Bugfix/fix specification build for sandbox and test

Makefile

@@ -112,7 +112,7 @@ set-ratelimit: guard-APIM_ENV
 	< specification/x-nhsd-apim/ratelimit-template.yaml > specification/x-nhsd-apim/ratelimit.yaml
 
 update-spec-template: guard-APIM_ENV
-ifeq ($(APIM_ENV), $(filter $(APIM_ENV), sandbox internal-dev int ref preprod prod ))
+ifeq ($(APIM_ENV), $(filter $(APIM_ENV), sandbox internal-dev test int ref preprod prod ))
 	@ $(MAKE) set-target APIM_ENV=$$APIM_ENV
 	@ $(MAKE) set-access APIM_ENV=$$APIM_ENV
 	@ $(MAKE) set-security APIM_ENV=$$APIM_ENV
@@ -123,10 +123,15 @@ else
 endif
 
 construct-spec: guard-APIM_ENV
-	@ $(MAKE) update-spec-template APIM_ENV=$$APIM_ENV
-	mkdir -p build/specification/$(APIM_ENV) && \
-	npx redocly bundle specification/eligibility-signposting-api.yaml --remove-unused-components --keep-url-references --ext yaml \
-	> build/specification/$(APIM_ENV)/eligibility-signposting-api.yaml
+		@ $(MAKE) update-spec-template APIM_ENV=$$APIM_ENV
+		mkdir -p build/specification/$(APIM_ENV)
+ifeq ($(APIM_ENV), sandbox)
+		sed '/^[[:space:]]*security:/,/^[[:space:]]*-[[:space:]]/c\      security:\n        - app-level0: []' specification/eligibility-signposting-api.yaml > specification/eligibility-signposting-api.generated.yaml && \
+		npx redocly bundle specification/eligibility-signposting-api.generated.yaml --remove-unused-components --keep-url-references --ext yaml > build/specification/$(APIM_ENV)/eligibility-signposting-api.yaml
+		rm specification/eligibility-signposting-api.generated.yaml
+else
+		npx redocly bundle specification/eligibility-signposting-api.yaml --remove-unused-components --keep-url-references --ext yaml > build/specification/$(APIM_ENV)/eligibility-signposting-api.yaml
+endif
 
 
 SPEC_DIR := $(CURDIR)/specification

sandbox/Makefile

@@ -6,13 +6,42 @@ list:
 	@grep '^[^#[:space:]].*:' Makefile
 
 build:
-	docker-compose -f docker-compose.yaml build
+	docker compose -f docker-compose.yaml build
+
+tag-service-image:
+		$(eval IMAGE_ID=$(shell docker images -q sandbox-combined-service:latest))
+		@if [ -z "$(IMAGE_ID)" ]; then \
+				echo "ERROR: No image ID found for sandbox-combined-service:latest. Did you build it?"; \
+				exit 1; \
+		fi
+		docker tag $(IMAGE_ID) 958002497996.dkr.ecr.eu-west-2.amazonaws.com/eligibility-signposting-api:latest
+		@echo "Tagged image $(IMAGE_ID) as 958002497996.dkr.ecr.eu-west-2.amazonaws.com/eligibility-signposting-api:latest"
+
+build-and-tag:
+		make build
+		make tag-service-image
+
+proxygen-docker-login: # Login to Proxygen Docker registry
+	make -C .. setup-proxygen-credentials
+	proxygen docker get-login | bash
+
+publish-to-docker-repo:
+	proxygen-docker-login
+	docker push 958002497996.dkr.ecr.eu-west-2.amazonaws.com/eligibility-signposting-api:latest
+
+build-and-publish-sandbox-image:
+	make build-and-tag
+	make publish-to-docker-repo
+
+deploy-sandbox-spec:
+	make -C .. construct-spec APIM_ENV=sandbox
+	proxygen instance deploy sandbox eligibility-signposting-api ./build/specification/sandbox/eligibility-signposting-api.yaml
 
 up: build
-	docker-compose -f docker-compose.yaml up -d
+	docker compose -f docker-compose.yaml up -d
 
 down:
-	docker-compose -f docker-compose.yaml down
+	docker compose -f docker-compose.yaml down
 
 clean:
 	rm -rf ./node_modules

sandbox/README.md

@@ -65,10 +65,5 @@ Instructions for creation and deployment of the sandbox specification can be fou
 
 To deploy the sandbox Docker image to AWS ECR, we use Proxygen CLI as follows:
 
-1. Follow the instructions in the [specification README](/specification/README.md) to set up Proxygen authentication.
-2. Run `proxygen docker get-login` and copy the command provided in the response.
-3. Run the command to authenticate with our ECR repository.
-4. Build the sandbox container - `make build` in this directory.
-5. Tag the image created using `docker image tag <image id> 958002497996.dkr.ecr.eu-west-2.amazonaws.com/eligibility-signposting-api:latest`. You
-   can see what the image id is by running `docker images` to find what was just built.
-6. Push the docker image to our ECR repository using `docker push 958002497996.dkr.ecr.eu-west-2.amazonaws.com/eligibility-signposting-api:latest`
+1. Run `make build-and-publish-sandbox-image` to build the sandbox image and publish to the docker ECR repository.
+2. Run `make deploy-sandbox-spec` to build and publish the sandbox spec to the sandbox instance on APIM.

specification/components/security/security-dev.yaml

@@ -1 +1,2 @@
-$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9
+nhs-login-p9:
+  $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9

specification/components/security/security-preprod.yaml

@@ -1 +1,2 @@
-$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9
+nhs-login-p9:
+  $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9

specification/components/security/security-prod.yaml

@@ -1 +1,2 @@
-$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9
+nhs-login-p9:
+  $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9

specification/components/security/security-sandbox.yaml

@@ -1 +1,2 @@
-$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/app-level0
+app-level0:
+    $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/app-level0

specification/components/security/security-test.yaml

@@ -1 +1,2 @@
-$ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9
+nhs-login-p9:
+  $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9

specification/eligibility-signposting-api.yaml

@@ -25,7 +25,7 @@ paths:
         Determines which suggestions a person is eligible for and which they are
         not, including reasons and next steps.
       security:
-        - environment-specific-secured: []
+        - nhs-login-p9: []
       operationId: checkEligibility
       parameters:
         - name: id
@@ -766,7 +766,6 @@ paths:
 ################################################################################
 components:
     securitySchemes:
-      environment-specific-secured:
         $ref: "components/security/security.yaml"
 x-nhsd-apim:
     access: