-deploy-to-prod.yml | 6 +++--- .github/workflows/pull-request-checks.yml | 18 +++++++++--------- .github/workflows/reusable-deploy.yml | 18 +++++++++--------- docs/user-guides/Glossary.md | 2 +- docs/user-guides/Proxygen_CLI.md | 4 ++-- proxygen/credentials.yaml | 6 +++--- 9 files changed, 52 insertions(+), 52 deletions(-) diff --git a/.github/actions/setup-proxygen/action.yaml b/.github/actions/setup-proxygen/action.yaml index 35e6507..f44b85c 100644 --- a/.github/actions/setup-proxygen/action.yaml +++ b/.github/actions/setup-proxygen/action.yaml @@ -2,13 +2,13 @@ name: "Setup Proxygen CLI" description: "Setup Proxygen CLI for the project" inputs: - NEW_PROXYGEN_CLIENT_ID: + PTL_PROXYGEN_CLIENT_ID: description: "Client ID for Proxygen CLI" required: true - NEW_PROXYGEN_KEY_ID: + PTL_PROXYGEN_KEY_ID: description: "Key ID for Proxygen CLI" required: true - NEW_PROXYGEN_PRIVATE_KEY: + PTL_PROXYGEN_PRIVATE_KEY: description: "Private key for Proxygen CLI" required: true @@ -29,15 +29,15 @@ runs: - name: Create Proxygen private key file run: | - echo "${{ inputs.NEW_PROXYGEN_PRIVATE_KEY }}" > ~/.proxygen/private_key.pem + echo "${{ inputs.PTL_PROXYGEN_PRIVATE_KEY }}" > ~/.proxygen/private_key.pem chmod 600 ~/.proxygen/private_key.pem shell: bash - name: Update Proxygen Credentials run: | - sed -i "s|NEW_CLIENT_ID_TO_BE_REPLACED|${{ inputs.NEW_PROXYGEN_CLIENT_ID }}|" ~/.proxygen/credentials.yaml - sed -i "s|NEW_KEY_ID_TO_BE_REPLACED|${{ inputs.NEW_PROXYGEN_KEY_ID }}|" ~/.proxygen/credentials.yaml - sed -i "s|NEW_PRIVATE_KEY_PATH_TO_BE_REPLACED|private_key.pem|" ~/.proxygen/credentials.yaml + sed -i "s|PTL_CLIENT_ID_TO_BE_REPLACED|${{ inputs.PTL_PROXYGEN_CLIENT_ID }}|" ~/.proxygen/credentials.yaml + sed -i "s|PTL_KEY_ID_TO_BE_REPLACED|${{ inputs.PTL_PROXYGEN_KEY_ID }}|" ~/.proxygen/credentials.yaml + sed -i "s|PTL_PRIVATE_KEY_PATH_TO_BE_REPLACED|private_key.pem|" ~/.proxygen/credentials.yaml shell: bash - name: Copy Proxygen settings diff --git a/.github/workflows/cicd-stage-1-deploy-to-internal-qa.yml b/.github/workflows/cicd-stage-1-deploy-to-internal-qa.yml index 1a66db4..454e0b7 100644 --- a/.github/workflows/cicd-stage-1-deploy-to-internal-qa.yml +++ b/.github/workflows/cicd-stage-1-deploy-to-internal-qa.yml @@ -16,9 +16,9 @@ jobs: emis_base_url: https://nhs70apptest.emishealth.com tpp_base_url: https://systmonline2.tpp-uk.com secrets: - NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} - NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} - NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} + PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} + PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} + PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} run-end-to-end-tests: name: "Run End to End Tests" @@ -35,9 +35,9 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} - NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} - NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} + PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} + PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} + PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} - name: Run End to End Tests uses: ./.github/actions/run-end-to-end-tests env: @@ -57,9 +57,9 @@ jobs: environment: "internal-qa-sandbox" type_of_deployment: "sandbox" secrets: - NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} - NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} - NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} + PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} + PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} + PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} run-postman-collection: name: "Run Postman Collection" diff --git a/.github/workflows/cicd-stage-2-deploy-to-int-and-sandbox.yml b/.github/workflows/cicd-stage-2-deploy-to-int-and-sandbox.yml index 29e76b2..b0b7f8c 100644 --- a/.github/workflows/cicd-stage-2-deploy-to-int-and-sandbox.yml +++ b/.github/workflows/cicd-stage-2-deploy-to-int-and-sandbox.yml @@ -15,9 +15,9 @@ jobs: emis_base_url: https://nhs70apptest.emishealth.com tpp_base_url: https://systmonline2.tpp-uk.com secrets: - NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} - NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} - NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} + PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} + PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} + PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} # Add int end-to-end tests @@ -28,9 +28,9 @@ jobs: environment: "sandbox" type_of_deployment: "sandbox" secrets: - NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} - NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} - NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} + PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} + PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} + PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} run-postman-collection: name: "Run Postman Collection" @@ -62,9 +62,9 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} - NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} - NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} + PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} + PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} + PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} - name: Deploy Specification to UAT run: make deploy-spec-uat-ci env: diff --git a/.github/workflows/cicd-stage-3-deploy-to-prod.yml b/.github/workflows/cicd-stage-3-deploy-to-prod.yml index cf25245..ec6818d 100644 --- a/.github/workflows/cicd-stage-3-deploy-to-prod.yml +++ b/.github/workflows/cicd-stage-3-deploy-to-prod.yml @@ -22,9 +22,9 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} - NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} - NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} + PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} + PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} + PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} - name: Deploy Specification to Production run: make deploy-spec-prod-ci env: diff --git a/.github/workflows/pull-request-checks.yml b/.github/workflows/pull-request-checks.yml index 05fd4c6..11f7196 100644 --- a/.github/workflows/pull-request-checks.yml +++ b/.github/workflows/pull-request-checks.yml @@ -35,9 +35,9 @@ jobs: emis_base_url: https://nhs70apptest.emishealth.com tpp_base_url: https://systmonline2.tpp-uk.com secrets: - NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} - NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} - NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} + PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} + PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} + PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} run-end-to-end-tests: name: "Run End to End Tests" @@ -54,9 +54,9 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} - NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} - NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} + PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} + PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} + PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} - name: Run End to End Tests uses: ./.github/actions/run-end-to-end-tests env: @@ -78,9 +78,9 @@ jobs: additional_path: "pr-${{ github.event.number }}" type_of_deployment: "sandbox" secrets: - NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} - NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} - NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} + PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} + PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} + PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} run-postman-collection: name: "Run Postman Collection" diff --git a/.github/workflows/reusable-deploy.yml b/.github/workflows/reusable-deploy.yml index 520d244..07858cb 100644 --- a/.github/workflows/reusable-deploy.yml +++ b/.github/workflows/reusable-deploy.yml @@ -37,13 +37,13 @@ on: value: ${{ jobs.deploy-environment.outputs.proxygen_url_path }} secrets: - NEW_PROXYGEN_CLIENT_ID: + PTL_PROXYGEN_CLIENT_ID: required: true description: "Client ID for Proxygen CLI" - NEW_PROXYGEN_KEY_ID: + PTL_PROXYGEN_KEY_ID: required: true description: "Key ID for Proxygen CLI" - NEW_PROXYGEN_PRIVATE_KEY: + PTL_PROXYGEN_PRIVATE_KEY: required: true description: "Private key for Proxygen CLI" @@ -86,9 +86,9 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} - NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} - NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} + PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} + PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} + PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} - name: Set up Docker Buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: "Build ${{inputs.type_of_deployment}} container" @@ -127,9 +127,9 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - NEW_PROXYGEN_CLIENT_ID: ${{ secrets.NEW_PROXYGEN_CLIENT_ID }} - NEW_PROXYGEN_KEY_ID: ${{ secrets.NEW_PROXYGEN_KEY_ID }} - NEW_PROXYGEN_PRIVATE_KEY: ${{ secrets.NEW_PROXYGEN_PRIVATE_KEY }} + PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} + PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} + PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} - name: Deploy environment run: make deploy-ci env: diff --git a/docs/user-guides/Glossary.md b/docs/user-guides/Glossary.md index 422de4c..9d69bd2 100644 --- a/docs/user-guides/Glossary.md +++ b/docs/user-guides/Glossary.md @@ -51,7 +51,7 @@ The CLI authenticates against the NHS identity service at: https://identity.prod.api.platform.nhs.uk/realms/api-producers ``` -This is a **Keycloak** identity provider used for machine-to-machine authentication for API producer teams. Authentication requires three credentials: a `client_id`, a `key_id`, and a `private_key` (PEM file). In CI/CD these are stored as GitHub secrets (`NEW_PROXYGEN_CLIENT_ID`, `NEW_PROXYGEN_KEY_ID`, `NEW_PROXYGEN_PRIVATE_KEY`) and also in the VRS AWS Prod Secrets Manager under the prefix `im1-pfs-auth/proxygen/`. +This is a **Keycloak** identity provider used for machine-to-machine authentication for API producer teams. Authentication requires three credentials: a `client_id`, a `key_id`, and a `private_key` (PEM file). In CI/CD these are stored as GitHub secrets (`PTL_PROXYGEN_CLIENT_ID`, `PTL_PROXYGEN_KEY_ID`, `PTL_PROXYGEN_PRIVATE_KEY`) and also in the VRS AWS Prod Secrets Manager under the prefix `im1-pfs-auth/proxygen/`. See the [Proxygen CLI guide](./Proxygen_CLI.md) for installation and configuration instructions. diff --git a/docs/user-guides/Proxygen_CLI.md b/docs/user-guides/Proxygen_CLI.md index 58c8f75..e138506 100644 --- a/docs/user-guides/Proxygen_CLI.md +++ b/docs/user-guides/Proxygen_CLI.md @@ -80,10 +80,10 @@ The proxygen CLI is a dedicated command-line interface tool designed to streamli ## Secrets -Secrets used for machine access are stored in Validated Relationships Service's (VRS) AWS Prod Secrets Manager with the prefix `im1-pfs-auth/proxygen/`. As well the private key is available in GitHub Secrets under the name `NEW_PROXYGEN_PRIVATE_KEY`. +Secrets used for machine access are stored in Validated Relationships Service's (VRS) AWS Prod Secrets Manager with the prefix `im1-pfs-auth/proxygen/`. As well the private key is available in GitHub Secrets under the name `PTL_PROXYGEN_PRIVATE_KEY`. Secrets used for machine access are stored in Validated Relationships Service's (VRS) AWS Prod Secrets Manager with the prefix `im1-pfs-auth/proxygen/`. ### Secrets in GitHub As well secrets are held in GitHub Secrets for the project. The secrets are used to authenticate the workflows to deploy the API to the NHS API Platform. The secrets are: -the private key is available in GitHub Secrets under the names `NEW_PROXYGEN_CLIENT_ID`, `NEW_PROXYGEN_KEY_ID`, and `NEW_PROXYGEN_PRIVATE_KEY`. +the private key is available in GitHub Secrets under the names `PTL_PROXYGEN_CLIENT_ID`, `PTL_PROXYGEN_KEY_ID`, and `PTL_PROXYGEN_PRIVATE_KEY`. diff --git a/proxygen/credentials.yaml b/proxygen/credentials.yaml index e1fb8b7..a245a2a 100644 --- a/proxygen/credentials.yaml +++ b/proxygen/credentials.yaml @@ -1,4 +1,4 @@ base_url: https://identity.ptl.api.platform.nhs.uk/realms/api-producers -client_id: NEW_CLIENT_ID_TO_BE_REPLACED -key_id: NEW_KEY_ID_TO_BE_REPLACED -private_key_path: NEW_PRIVATE_KEY_PATH_TO_BE_REPLACED +client_id: PTL_CLIENT_ID_TO_BE_REPLACED +key_id: PTL_KEY_ID_TO_BE_REPLACED +private_key_path: PTL_PRIVATE_KEY_PATH_TO_BE_REPLACED From 360e2193dcc23a7510549540af25e9c6231b1b0d Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Fri, 24 Apr 2026 09:36:14 +0100 Subject: [PATCH 11/18] NPA-6546: added prod configuration --- .../actions/setup-proxygen-prod/action.yaml | 45 +++++++++++++++++++ .../workflows/cicd-stage-3-deploy-to-prod.yml | 8 ++-- proxygen/credentials-prod.yaml | 4 ++ proxygen/settings-prod.yaml | 5 +++ 4 files changed, 58 insertions(+), 4 deletions(-) create mode 100644 .github/actions/setup-proxygen-prod/action.yaml create mode 100644 proxygen/credentials-prod.yaml create mode 100644 proxygen/settings-prod.yaml diff --git a/.github/actions/setup-proxygen-prod/action.yaml b/.github/actions/setup-proxygen-prod/action.yaml new file mode 100644 index 0000000..9aec99b --- /dev/null +++ b/.github/actions/setup-proxygen-prod/action.yaml @@ -0,0 +1,45 @@ +name: "Setup Proxygen CLI (Prod)" +description: "Setup Proxygen CLI for production deployments" + +inputs: + PROD_PROXYGEN_CLIENT_ID: + description: "Client ID for Proxygen CLI (Prod)" + required: true + PROD_PROXYGEN_KEY_ID: + description: "Key ID for Proxygen CLI (Prod)" + required: true + PROD_PROXYGEN_PRIVATE_KEY: + description: "Private key for Proxygen CLI (Prod)" + required: true + +runs: + using: "composite" + steps: + - name: Install Proxygen CLI + run: pip install proxygen-cli + shell: bash + + - name: Create Proxygen configuration directory + run: mkdir -p ~/.proxygen + shell: bash + + - name: Copy Proxygen credentials + run: cp proxygen/credentials-prod.yaml ~/.proxygen/credentials.yaml + shell: bash + + - name: Create Proxygen private key file + run: | + echo "${{ inputs.PROD_PROXYGEN_PRIVATE_KEY }}" > ~/.proxygen/private_key.pem + chmod 600 ~/.proxygen/private_key.pem + shell: bash + + - name: Update Proxygen Credentials + run: | + sed -i "s|PROD_CLIENT_ID_TO_BE_REPLACED|${{ inputs.PROD_PROXYGEN_CLIENT_ID }}|" ~/.proxygen/credentials.yaml + sed -i "s|PROD_KEY_ID_TO_BE_REPLACED|${{ inputs.PROD_PROXYGEN_KEY_ID }}|" ~/.proxygen/credentials.yaml + sed -i "s|PROD_PRIVATE_KEY_PATH_TO_BE_REPLACED|private_key.pem|" ~/.proxygen/credentials.yaml + shell: bash + + - name: Copy Proxygen settings + run: cp proxygen/settings-prod.yaml ~/.proxygen/settings.yaml + shell: bash diff --git a/.github/workflows/cicd-stage-3-deploy-to-prod.yml b/.github/workflows/cicd-stage-3-deploy-to-prod.yml index ec6818d..67aebf5 100644 --- a/.github/workflows/cicd-stage-3-deploy-to-prod.yml +++ b/.github/workflows/cicd-stage-3-deploy-to-prod.yml @@ -20,11 +20,11 @@ jobs: - name: Setup Python Dependencies uses: ./.github/actions/setup-python-dependencies - name: Setup proxygen - uses: ./.github/actions/setup-proxygen + uses: ./.github/actions/setup-proxygen-prod with: - PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} - PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} - PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} + PROD_PROXYGEN_CLIENT_ID: ${{ secrets.PROD_PROXYGEN_CLIENT_ID }} + PROD_PROXYGEN_KEY_ID: ${{ secrets.PROD_PROXYGEN_KEY_ID }} + PROD_PROXYGEN_PRIVATE_KEY: ${{ secrets.PROD_PROXYGEN_PRIVATE_KEY }} - name: Deploy Specification to Production run: make deploy-spec-prod-ci env: diff --git a/proxygen/credentials-prod.yaml b/proxygen/credentials-prod.yaml new file mode 100644 index 0000000..0cc6d01 --- /dev/null +++ b/proxygen/credentials-prod.yaml @@ -0,0 +1,4 @@ +base_url: https://identity.prod.api.platform.nhs.uk/realms/api-producers +client_id: PROD_CLIENT_ID_TO_BE_REPLACED +key_id: PROD_KEY_ID_TO_BE_REPLACED +private_key_path: PROD_PRIVATE_KEY_PATH_TO_BE_REPLACED diff --git a/proxygen/settings-prod.yaml b/proxygen/settings-prod.yaml new file mode 100644 index 0000000..2bb274d --- /dev/null +++ b/proxygen/settings-prod.yaml @@ -0,0 +1,5 @@ +{ + "endpoint_url": "https://proxygen.prod.api.platform.nhs.uk", + "spec_output_format": "json", + "api": "im1-pfs-auth", +} From e9edff9a27f27c4dacdc75e52b32722ecacf4550 Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Mon, 27 Apr 2026 10:04:28 +0100 Subject: [PATCH 12/18] NPA-6546: update secrets to generic name and make them environment based --- .../actions/setup-proxygen-prod/action.yaml | 17 +++++++++------- .github/actions/setup-proxygen/action.yaml | 17 +++++++++------- .../cicd-stage-1-deploy-to-internal-qa.yml | 19 +++++++++--------- ...cicd-stage-2-deploy-to-int-and-sandbox.yml | 19 +++++++++--------- .../workflows/cicd-stage-3-deploy-to-prod.yml | 7 ++++--- .github/workflows/pull-request-checks.yml | 19 +++++++++--------- .github/workflows/reusable-deploy.yml | 20 ++++++++++--------- docs/user-guides/Glossary.md | 2 +- docs/user-guides/Proxygen_CLI.md | 4 ++-- proxygen/credentials-prod.yaml | 6 +++--- proxygen/credentials.yaml | 6 +++--- 11 files changed, 74 insertions(+), 62 deletions(-) diff --git a/.github/actions/setup-proxygen-prod/action.yaml b/.github/actions/setup-proxygen-prod/action.yaml index 9aec99b..c12f8b3 100644 --- a/.github/actions/setup-proxygen-prod/action.yaml +++ b/.github/actions/setup-proxygen-prod/action.yaml @@ -2,13 +2,16 @@ name: "Setup Proxygen CLI (Prod)" description: "Setup Proxygen CLI for production deployments" inputs: - PROD_PROXYGEN_CLIENT_ID: + ENVIRONMENT: + description: "The environment to configure Proxygen for" + required: true + PROXYGEN_CLIENT_ID: description: "Client ID for Proxygen CLI (Prod)" required: true - PROD_PROXYGEN_KEY_ID: + PROXYGEN_KEY_ID: description: "Key ID for Proxygen CLI (Prod)" required: true - PROD_PROXYGEN_PRIVATE_KEY: + PROXYGEN_PRIVATE_KEY: description: "Private key for Proxygen CLI (Prod)" required: true @@ -29,15 +32,15 @@ runs: - name: Create Proxygen private key file run: | - echo "${{ inputs.PROD_PROXYGEN_PRIVATE_KEY }}" > ~/.proxygen/private_key.pem + echo "${{ inputs.PROXYGEN_PRIVATE_KEY }}" > ~/.proxygen/private_key.pem chmod 600 ~/.proxygen/private_key.pem shell: bash - name: Update Proxygen Credentials run: | - sed -i "s|PROD_CLIENT_ID_TO_BE_REPLACED|${{ inputs.PROD_PROXYGEN_CLIENT_ID }}|" ~/.proxygen/credentials.yaml - sed -i "s|PROD_KEY_ID_TO_BE_REPLACED|${{ inputs.PROD_PROXYGEN_KEY_ID }}|" ~/.proxygen/credentials.yaml - sed -i "s|PROD_PRIVATE_KEY_PATH_TO_BE_REPLACED|private_key.pem|" ~/.proxygen/credentials.yaml + sed -i "s|CLIENT_ID_TO_BE_REPLACED|${{ inputs.PROXYGEN_CLIENT_ID }}|" ~/.proxygen/credentials.yaml + sed -i "s|KEY_ID_TO_BE_REPLACED|${{ inputs.PROXYGEN_KEY_ID }}|" ~/.proxygen/credentials.yaml + sed -i "s|PRIVATE_KEY_PATH_TO_BE_REPLACED|private_key.pem|" ~/.proxygen/credentials.yaml shell: bash - name: Copy Proxygen settings diff --git a/.github/actions/setup-proxygen/action.yaml b/.github/actions/setup-proxygen/action.yaml index f44b85c..bbaf576 100644 --- a/.github/actions/setup-proxygen/action.yaml +++ b/.github/actions/setup-proxygen/action.yaml @@ -2,13 +2,16 @@ name: "Setup Proxygen CLI" description: "Setup Proxygen CLI for the project" inputs: - PTL_PROXYGEN_CLIENT_ID: + ENVIRONMENT: + description: "The environment to configure Proxygen for" + required: true + PROXYGEN_CLIENT_ID: description: "Client ID for Proxygen CLI" required: true - PTL_PROXYGEN_KEY_ID: + PROXYGEN_KEY_ID: description: "Key ID for Proxygen CLI" required: true - PTL_PROXYGEN_PRIVATE_KEY: + PROXYGEN_PRIVATE_KEY: description: "Private key for Proxygen CLI" required: true @@ -29,15 +32,15 @@ runs: - name: Create Proxygen private key file run: | - echo "${{ inputs.PTL_PROXYGEN_PRIVATE_KEY }}" > ~/.proxygen/private_key.pem + echo "${{ inputs.PROXYGEN_PRIVATE_KEY }}" > ~/.proxygen/private_key.pem chmod 600 ~/.proxygen/private_key.pem shell: bash - name: Update Proxygen Credentials run: | - sed -i "s|PTL_CLIENT_ID_TO_BE_REPLACED|${{ inputs.PTL_PROXYGEN_CLIENT_ID }}|" ~/.proxygen/credentials.yaml - sed -i "s|PTL_KEY_ID_TO_BE_REPLACED|${{ inputs.PTL_PROXYGEN_KEY_ID }}|" ~/.proxygen/credentials.yaml - sed -i "s|PTL_PRIVATE_KEY_PATH_TO_BE_REPLACED|private_key.pem|" ~/.proxygen/credentials.yaml + sed -i "s|CLIENT_ID_TO_BE_REPLACED|${{ inputs.PROXYGEN_CLIENT_ID }}|" ~/.proxygen/credentials.yaml + sed -i "s|KEY_ID_TO_BE_REPLACED|${{ inputs.PROXYGEN_KEY_ID }}|" ~/.proxygen/credentials.yaml + sed -i "s|PRIVATE_KEY_PATH_TO_BE_REPLACED|private_key.pem|" ~/.proxygen/credentials.yaml shell: bash - name: Copy Proxygen settings diff --git a/.github/workflows/cicd-stage-1-deploy-to-internal-qa.yml b/.github/workflows/cicd-stage-1-deploy-to-internal-qa.yml index 454e0b7..917d4c3 100644 --- a/.github/workflows/cicd-stage-1-deploy-to-internal-qa.yml +++ b/.github/workflows/cicd-stage-1-deploy-to-internal-qa.yml @@ -16,9 +16,9 @@ jobs: emis_base_url: https://nhs70apptest.emishealth.com tpp_base_url: https://systmonline2.tpp-uk.com secrets: - PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} - PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} - PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} + PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} + PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} run-end-to-end-tests: name: "Run End to End Tests" @@ -35,9 +35,10 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} - PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} - PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} + ENVIRONMENT: internal-qa + PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} + PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} - name: Run End to End Tests uses: ./.github/actions/run-end-to-end-tests env: @@ -57,9 +58,9 @@ jobs: environment: "internal-qa-sandbox" type_of_deployment: "sandbox" secrets: - PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} - PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} - PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} + PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} + PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} run-postman-collection: name: "Run Postman Collection" diff --git a/.github/workflows/cicd-stage-2-deploy-to-int-and-sandbox.yml b/.github/workflows/cicd-stage-2-deploy-to-int-and-sandbox.yml index b0b7f8c..2b85508 100644 --- a/.github/workflows/cicd-stage-2-deploy-to-int-and-sandbox.yml +++ b/.github/workflows/cicd-stage-2-deploy-to-int-and-sandbox.yml @@ -15,9 +15,9 @@ jobs: emis_base_url: https://nhs70apptest.emishealth.com tpp_base_url: https://systmonline2.tpp-uk.com secrets: - PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} - PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} - PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} + PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} + PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} # Add int end-to-end tests @@ -28,9 +28,9 @@ jobs: environment: "sandbox" type_of_deployment: "sandbox" secrets: - PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} - PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} - PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} + PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} + PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} run-postman-collection: name: "Run Postman Collection" @@ -62,9 +62,10 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} - PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} - PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} + ENVIRONMENT: int + PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} + PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} - name: Deploy Specification to UAT run: make deploy-spec-uat-ci env: diff --git a/.github/workflows/cicd-stage-3-deploy-to-prod.yml b/.github/workflows/cicd-stage-3-deploy-to-prod.yml index 67aebf5..769c6c2 100644 --- a/.github/workflows/cicd-stage-3-deploy-to-prod.yml +++ b/.github/workflows/cicd-stage-3-deploy-to-prod.yml @@ -22,9 +22,10 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen-prod with: - PROD_PROXYGEN_CLIENT_ID: ${{ secrets.PROD_PROXYGEN_CLIENT_ID }} - PROD_PROXYGEN_KEY_ID: ${{ secrets.PROD_PROXYGEN_KEY_ID }} - PROD_PROXYGEN_PRIVATE_KEY: ${{ secrets.PROD_PROXYGEN_PRIVATE_KEY }} + ENVIRONMENT: prod + PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} + PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} - name: Deploy Specification to Production run: make deploy-spec-prod-ci env: diff --git a/.github/workflows/pull-request-checks.yml b/.github/workflows/pull-request-checks.yml index 11f7196..b7eefb5 100644 --- a/.github/workflows/pull-request-checks.yml +++ b/.github/workflows/pull-request-checks.yml @@ -35,9 +35,9 @@ jobs: emis_base_url: https://nhs70apptest.emishealth.com tpp_base_url: https://systmonline2.tpp-uk.com secrets: - PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} - PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} - PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} + PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} + PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} run-end-to-end-tests: name: "Run End to End Tests" @@ -54,9 +54,10 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} - PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} - PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} + ENVIRONMENT: internal-dev + PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} + PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} - name: Run End to End Tests uses: ./.github/actions/run-end-to-end-tests env: @@ -78,9 +79,9 @@ jobs: additional_path: "pr-${{ github.event.number }}" type_of_deployment: "sandbox" secrets: - PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} - PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} - PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} + PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} + PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} run-postman-collection: name: "Run Postman Collection" diff --git a/.github/workflows/reusable-deploy.yml b/.github/workflows/reusable-deploy.yml index 07858cb..1b1296a 100644 --- a/.github/workflows/reusable-deploy.yml +++ b/.github/workflows/reusable-deploy.yml @@ -37,13 +37,13 @@ on: value: ${{ jobs.deploy-environment.outputs.proxygen_url_path }} secrets: - PTL_PROXYGEN_CLIENT_ID: + PROXYGEN_CLIENT_ID: required: true description: "Client ID for Proxygen CLI" - PTL_PROXYGEN_KEY_ID: + PROXYGEN_KEY_ID: required: true description: "Key ID for Proxygen CLI" - PTL_PROXYGEN_PRIVATE_KEY: + PROXYGEN_PRIVATE_KEY: required: true description: "Private key for Proxygen CLI" @@ -86,9 +86,10 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} - PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} - PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} + ENVIRONMENT: ${{ inputs.environment }} + PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} + PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} - name: Set up Docker Buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: "Build ${{inputs.type_of_deployment}} container" @@ -127,9 +128,10 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - PTL_PROXYGEN_CLIENT_ID: ${{ secrets.PTL_PROXYGEN_CLIENT_ID }} - PTL_PROXYGEN_KEY_ID: ${{ secrets.PTL_PROXYGEN_KEY_ID }} - PTL_PROXYGEN_PRIVATE_KEY: ${{ secrets.PTL_PROXYGEN_PRIVATE_KEY }} + ENVIRONMENT: ${{ inputs.environment }} + PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} + PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} + PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} - name: Deploy environment run: make deploy-ci env: diff --git a/docs/user-guides/Glossary.md b/docs/user-guides/Glossary.md index 9d69bd2..51007bc 100644 --- a/docs/user-guides/Glossary.md +++ b/docs/user-guides/Glossary.md @@ -51,7 +51,7 @@ The CLI authenticates against the NHS identity service at: https://identity.prod.api.platform.nhs.uk/realms/api-producers ``` -This is a **Keycloak** identity provider used for machine-to-machine authentication for API producer teams. Authentication requires three credentials: a `client_id`, a `key_id`, and a `private_key` (PEM file). In CI/CD these are stored as GitHub secrets (`PTL_PROXYGEN_CLIENT_ID`, `PTL_PROXYGEN_KEY_ID`, `PTL_PROXYGEN_PRIVATE_KEY`) and also in the VRS AWS Prod Secrets Manager under the prefix `im1-pfs-auth/proxygen/`. +This is a **Keycloak** identity provider used for machine-to-machine authentication for API producer teams. Authentication requires three credentials: a `client_id`, a `key_id`, and a `private_key` (PEM file). In CI/CD these are stored as GitHub secrets (`PROXYGEN_CLIENT_ID`, `PROXYGEN_KEY_ID`, `PROXYGEN_PRIVATE_KEY`) and also in the VRS AWS Prod Secrets Manager under the prefix `im1-pfs-auth/proxygen/`. See the [Proxygen CLI guide](./Proxygen_CLI.md) for installation and configuration instructions. diff --git a/docs/user-guides/Proxygen_CLI.md b/docs/user-guides/Proxygen_CLI.md index e138506..948ef74 100644 --- a/docs/user-guides/Proxygen_CLI.md +++ b/docs/user-guides/Proxygen_CLI.md @@ -80,10 +80,10 @@ The proxygen CLI is a dedicated command-line interface tool designed to streamli ## Secrets -Secrets used for machine access are stored in Validated Relationships Service's (VRS) AWS Prod Secrets Manager with the prefix `im1-pfs-auth/proxygen/`. As well the private key is available in GitHub Secrets under the name `PTL_PROXYGEN_PRIVATE_KEY`. +Secrets used for machine access are stored in Validated Relationships Service's (VRS) AWS Prod Secrets Manager with the prefix `im1-pfs-auth/proxygen/`. As well the private key is available in GitHub Secrets under the name `PROXYGEN_PRIVATE_KEY`. Secrets used for machine access are stored in Validated Relationships Service's (VRS) AWS Prod Secrets Manager with the prefix `im1-pfs-auth/proxygen/`. ### Secrets in GitHub As well secrets are held in GitHub Secrets for the project. The secrets are used to authenticate the workflows to deploy the API to the NHS API Platform. The secrets are: -the private key is available in GitHub Secrets under the names `PTL_PROXYGEN_CLIENT_ID`, `PTL_PROXYGEN_KEY_ID`, and `PTL_PROXYGEN_PRIVATE_KEY`. +the private key is available in GitHub Secrets under the names `PROXYGEN_CLIENT_ID`, `PROXYGEN_KEY_ID`, and `PROXYGEN_PRIVATE_KEY`. diff --git a/proxygen/credentials-prod.yaml b/proxygen/credentials-prod.yaml index 0cc6d01..454a829 100644 --- a/proxygen/credentials-prod.yaml +++ b/proxygen/credentials-prod.yaml @@ -1,4 +1,4 @@ base_url: https://identity.prod.api.platform.nhs.uk/realms/api-producers -client_id: PROD_CLIENT_ID_TO_BE_REPLACED -key_id: PROD_KEY_ID_TO_BE_REPLACED -private_key_path: PROD_PRIVATE_KEY_PATH_TO_BE_REPLACED +client_id: CLIENT_ID_TO_BE_REPLACED +key_id: KEY_ID_TO_BE_REPLACED +private_key_path: PRIVATE_KEY_PATH_TO_BE_REPLACED diff --git a/proxygen/credentials.yaml b/proxygen/credentials.yaml index a245a2a..5a3151b 100644 --- a/proxygen/credentials.yaml +++ b/proxygen/credentials.yaml @@ -1,4 +1,4 @@ base_url: https://identity.ptl.api.platform.nhs.uk/realms/api-producers -client_id: PTL_CLIENT_ID_TO_BE_REPLACED -key_id: PTL_KEY_ID_TO_BE_REPLACED -private_key_path: PTL_PRIVATE_KEY_PATH_TO_BE_REPLACED +client_id: CLIENT_ID_TO_BE_REPLACED +key_id: KEY_ID_TO_BE_REPLACED +private_key_path: PRIVATE_KEY_PATH_TO_BE_REPLACED From 1702b8e9190f5af9a138687d626145bd904112e6 Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Mon, 27 Apr 2026 10:29:22 +0100 Subject: [PATCH 13/18] NPA-6546: removed variable 'environment' from non-prod actions --- .github/actions/setup-proxygen/action.yaml | 3 --- .github/workflows/cicd-stage-1-deploy-to-internal-qa.yml | 1 - .github/workflows/cicd-stage-2-deploy-to-int-and-sandbox.yml | 1 - .github/workflows/pull-request-checks.yml | 1 - .github/workflows/reusable-deploy.yml | 2 -- docs/user-guides/Proxygen_CLI.md | 2 ++ 6 files changed, 2 insertions(+), 8 deletions(-) diff --git a/.github/actions/setup-proxygen/action.yaml b/.github/actions/setup-proxygen/action.yaml index bbaf576..831ade8 100644 --- a/.github/actions/setup-proxygen/action.yaml +++ b/.github/actions/setup-proxygen/action.yaml @@ -2,9 +2,6 @@ name: "Setup Proxygen CLI" description: "Setup Proxygen CLI for the project" inputs: - ENVIRONMENT: - description: "The environment to configure Proxygen for" - required: true PROXYGEN_CLIENT_ID: description: "Client ID for Proxygen CLI" required: true diff --git a/.github/workflows/cicd-stage-1-deploy-to-internal-qa.yml b/.github/workflows/cicd-stage-1-deploy-to-internal-qa.yml index 917d4c3..d6cf644 100644 --- a/.github/workflows/cicd-stage-1-deploy-to-internal-qa.yml +++ b/.github/workflows/cicd-stage-1-deploy-to-internal-qa.yml @@ -35,7 +35,6 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - ENVIRONMENT: internal-qa PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} diff --git a/.github/workflows/cicd-stage-2-deploy-to-int-and-sandbox.yml b/.github/workflows/cicd-stage-2-deploy-to-int-and-sandbox.yml index 2b85508..b3b7ecf 100644 --- a/.github/workflows/cicd-stage-2-deploy-to-int-and-sandbox.yml +++ b/.github/workflows/cicd-stage-2-deploy-to-int-and-sandbox.yml @@ -62,7 +62,6 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - ENVIRONMENT: int PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} diff --git a/.github/workflows/pull-request-checks.yml b/.github/workflows/pull-request-checks.yml index b7eefb5..ea705e2 100644 --- a/.github/workflows/pull-request-checks.yml +++ b/.github/workflows/pull-request-checks.yml @@ -54,7 +54,6 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - ENVIRONMENT: internal-dev PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} diff --git a/.github/workflows/reusable-deploy.yml b/.github/workflows/reusable-deploy.yml index 1b1296a..664a542 100644 --- a/.github/workflows/reusable-deploy.yml +++ b/.github/workflows/reusable-deploy.yml @@ -86,7 +86,6 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - ENVIRONMENT: ${{ inputs.environment }} PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} @@ -128,7 +127,6 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen with: - ENVIRONMENT: ${{ inputs.environment }} PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} diff --git a/docs/user-guides/Proxygen_CLI.md b/docs/user-guides/Proxygen_CLI.md index 948ef74..0aa3c87 100644 --- a/docs/user-guides/Proxygen_CLI.md +++ b/docs/user-guides/Proxygen_CLI.md @@ -87,3 +87,5 @@ Secrets used for machine access are stored in Validated Relationships Service's As well secrets are held in GitHub Secrets for the project. The secrets are used to authenticate the workflows to deploy the API to the NHS API Platform. The secrets are: the private key is available in GitHub Secrets under the names `PROXYGEN_CLIENT_ID`, `PROXYGEN_KEY_ID`, and `PROXYGEN_PRIVATE_KEY`. + +For production, these are stored as environment level secrets, and for PTL these are stored as repository level secrets - this way the default is PTL, and if it's a prod specific workflow/action, it will use the production variables. From 5e2a78aa9713594805f3440db05e2aa66295d49e Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Mon, 27 Apr 2026 10:30:37 +0100 Subject: [PATCH 14/18] NPA-6546: renamed prod to production --- .github/workflows/cicd-stage-3-deploy-to-prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cicd-stage-3-deploy-to-prod.yml b/.github/workflows/cicd-stage-3-deploy-to-prod.yml index 769c6c2..b69d481 100644 --- a/.github/workflows/cicd-stage-3-deploy-to-prod.yml +++ b/.github/workflows/cicd-stage-3-deploy-to-prod.yml @@ -30,6 +30,6 @@ jobs: run: make deploy-spec-prod-ci env: # Variables are necessary for spec generation, but aren't used in compiled spec - ENVIRONMENT: "prod" + ENVIRONMENT: "production" PROXYGEN_URL_PATH: "im1-pfs-auth" CONTAINER_TAG: "latest" From cf6088d60e58d463cb22e1fcf971184ca65b7399 Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Mon, 27 Apr 2026 10:31:44 +0100 Subject: [PATCH 15/18] NPA-6546: revert previous change --- .github/workflows/cicd-stage-3-deploy-to-prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cicd-stage-3-deploy-to-prod.yml b/.github/workflows/cicd-stage-3-deploy-to-prod.yml index b69d481..769c6c2 100644 --- a/.github/workflows/cicd-stage-3-deploy-to-prod.yml +++ b/.github/workflows/cicd-stage-3-deploy-to-prod.yml @@ -30,6 +30,6 @@ jobs: run: make deploy-spec-prod-ci env: # Variables are necessary for spec generation, but aren't used in compiled spec - ENVIRONMENT: "production" + ENVIRONMENT: "prod" PROXYGEN_URL_PATH: "im1-pfs-auth" CONTAINER_TAG: "latest" From aa939be6cf89b885ebd59decb389ee9194981752 Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Mon, 27 Apr 2026 10:35:48 +0100 Subject: [PATCH 16/18] NPA-6546: adding quotes for consistency --- .github/workflows/cicd-stage-3-deploy-to-prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cicd-stage-3-deploy-to-prod.yml b/.github/workflows/cicd-stage-3-deploy-to-prod.yml index 769c6c2..07a3b2a 100644 --- a/.github/workflows/cicd-stage-3-deploy-to-prod.yml +++ b/.github/workflows/cicd-stage-3-deploy-to-prod.yml @@ -22,7 +22,7 @@ jobs: - name: Setup proxygen uses: ./.github/actions/setup-proxygen-prod with: - ENVIRONMENT: prod + ENVIRONMENT: "prod" PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }} PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} From 90d91ff3731247de5833d3ddf72515ae784dee43 Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Mon, 27 Apr 2026 10:50:45 +0100 Subject: [PATCH 17/18] NPA-6546: generate apim yaml file for int spec --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index a228bd6..638d504 100644 --- a/Makefile +++ b/Makefile @@ -56,6 +56,7 @@ deploy-ci: # Deploy spec to uat deploy-spec-uat: + cp -f specification/x-nhsd-apim/x-nhsd-apim-int.yaml specification/x-nhsd-apim/x-nhsd-apim.generated.yaml proxygen spec publish --uat $(PROXYGEN_ARGS) specification/im1-pfs-auth-api.yaml # Deploy spec to prod From 1c637bf9eb6c2b1bba5e130d8699d1247ff7477b Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Mon, 27 Apr 2026 11:31:19 +0100 Subject: [PATCH 18/18] NPA-6546: rename credentials.yaml and settings.yaml files for consistency --- .github/actions/setup-proxygen/action.yaml | 4 ++-- proxygen/{credentials.yaml => credentials-ptl.yaml} | 0 proxygen/{settings.yaml => settings-ptl.yaml} | 0 3 files changed, 2 insertions(+), 2 deletions(-) rename proxygen/{credentials.yaml => credentials-ptl.yaml} (100%) rename proxygen/{settings.yaml => settings-ptl.yaml} (100%) diff --git a/.github/actions/setup-proxygen/action.yaml b/.github/actions/setup-proxygen/action.yaml index 831ade8..c1c3bf6 100644 --- a/.github/actions/setup-proxygen/action.yaml +++ b/.github/actions/setup-proxygen/action.yaml @@ -24,7 +24,7 @@ runs: shell: bash - name: Copy Proxygen credentials - run: cp proxygen/credentials.yaml ~/.proxygen/credentials.yaml + run: cp proxygen/credentials-ptl.yaml ~/.proxygen/credentials.yaml shell: bash - name: Create Proxygen private key file @@ -41,5 +41,5 @@ runs: shell: bash - name: Copy Proxygen settings - run: cp proxygen/settings.yaml ~/.proxygen/settings.yaml + run: cp proxygen/settings-ptl.yaml ~/.proxygen/settings.yaml shell: bash diff --git a/proxygen/credentials.yaml b/proxygen/credentials-ptl.yaml similarity index 100% rename from proxygen/credentials.yaml rename to proxygen/credentials-ptl.yaml diff --git a/proxygen/settings.yaml b/proxygen/settings-ptl.yaml similarity index 100% rename from proxygen/settings.yaml rename to proxygen/settings-ptl.yaml