diff --git a/Makefile b/Makefile index af7e88d..1720632 100644 --- a/Makefile +++ b/Makefile @@ -112,7 +112,7 @@ set-ratelimit: guard-APIM_ENV < specification/x-nhsd-apim/ratelimit-template.yaml > specification/x-nhsd-apim/ratelimit.yaml update-spec-template: guard-APIM_ENV -ifeq ($(APIM_ENV), $(filter $(APIM_ENV), sandbox internal-dev int ref preprod prod )) +ifeq ($(APIM_ENV), $(filter $(APIM_ENV), sandbox internal-dev test int ref preprod prod )) @ $(MAKE) set-target APIM_ENV=$$APIM_ENV @ $(MAKE) set-access APIM_ENV=$$APIM_ENV @ $(MAKE) set-security APIM_ENV=$$APIM_ENV @@ -123,10 +123,15 @@ else endif construct-spec: guard-APIM_ENV - @ $(MAKE) update-spec-template APIM_ENV=$$APIM_ENV - mkdir -p build/specification/$(APIM_ENV) && \ - npx redocly bundle specification/eligibility-signposting-api.yaml --remove-unused-components --keep-url-references --ext yaml \ - > build/specification/$(APIM_ENV)/eligibility-signposting-api.yaml + @ $(MAKE) update-spec-template APIM_ENV=$$APIM_ENV + mkdir -p build/specification/$(APIM_ENV) +ifeq ($(APIM_ENV), sandbox) + sed '/^[[:space:]]*security:/,/^[[:space:]]*-[[:space:]]/c\ security:\n - app-level0: []' specification/eligibility-signposting-api.yaml > specification/eligibility-signposting-api.generated.yaml && \ + npx redocly bundle specification/eligibility-signposting-api.generated.yaml --remove-unused-components --keep-url-references --ext yaml > build/specification/$(APIM_ENV)/eligibility-signposting-api.yaml + rm specification/eligibility-signposting-api.generated.yaml +else + npx redocly bundle specification/eligibility-signposting-api.yaml --remove-unused-components --keep-url-references --ext yaml > build/specification/$(APIM_ENV)/eligibility-signposting-api.yaml +endif SPEC_DIR := $(CURDIR)/specification diff --git a/sandbox/Makefile b/sandbox/Makefile index cf0d1b5..d49e0db 100644 --- a/sandbox/Makefile +++ b/sandbox/Makefile @@ -6,13 +6,42 @@ list: @grep '^[^#[:space:]].*:' Makefile build: - docker-compose -f docker-compose.yaml build + docker compose -f docker-compose.yaml build + +tag-service-image: + $(eval IMAGE_ID=$(shell docker images -q sandbox-combined-service:latest)) + @if [ -z "$(IMAGE_ID)" ]; then \ + echo "ERROR: No image ID found for sandbox-combined-service:latest. Did you build it?"; \ + exit 1; \ + fi + docker tag $(IMAGE_ID) 958002497996.dkr.ecr.eu-west-2.amazonaws.com/eligibility-signposting-api:latest + @echo "Tagged image $(IMAGE_ID) as 958002497996.dkr.ecr.eu-west-2.amazonaws.com/eligibility-signposting-api:latest" + +build-and-tag: + make build + make tag-service-image + +proxygen-docker-login: # Login to Proxygen Docker registry + make -C .. setup-proxygen-credentials + proxygen docker get-login | bash + +publish-to-docker-repo: + proxygen-docker-login + docker push 958002497996.dkr.ecr.eu-west-2.amazonaws.com/eligibility-signposting-api:latest + +build-and-publish-sandbox-image: + make build-and-tag + make publish-to-docker-repo + +deploy-sandbox-spec: + make -C .. construct-spec APIM_ENV=sandbox + proxygen instance deploy sandbox eligibility-signposting-api ./build/specification/sandbox/eligibility-signposting-api.yaml up: build - docker-compose -f docker-compose.yaml up -d + docker compose -f docker-compose.yaml up -d down: - docker-compose -f docker-compose.yaml down + docker compose -f docker-compose.yaml down clean: rm -rf ./node_modules diff --git a/sandbox/README.md b/sandbox/README.md index e379ae2..f4d3250 100644 --- a/sandbox/README.md +++ b/sandbox/README.md @@ -65,10 +65,5 @@ Instructions for creation and deployment of the sandbox specification can be fou To deploy the sandbox Docker image to AWS ECR, we use Proxygen CLI as follows: -1. Follow the instructions in the [specification README](/specification/README.md) to set up Proxygen authentication. -2. Run `proxygen docker get-login` and copy the command provided in the response. -3. Run the command to authenticate with our ECR repository. -4. Build the sandbox container - `make build` in this directory. -5. Tag the image created using `docker image tag 958002497996.dkr.ecr.eu-west-2.amazonaws.com/eligibility-signposting-api:latest`. You - can see what the image id is by running `docker images` to find what was just built. -6. Push the docker image to our ECR repository using `docker push 958002497996.dkr.ecr.eu-west-2.amazonaws.com/eligibility-signposting-api:latest` +1. Run `make build-and-publish-sandbox-image` to build the sandbox image and publish to the docker ECR repository. +2. Run `make deploy-sandbox-spec` to build and publish the sandbox spec to the sandbox instance on APIM. diff --git a/specification/components/security/security-dev.yaml b/specification/components/security/security-dev.yaml index 7074f33..c5208a1 100644 --- a/specification/components/security/security-dev.yaml +++ b/specification/components/security/security-dev.yaml @@ -1 +1,2 @@ -$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9 +nhs-login-p9: + $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9 diff --git a/specification/components/security/security-preprod.yaml b/specification/components/security/security-preprod.yaml index 7074f33..c5208a1 100644 --- a/specification/components/security/security-preprod.yaml +++ b/specification/components/security/security-preprod.yaml @@ -1 +1,2 @@ -$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9 +nhs-login-p9: + $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9 diff --git a/specification/components/security/security-prod.yaml b/specification/components/security/security-prod.yaml index 7074f33..c5208a1 100644 --- a/specification/components/security/security-prod.yaml +++ b/specification/components/security/security-prod.yaml @@ -1 +1,2 @@ -$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9 +nhs-login-p9: + $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9 diff --git a/specification/components/security/security-sandbox.yaml b/specification/components/security/security-sandbox.yaml index 96e5804..8305a64 100644 --- a/specification/components/security/security-sandbox.yaml +++ b/specification/components/security/security-sandbox.yaml @@ -1 +1,2 @@ -$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/app-level0 +app-level0: + $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/app-level0 diff --git a/specification/components/security/security-test.yaml b/specification/components/security/security-test.yaml index 7074f33..c5208a1 100644 --- a/specification/components/security/security-test.yaml +++ b/specification/components/security/security-test.yaml @@ -1 +1,2 @@ -$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9 +nhs-login-p9: + $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9 diff --git a/specification/eligibility-signposting-api.yaml b/specification/eligibility-signposting-api.yaml index fcb9fd3..98ffba4 100644 --- a/specification/eligibility-signposting-api.yaml +++ b/specification/eligibility-signposting-api.yaml @@ -25,7 +25,7 @@ paths: Determines which suggestions a person is eligible for and which they are not, including reasons and next steps. security: - - environment-specific-secured: [] + - nhs-login-p9: [] operationId: checkEligibility parameters: - name: id @@ -766,7 +766,6 @@ paths: ################################################################################ components: securitySchemes: - environment-specific-secured: $ref: "components/security/security.yaml" x-nhsd-apim: access: