CCM-12133: move interal-dev deploy to manual workflow (#155)

masl2 · web-flow · commit 3b7b924c1ae2 · 2025-09-12T15:18:21.000Z
* CCM-12133: move interal-dev deploy to manual workflow * CCM-12133: correct build triggers * CCM-12133: version not required * CCM-12133: fix indents * CCM-12133: add tickets to todos * CCM-12133: pr num lookup * CCM-12133: missing envars * CCM-12133: remove on push trigger
diff --git a/.github/actions/build-proxies/action.yml b/.github/actions/build-proxies/action.yml
@@ -1,9 +1,11 @@
 name: "Build Proxies"
 description: "Build Proxies"
+
 inputs:
   version:
     description: "Version number"
     required: true
+
 runs:
   using: composite
 
@@ -19,7 +21,6 @@ runs:
       run: npm ci
       shell: bash
 
-
     - name: Setup Proxy Name and target
       shell: bash
       run: |
@@ -35,10 +36,8 @@ runs:
           echo "INSTANCE=$PROXYGEN_API_NAME-PR-$PR_NUMBER" >> $GITHUB_ENV
           echo "SANDBOX_TAG=pr$PR_NUMBER" >> $GITHUB_ENV
           echo "MTLS_NAME=notify-supplier-mtls-pr$PR_NUMBER" >> $GITHUB_ENV
-
         fi
 
-
     - name: Install Proxygen client
       shell: bash
       run: |
@@ -54,29 +53,6 @@ runs:
         envsubst < ./.github/proxygen-settings.yaml > ${HOME}/.proxygen/settings.yaml
         envsubst < ./.github/proxygen-settings.yaml | cat
 
-
-    - name: Build internal dev oas
-      working-directory: .
-      shell: bash
-      run: |
-        if [ -z $PR_NUMBER ]
-        then
-          make build-json-oas-spec APIM_ENV=internal-dev
-        else
-          make build-json-oas-spec APIM_ENV=internal-dev-pr
-        fi
-
-    - name: Set target and cert
-      shell: bash
-      run: |
-        jq --arg newurl "$TARGET" '.["x-nhsd-apim"].target.url = $newurl' build/notify-supplier.json > build/notify-supplier_target.json && mv build/notify-supplier_target.json build/notify-supplier.json
-        jq --arg newmtls "$MTLS_NAME" '.["x-nhsd-apim"].target.security.secret = $newmtls' build/notify-supplier.json > build/notify-supplier_target.json && mv build/notify-supplier_target.json build/notify-supplier.json
-
-    - name: Deploy to Internal Dev
-      shell: bash
-      run: |
-        proxygen instance deploy internal-dev $INSTANCE build/notify-supplier.json --no-confirm
-
     - name: Build sandbox oas
       working-directory: .
       shell: bash
diff --git a/.github/workflows/manual-proxy-internal-dev-deploy.yaml b/.github/workflows/manual-proxy-internal-dev-deploy.yaml
@@ -0,0 +1,107 @@
+name: Deploy proxy to internal-dev
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  deploy-internal-dev:
+    runs-on: ubuntu-latest
+    name: Deploy to Internal Dev
+    env:
+      PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_ENCODED_NOTIFY_SUPPLIER_PRIVATE_KEY }}
+      PROXYGEN_KID: notify-supplier-key-1
+      PROXYGEN_CLIENT_ID: nhs-notify-supplier-client
+      PROXYGEN_API_NAME: nhs-notify-supplier
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 24
+
+      - name: Npm install
+        working-directory: .
+        run: npm ci
+        shell: bash
+
+      - name: "Check if pull request exists for this branch"
+        id: pr_exists
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          branch_name=${GITHUB_HEAD_REF:-$(echo $GITHUB_REF | sed 's#refs/heads/##')}
+          echo "Current branch is '$branch_name'"
+
+          pr_json=$(gh pr list --head "$branch_name" --state open --json number --limit 1)
+          pr_number=$(echo "$pr_json" | jq -r '.[0].number // empty')
+
+          if [[ -n "$pr_number" ]]; then
+            echo "Pull request exists: #$pr_number"
+            echo "does_pull_request_exist=true" >> $GITHUB_OUTPUT
+            echo "pr_number=$pr_number" >> $GITHUB_OUTPUT
+          else
+            echo "Pull request doesn't exist"
+            echo "does_pull_request_exist=false" >> $GITHUB_OUTPUT
+            echo "pr_number=" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Setup Proxy Name and target
+        shell: bash
+        env:
+          PR_NUMBER: ${{ steps.pr_exists.outputs.pr_number }}
+        run: |
+          if [ -z $PR_NUMBER ]
+          then
+            echo "INSTANCE=$PROXYGEN_API_NAME" >> $GITHUB_ENV
+            echo "TARGET=https://main.suppliers.dev.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
+            echo "SANDBOX_TAG=latest" >> $GITHUB_ENV
+            echo "MTLS_NAME=notify-supplier-mtls" >> $GITHUB_ENV
+          else
+            echo "TARGET=https://pr$PR_NUMBER.suppliers.dev.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
+            echo "INSTANCE=$PROXYGEN_API_NAME-PR-$PR_NUMBER" >> $GITHUB_ENV
+            echo "SANDBOX_TAG=pr$PR_NUMBER" >> $GITHUB_ENV
+            echo "MTLS_NAME=notify-supplier-mtls-pr$PR_NUMBER" >> $GITHUB_ENV
+          fi
+
+      - name: Install Proxygen client
+        shell: bash
+        run: |
+          # Install proxygen cli
+          pip install pipx
+          pipx install proxygen-cli
+
+          # Setup proxygen auth and settings
+          mkdir -p ${HOME}/.proxygen
+          echo -n $PROXYGEN_PRIVATE_KEY | base64 --decode > ${HOME}/.proxygen/key
+          envsubst < ./.github/proxygen-credentials-template.yaml > ${HOME}/.proxygen/credentials.yaml
+          envsubst < ./.github/proxygen-credentials-template.yaml | cat
+          envsubst < ./.github/proxygen-settings.yaml > ${HOME}/.proxygen/settings.yaml
+          envsubst < ./.github/proxygen-settings.yaml | cat
+
+      - name: Build internal dev oas
+        working-directory: .
+        shell: bash
+        env:
+          PR_NUMBER: ${{ steps.pr_exists.outputs.pr_number }}
+        run: |
+          if [ -z $PR_NUMBER ]
+          then
+            make build-json-oas-spec APIM_ENV=internal-dev
+          else
+            make build-json-oas-spec APIM_ENV=internal-dev-pr
+          fi
+
+      - name: Set target and cert
+        shell: bash
+        run: |
+          jq --arg newurl "$TARGET" '.["x-nhsd-apim"].target.url = $newurl' build/notify-supplier.json > build/notify-supplier_target.json && mv build/notify-supplier_target.json build/notify-supplier.json
+          jq --arg newmtls "$MTLS_NAME" '.["x-nhsd-apim"].target.security.secret = $newmtls' build/notify-supplier.json > build/notify-supplier_target.json && mv build/notify-supplier_target.json build/notify-supplier.json
+
+      - name: Deploy to Internal Dev
+        shell: bash
+        run: |
+          proxygen instance deploy internal-dev $INSTANCE build/notify-supplier.json --no-confirm
diff --git a/README.md b/README.md
@@ -68,7 +68,7 @@ If packages are unavailable the latest SDKs can be downloaded directly from:
 
 ### Examples
 
-TODO: Links to example clients.
+TODO:CCM-11209 Links to example clients.
 
 ## API Developers
 
@@ -106,7 +106,7 @@ should understand the below.
 ##### Servers
 
 - Servers folder is being built at build time from OAS specs.
-- TODO: Build actual servers
+- TODO:CCM-12139 Build actual servers
 
 ##### Libs
 
