From 0bc452f337790105db85ed54886a5272ac9994ef Mon Sep 17 00:00:00 2001 From: Edd Almond Date: Wed, 18 Jun 2025 10:35:59 +0100 Subject: [PATCH 1/5] bugfix - fixing make commands, sandbox specification --- Makefile | 2 +- sandbox/Makefile | 6 +++--- specification/components/security/security-sandbox.yaml | 2 +- specification/eligibility-signposting-api.yaml | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index af7e88d..db49a9c 100644 --- a/Makefile +++ b/Makefile @@ -112,7 +112,7 @@ set-ratelimit: guard-APIM_ENV < specification/x-nhsd-apim/ratelimit-template.yaml > specification/x-nhsd-apim/ratelimit.yaml update-spec-template: guard-APIM_ENV -ifeq ($(APIM_ENV), $(filter $(APIM_ENV), sandbox internal-dev int ref preprod prod )) +ifeq ($(APIM_ENV), $(filter $(APIM_ENV), sandbox internal-dev test int ref preprod prod )) @ $(MAKE) set-target APIM_ENV=$$APIM_ENV @ $(MAKE) set-access APIM_ENV=$$APIM_ENV @ $(MAKE) set-security APIM_ENV=$$APIM_ENV diff --git a/sandbox/Makefile b/sandbox/Makefile index cf0d1b5..eccedd0 100644 --- a/sandbox/Makefile +++ b/sandbox/Makefile @@ -6,13 +6,13 @@ list: @grep '^[^#[:space:]].*:' Makefile build: - docker-compose -f docker-compose.yaml build + docker compose -f docker-compose.yaml build up: build - docker-compose -f docker-compose.yaml up -d + docker compose -f docker-compose.yaml up -d down: - docker-compose -f docker-compose.yaml down + docker compose -f docker-compose.yaml down clean: rm -rf ./node_modules diff --git a/specification/components/security/security-sandbox.yaml b/specification/components/security/security-sandbox.yaml index 96e5804..7074f33 100644 --- a/specification/components/security/security-sandbox.yaml +++ b/specification/components/security/security-sandbox.yaml @@ -1 +1 @@ -$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/app-level0 +$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9 diff --git a/specification/eligibility-signposting-api.yaml b/specification/eligibility-signposting-api.yaml index fcb9fd3..1cbe97a 100644 --- a/specification/eligibility-signposting-api.yaml +++ b/specification/eligibility-signposting-api.yaml @@ -25,7 +25,7 @@ paths: Determines which suggestions a person is eligible for and which they are not, including reasons and next steps. security: - - environment-specific-secured: [] + - nhs-login-p9: [] operationId: checkEligibility parameters: - name: id @@ -766,8 +766,8 @@ paths: ################################################################################ components: securitySchemes: - environment-specific-secured: - $ref: "components/security/security.yaml" + nhs-login-p9: + $ref: "components/security/security.yaml" x-nhsd-apim: access: $ref: "x-nhsd-apim/access.yaml" From 3f9a8ebaf42e1465654439fafac96c5ba9da7ba4 Mon Sep 17 00:00:00 2001 From: Edd Almond Date: Thu, 19 Jun 2025 10:58:06 +0100 Subject: [PATCH 2/5] moving security schemes directly into the config --- Makefile | 13 +++++++++---- specification/components/security/security-dev.yaml | 3 ++- .../components/security/security-preprod.yaml | 3 ++- .../components/security/security-prod.yaml | 3 ++- .../components/security/security-sandbox.yaml | 3 ++- .../components/security/security-test.yaml | 3 ++- specification/eligibility-signposting-api.yaml | 3 +-- 7 files changed, 20 insertions(+), 11 deletions(-) diff --git a/Makefile b/Makefile index db49a9c..1720632 100644 --- a/Makefile +++ b/Makefile @@ -123,10 +123,15 @@ else endif construct-spec: guard-APIM_ENV - @ $(MAKE) update-spec-template APIM_ENV=$$APIM_ENV - mkdir -p build/specification/$(APIM_ENV) && \ - npx redocly bundle specification/eligibility-signposting-api.yaml --remove-unused-components --keep-url-references --ext yaml \ - > build/specification/$(APIM_ENV)/eligibility-signposting-api.yaml + @ $(MAKE) update-spec-template APIM_ENV=$$APIM_ENV + mkdir -p build/specification/$(APIM_ENV) +ifeq ($(APIM_ENV), sandbox) + sed '/^[[:space:]]*security:/,/^[[:space:]]*-[[:space:]]/c\ security:\n - app-level0: []' specification/eligibility-signposting-api.yaml > specification/eligibility-signposting-api.generated.yaml && \ + npx redocly bundle specification/eligibility-signposting-api.generated.yaml --remove-unused-components --keep-url-references --ext yaml > build/specification/$(APIM_ENV)/eligibility-signposting-api.yaml + rm specification/eligibility-signposting-api.generated.yaml +else + npx redocly bundle specification/eligibility-signposting-api.yaml --remove-unused-components --keep-url-references --ext yaml > build/specification/$(APIM_ENV)/eligibility-signposting-api.yaml +endif SPEC_DIR := $(CURDIR)/specification diff --git a/specification/components/security/security-dev.yaml b/specification/components/security/security-dev.yaml index 7074f33..c5208a1 100644 --- a/specification/components/security/security-dev.yaml +++ b/specification/components/security/security-dev.yaml @@ -1 +1,2 @@ -$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9 +nhs-login-p9: + $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9 diff --git a/specification/components/security/security-preprod.yaml b/specification/components/security/security-preprod.yaml index 7074f33..c5208a1 100644 --- a/specification/components/security/security-preprod.yaml +++ b/specification/components/security/security-preprod.yaml @@ -1 +1,2 @@ -$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9 +nhs-login-p9: + $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9 diff --git a/specification/components/security/security-prod.yaml b/specification/components/security/security-prod.yaml index 7074f33..c5208a1 100644 --- a/specification/components/security/security-prod.yaml +++ b/specification/components/security/security-prod.yaml @@ -1 +1,2 @@ -$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9 +nhs-login-p9: + $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9 diff --git a/specification/components/security/security-sandbox.yaml b/specification/components/security/security-sandbox.yaml index 7074f33..8305a64 100644 --- a/specification/components/security/security-sandbox.yaml +++ b/specification/components/security/security-sandbox.yaml @@ -1 +1,2 @@ -$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9 +app-level0: + $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/app-level0 diff --git a/specification/components/security/security-test.yaml b/specification/components/security/security-test.yaml index 7074f33..c5208a1 100644 --- a/specification/components/security/security-test.yaml +++ b/specification/components/security/security-test.yaml @@ -1 +1,2 @@ -$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9 +nhs-login-p9: + $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9 diff --git a/specification/eligibility-signposting-api.yaml b/specification/eligibility-signposting-api.yaml index 1cbe97a..98ffba4 100644 --- a/specification/eligibility-signposting-api.yaml +++ b/specification/eligibility-signposting-api.yaml @@ -766,8 +766,7 @@ paths: ################################################################################ components: securitySchemes: - nhs-login-p9: - $ref: "components/security/security.yaml" + $ref: "components/security/security.yaml" x-nhsd-apim: access: $ref: "x-nhsd-apim/access.yaml" From 5092e92be882e2b81096c8b8c92d5fd52609c115 Mon Sep 17 00:00:00 2001 From: Edd Almond Date: Thu, 19 Jun 2025 11:25:46 +0100 Subject: [PATCH 3/5] adding some helpful make commands to streamline publishing the sandbox image and deploying the spec to the sandbox instance --- sandbox/Makefile | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/sandbox/Makefile b/sandbox/Makefile index eccedd0..d49e0db 100644 --- a/sandbox/Makefile +++ b/sandbox/Makefile @@ -8,6 +8,35 @@ list: build: docker compose -f docker-compose.yaml build +tag-service-image: + $(eval IMAGE_ID=$(shell docker images -q sandbox-combined-service:latest)) + @if [ -z "$(IMAGE_ID)" ]; then \ + echo "ERROR: No image ID found for sandbox-combined-service:latest. Did you build it?"; \ + exit 1; \ + fi + docker tag $(IMAGE_ID) 958002497996.dkr.ecr.eu-west-2.amazonaws.com/eligibility-signposting-api:latest + @echo "Tagged image $(IMAGE_ID) as 958002497996.dkr.ecr.eu-west-2.amazonaws.com/eligibility-signposting-api:latest" + +build-and-tag: + make build + make tag-service-image + +proxygen-docker-login: # Login to Proxygen Docker registry + make -C .. setup-proxygen-credentials + proxygen docker get-login | bash + +publish-to-docker-repo: + proxygen-docker-login + docker push 958002497996.dkr.ecr.eu-west-2.amazonaws.com/eligibility-signposting-api:latest + +build-and-publish-sandbox-image: + make build-and-tag + make publish-to-docker-repo + +deploy-sandbox-spec: + make -C .. construct-spec APIM_ENV=sandbox + proxygen instance deploy sandbox eligibility-signposting-api ./build/specification/sandbox/eligibility-signposting-api.yaml + up: build docker compose -f docker-compose.yaml up -d From c5712e8e039d2ddf4c04e689408e031c4afa7866 Mon Sep 17 00:00:00 2001 From: Edd Almond Date: Thu, 19 Jun 2025 11:28:15 +0100 Subject: [PATCH 4/5] update README --- sandbox/README.md | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/sandbox/README.md b/sandbox/README.md index e379ae2..7fea3fc 100644 --- a/sandbox/README.md +++ b/sandbox/README.md @@ -65,10 +65,5 @@ Instructions for creation and deployment of the sandbox specification can be fou To deploy the sandbox Docker image to AWS ECR, we use Proxygen CLI as follows: -1. Follow the instructions in the [specification README](/specification/README.md) to set up Proxygen authentication. -2. Run `proxygen docker get-login` and copy the command provided in the response. -3. Run the command to authenticate with our ECR repository. -4. Build the sandbox container - `make build` in this directory. -5. Tag the image created using `docker image tag 958002497996.dkr.ecr.eu-west-2.amazonaws.com/eligibility-signposting-api:latest`. You - can see what the image id is by running `docker images` to find what was just built. -6. Push the docker image to our ECR repository using `docker push 958002497996.dkr.ecr.eu-west-2.amazonaws.com/eligibility-signposting-api:latest` +1. Run `make build-and-publish-sandbox-image` to build the sandbox image and publish to the docker ECR repo. +2. Run `make deploy-sandbox-spec` to build and publish the sandbox spec to the sandbox instance on APIM. From 88038c109df7dfc3c848df0ddb840df0aaecb295 Mon Sep 17 00:00:00 2001 From: Edd Almond Date: Thu, 19 Jun 2025 11:36:10 +0100 Subject: [PATCH 5/5] fixed typo --- sandbox/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sandbox/README.md b/sandbox/README.md index 7fea3fc..f4d3250 100644 --- a/sandbox/README.md +++ b/sandbox/README.md @@ -65,5 +65,5 @@ Instructions for creation and deployment of the sandbox specification can be fou To deploy the sandbox Docker image to AWS ECR, we use Proxygen CLI as follows: -1. Run `make build-and-publish-sandbox-image` to build the sandbox image and publish to the docker ECR repo. +1. Run `make build-and-publish-sandbox-image` to build the sandbox image and publish to the docker ECR repository. 2. Run `make deploy-sandbox-spec` to build and publish the sandbox spec to the sandbox instance on APIM.