Merge branch 'main' into dependabot/github_actions/actions/download-artifact-5

Author: aidenvaines-cgi

.devcontainer/devcontainer.json

@@ -1,4 +1,7 @@
 {
+  "build": {
+    "dockerfile": "../scripts/devcontainer/Dockerfile"
+  },
   "customizations": {
     "codespaces": {
       "openFiles": [
@@ -9,11 +12,7 @@
     },
     "vscode": {
       "extensions": [
-        "ms-dotnettools.csdevkit",
         "42crunch.vscode-openapi",
-        "alefragnani.bookmarks",
-        "AmazonWebServices.aws-toolkit-vscode",
-        "chdsbd.github-code-owners",
         "davidanson.vscode-markdownlint",
         "dbaeumer.vscode-eslint",
         "donjayamanne.githistory",
@@ -26,7 +25,6 @@
         "github.vscode-github-actions",
         "github.vscode-pull-request-github",
         "hediet.vscode-drawio",
-        "johnpapa.vscode-peacock",
         "joshx.workspace-terminals",
         "maattdd.gitless",
         "mhutchie.git-graph",
@@ -40,15 +38,10 @@
         "streetsidesoftware.code-spell-checker-british-english",
         "takumii.markdowntable",
         "tamasfe.even-better-toml",
-        "tomoki1207.pdf",
-        "vscjava.vscode-java-pack",
-        "vscode-icons-team.vscode-icons",
-        "vstirbu.vscode-mermaid-preview",
         "wayou.vscode-todo-highlight",
         "yzane.markdown-pdf",
         "yzhang.dictionary-completion",
-        "yzhang.markdown-all-in-one",
-        "zoma.vscode-auto-open-workspace"
+        "yzhang.markdown-all-in-one"
       ],
       "settings": {
         "[makefile]": {
@@ -70,37 +63,25 @@
       "omzPlugins": "https://github.com/zsh-users/zsh-autosuggestions.git https://github.com/zsh-users/zsh-syntax-highlighting.git",
       "plugins": "zsh-autosuggestions zsh-syntax-highlighting"
     },
+    "ghcr.io/devcontainers/features/aws-cli:1": {},
     "ghcr.io/devcontainers/features/common-utils": {
       "configureZshAsDefaultShell": true,
       "installOhMyZsh": true,
       "installOhMyZshConfig": true,
       "installZsh": true
     },
     "ghcr.io/devcontainers/features/docker-in-docker:2": {
-      "azureDnsAutoDetection": true,
       "dockerDashComposeVersion": "v2",
       "installDockerBuildx": true,
       "installDockerComposeSwitch": true,
       "moby": true,
       "version": "latest"
-    },
-    "ghcr.io/devcontainers/features/dotnet:2": {
-      "aspNetCoreRuntimeVersions": "8.0",
-      "dotnetRuntimeVersions": "8.0",
-      "version": "8.0"
-    },
-    "ghcr.io/devcontainers/features/go:1": {},
-    "ghcr.io/devcontainers/features/java:1": {
-      "version": "17"
-    },
-    "ghcr.io/devcontainers/features/node:1": {},
-    "ghcr.io/devcontainers/features/python:1": {},
-    "ghcr.io/devcontainers/features/ruby:1": {}
+    }
   },
-  "image": "mcr.microsoft.com/devcontainers/base:noble",
   "mounts": [
-    "source=${localEnv:HOME}/.gnupg,target=/home/vscode/.gnupg,type=bind,consistency=cached"
+    "source=${localEnv:HOME}/.ssh,target=/home/vscode/.ssh,type=bind,consistency=cached",
+    "source=${localEnv:HOME}/.aws,target=/home/vscode/.aws,type=bind,consistency=cached"
   ],
-  "name": "Ubuntu",
+  "name": "Devcontainer",
   "postCreateCommand": "scripts/devcontainer/postcreatecommand.sh"
 }

.github/actions/build-docs/action.yml

@@ -13,7 +13,7 @@ runs:
       with:
         node-version: 18
     - name: Npm cli install
-      working-directory: ./docs
+      working-directory: .
       run: npm ci
       shell: bash
     - name: Setup Ruby

.github/actions/build-proxies/action.yml

@@ -1,9 +1,31 @@
 name: "Build Proxies"
 description: "Build Proxies"
+
 inputs:
   version:
     description: "Version number"
+    required: false
+  releaseVersion:
+    description: "Release, tag, branch, or commit ID to be used for deployment"
+    required: true
+  environment:
+    description: "Deployment environment"
+    required: true
+  apimEnv:
+    description: "APIM environment"
+    required: true
+  runId:
+    description: "GitHub Actions run ID to fetch the OAS artifact from"
     required: true
+  buildSandbox:
+    description: "Whether to build the sandbox OAS spec"
+    required: false
+    default: false
+  targetComponent:
+    description: "Name of the Component to deploy"
+    required: true
+    default: 'api'
+
 runs:
   using: composite
 
@@ -19,76 +41,76 @@ runs:
       run: npm ci
       shell: bash
 
-
     - name: Setup Proxy Name and target
       shell: bash
       run: |
 
+        ENV="${{ inputs.apimEnv }}"
+        if [[ "$ENV" == "internal-dev" || "$ENV" == *pr ]]; then
+          echo "TARGET_DOMAIN=suppliers.dev.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
+        elif [[ "$ENV" == "int" ]]; then
+          echo "TARGET_DOMAIN=suppliers.nonprod.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
+        elif [[ "$ENV" == "prod" ]]; then
+          echo "TARGET_DOMAIN=suppliers.prod.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
+        else
+          echo "TARGET_DOMAIN=suppliers.dev.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
+        fi
+
         if [ -z $PR_NUMBER ]
         then
           echo "INSTANCE=$PROXYGEN_API_NAME" >> $GITHUB_ENV
-          echo "TARGET=https://main.suppliers.dev.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
+          echo "TARGET=https://main.$TARGET_DOMAIN" >> $GITHUB_ENV
           echo "SANDBOX_TAG=latest" >> $GITHUB_ENV
           echo "MTLS_NAME=notify-supplier-mtls" >> $GITHUB_ENV
         else
-          echo "TARGET=https://pr$PR_NUMBER.suppliers.dev.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
+          echo "TARGET=https://pr$PR_NUMBER.$TARGET_DOMAIN" >> $GITHUB_ENV
           echo "INSTANCE=$PROXYGEN_API_NAME-PR-$PR_NUMBER" >> $GITHUB_ENV
           echo "SANDBOX_TAG=pr$PR_NUMBER" >> $GITHUB_ENV
           echo "MTLS_NAME=notify-supplier-mtls-pr$PR_NUMBER" >> $GITHUB_ENV
-
         fi
 
-
-    - name: Install Proxygen client
-      shell: bash
-      run: |
-        # Install proxygen cli
-        pip install pipx
-        pipx install proxygen-cli
-
-        # Setup proxygen auth and settings
-        mkdir -p ${HOME}/.proxygen
-        echo -n $PROXYGEN_PRIVATE_KEY | base64 --decode > ${HOME}/.proxygen/key
-        envsubst < ./.github/proxygen-credentials-template.yaml > ${HOME}/.proxygen/credentials.yaml
-        envsubst < ./.github/proxygen-credentials-template.yaml | cat
-        envsubst < ./.github/proxygen-settings.yaml > ${HOME}/.proxygen/settings.yaml
-        envsubst < ./.github/proxygen-settings.yaml | cat
-
-
-    - name: Build internal dev oas
+    - name: Build ${{ inputs.apimEnv }} oas
       working-directory: .
+      env:
+        APIM_ENV: ${{ inputs.apimEnv }}
       shell: bash
       run: |
-        if [ -z $PR_NUMBER ]
+        if [ ${{ env.APIM_ENV }} == "internal-dev-sandbox" ] && [ ${{ inputs.buildSandbox }} == true ]
         then
-          make build-json-oas-spec APIM_ENV=internal-dev
+          echo "Building sandbox OAS spec"
+          make build-json-oas-spec APIM_ENV=sandbox
         else
-          make build-json-oas-spec APIM_ENV=internal-dev-pr
+          echo "Building env specific OAS spec"
+          make build-json-oas-spec APIM_ENV=${{ env.APIM_ENV }}
         fi
 
-    - name: Set target and cert
-      shell: bash
-      run: |
-        jq --arg newurl "$TARGET" '.["x-nhsd-apim"].target.url = $newurl' build/notify-supplier.json > build/notify-supplier_target.json && mv build/notify-supplier_target.json build/notify-supplier.json
-        jq --arg newmtls "$MTLS_NAME" '.["x-nhsd-apim"].target.security.secret = $newmtls' build/notify-supplier.json > build/notify-supplier_target.json && mv build/notify-supplier_target.json build/notify-supplier.json
-
-    - name: Deploy to Internal Dev
-      shell: bash
-      run: |
-        proxygen instance deploy internal-dev $INSTANCE build/notify-supplier.json --no-confirm
-
-    - name: Build sandbox oas
-      working-directory: .
-      shell: bash
-      run: |
-        make build-json-oas-spec APIM_ENV=sandbox
+        if [[ $APIM_ENV == *-pr ]]; then
+          echo "Removing pr suffix from APIM_ENV after building OAS and calling proxygen"
+          APIM_ENV=$(echo "$APIM_ENV" | sed 's/-pr$//')
+        fi
+        echo "APIM_ENV=$APIM_ENV" >> $GITHUB_ENV
 
-    - name: Set docker tag
-      shell: bash
-      run: |
-        jq --arg newtag "$SANDBOX_TAG" '.["x-nhsd-apim"].target.containers[0].image.tag = $newtag' build/notify-supplier.json > build/notify-supplier_target.json && mv build/notify-supplier_target.json build/notify-supplier.json
+    - name: Upload OAS Spec
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ env.APIM_ENV }}-build-output
+        path: ./build
 
-    - name: Deploy to Internal Dev Sandbox
+    - name: Trigger deploy proxy
+      env:
+        APP_CLIENT_ID: ${{ env.APP_CLIENT_ID }}
+        APP_PEM_FILE: ${{ env.APP_PEM_FILE }}
       shell: bash
       run: |
-        proxygen instance deploy internal-dev-sandbox $INSTANCE build/notify-supplier.json --no-confirm
+        .github/scripts/dispatch_internal_repo_workflow.sh \
+          --infraRepoName "nhs-notify-supplier-api" \
+          --releaseVersion "${{ inputs.releaseVersion }}" \
+          --targetComponent "${{ inputs.targetComponent }}" \
+          --targetWorkflow "proxy-deploy.yaml" \
+          --targetEnvironment "${{ inputs.environment }}" \
+          --runId "${{ inputs.runId }}" \
+          --buildSandbox ${{ inputs.buildSandbox }} \
+          --apimEnvironment "${{ env.APIM_ENV }}" \
+          --boundedContext "notify-supplier" \
+          --targetDomain "$TARGET_DOMAIN" \
+          --version "${{ inputs.version }}"

.github/actions/build-sdk/action.yml

@@ -53,7 +53,7 @@ runs:
     - name: Upload API OAS specification artifact
       uses: actions/upload-artifact@v4
       with:
-        path: "specification/api"
+        path: "build"
         name: api-oas-specification-${{ inputs.version }}
 
     - name: Upload html artifact

.github/copilot-instructions.md

@@ -0,0 +1,59 @@
+# Copilot Instructions for NHS Notify Supplier API
+
+## Project Overview
+
+- This repository provides the NHS Notify Supplier API for print suppliers to integrate with NHS Notify message queueing.
+- Major components: OpenAPI specification (`specification/api/notify-supplier.yml`), SDKs (`sdk/`), server implementations (`server/`, `src/server/host`), and Lambda handlers (`lambdas/`).
+- Data flows: API requests are modeled via OAS, processed by server/Lambda code, and may interact with AWS services (e.g., S3, database).
+
+## Developer Workflows
+
+- **Build SDKs and Docs:**
+  - Run `make clean && make build` to generate Python/TypeScript SDKs and HTML docs from the OAS spec.
+  - Serve docs locally with `make serve` [default](http://localhost:3050).
+- **CI/CD:**
+  - PRs trigger CI via GitHub Actions (`.github/workflows/cicd-1-pull-request.yaml`).
+  - Merging to `main` creates a pre-release; deployments use `.github/workflows/cicd-3-deploy.yaml`.
+- **Dev Environment:**
+  - Use the provided devcontainer for setup and configuration. Avoid manual SDK changes; always rebuild.
+
+## Project-Specific Conventions
+
+- **SDKs:**
+  - Never manually edit files in `sdk/`; always regenerate from the OAS spec.
+  - SDK folder is excluded from git and built/released via CI.
+- **Servers:**
+  - Server code is generated at build time from OAS specs. See `server/` and `src/server/host` for custom logic.
+- **Test Data:**
+  - Use `scripts/test-data` to generate and upload test letters to S3. Example command:
+
+    ```bash
+    npm run cli -- create-letter --supplier-id ... --environment ... --awsAccountId ... --letter-id ... --group-id ... --specification-id ... --status PENDING
+    ```
+
+## Integration Points
+
+- **External Services:**
+  - AWS S3 and database for test data and letter storage.
+  - OpenAPI Generator CLI for SDK/server generation.
+- **Documentation:**
+  - Latest [docs](https://nhsdigital.github.io/nhs-notify-supplier-api/)
+  - Local docs: `make serve`
+
+## Key Files & Directories
+
+- `specification/api/notify-supplier.yml`: Main API spec
+- `sdk/`: Generated SDKs (Python, TypeScript, CSharp)
+- `server/`, `src/server/host`: Server implementations
+- `lambdas/`: Lambda handlers
+- `scripts/test-data/`: Test data generation scripts
+- `docs/`: Documentation source
+
+## Patterns & Examples
+
+- Always regenerate SDKs/servers after spec changes.
+- Use Makefile targets for all build/test workflows.
+- Reference the README for up-to-date workflow and integration details.
+
+---
+For unclear or missing conventions, consult `/README.md` or ask maintainers for guidance.