1919 run : npm ci
2020 shell : bash
2121
22+ - name : Configure AWS Credentials
23+ uses : aws-actions/configure-aws-credentials@v4
24+ with :
25+ role-to-assume : arn:aws:iam::820178564574:role/nhs-main-acct-supplier-api-github-deploy
26+ role-session-name : ${{ github.run_id }}
27+ aws-region : eu-west-2
28+ role-skip-session-tagging : true
29+
30+
31+
2232 - name : Setup Proxy Name and target
2333 shell : bash
2434 run : |
@@ -28,12 +38,27 @@ runs:
2838 echo "INSTANCE=$PROXYGEN_API_NAME" >> $GITHUB_ENV
2939 echo "TARGET=https://suppliers.dev.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
3040 echo "SANDBOX_TAG=latest" >> $GITHUB_ENV
41+ echo "MTLS_CRT=/nhs/ssl/ca-crt" >> $GITHUB_ENV
42+ echo "MTLS_KEY=/nhs/ssl/ca-key" >> $GITHUB_ENV
43+ echo "MTLS_NAME=notify-supplier-mtls" >> $GITHUB_ENV
3144 else
3245 echo "TARGET=https://pr$PR_NUMBER.suppliers.dev.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
3346 echo "INSTANCE=$PROXYGEN_API_NAME-PR-$PR_NUMBER" >> $GITHUB_ENV
3447 echo "SANDBOX_TAG=pr$PR_NUMBER" >> $GITHUB_ENV
48+ echo "MTLS_CRT=/nhs/pr$PR_NUMBER/ssl/ca-crt" >> $GITHUB_ENV
49+ echo "MTLS_KEY=/nhs/pr$PR_NUMBER/ssl/ca-key" >> $GITHUB_ENV
50+ echo "MTLS_NAME=notify-supplier-mtls-pr$PR_NUMBER" >> $GITHUB_ENV
51+
3552 fi
3653
54+ name : Download MTLS Credentials
55+ shell : bash
56+ run : |
57+ mkdir -p ${HOME}/.proxygen
58+ aws ssm get-parameter $MTLS_CRT --with-decription --query "Parameter.Value" --output text >> ${HOME}/.proxygen/mtls.crt
59+ aws ssm get-parameter $MTLS_KEY --with-decription --query "Parameter.Value" --output text >> ${HOME}/.proxygen/mtls.key
60+
61+
3762
3863name : Install Proxygen client
3964 shell : bash
5075 envsubst < ./.github/proxygen-settings.yaml > ${HOME}/.proxygen/settings.yaml
5176 envsubst < ./.github/proxygen-settings.yaml | cat
5277
78+ name : Register MTLS cert with proxygen
79+ shell : bash
80+ run : |
81+ proxygen secret put --mtls-cert ${HOME}/.proxygen/mtls.crt --mtls-key ${HOME}/.proxygen/mtls.key internal-dev $MTLS_NAME
82+
5383name : Build internal dev oas
5484 working-directory : .
5585 shell : bash
@@ -61,11 +91,11 @@ runs:
6191 make build-json-oas-spec APIM_ENV=dev-pr
6292 fi
6393
64- name : Set target
94+ name : Set target and cert
6595 shell : bash
6696 run : |
6797 jq --arg newurl "$TARGET" '.["x-nhsd-apim"].target.url = $newurl' build/notify-supplier.json > build/notify-supplier_target.json && mv build/notify-supplier_target.json build/notify-supplier.json
68-
98+ jq --arg newmtls "$MTLS_NAME" '.["x-nhsd-apim"].target.security.secret = $newmtls' > build/notify-supplier_target.json && mv build/notify-supplier_target.json build/notify-supplier.json
6999
70100name : Deploy to Internal Dev
71101 shell : bash
0 commit comments