Initial sandbox proxy deploy (#99)

Author: nhsd-david-wass

.devcontainer/devcontainer.json

@@ -41,6 +41,7 @@
         "takumii.markdowntable",
         "tamasfe.even-better-toml",
         "tomoki1207.pdf",
+        "vscjava.vscode-java-pack",
         "vscode-icons-team.vscode-icons",
         "vstirbu.vscode-mermaid-preview",
         "wayou.vscode-todo-highlight",
@@ -89,6 +90,9 @@
       "version": "8.0"
     },
     "ghcr.io/devcontainers/features/go:1": {},
+    "ghcr.io/devcontainers/features/java:1": {
+      "version": "17"
+    },
     "ghcr.io/devcontainers/features/node:1": {},
     "ghcr.io/devcontainers/features/python:1": {},
     "ghcr.io/devcontainers/features/ruby:1": {}

.github/actions/build-proxies/action.yml

@@ -19,12 +19,6 @@ runs:
       run: npm ci
       shell: bash
 
-    - name: Build oas
-      working-directory: .
-      shell: bash
-      run: |
-        make publish-oas
-
     - name: Setup Proxy Name and target
       shell: bash
       run: |
@@ -33,9 +27,11 @@ runs:
         then
           echo "INSTANCE=$PROXYGEN_API_NAME" >> $GITHUB_ENV
           echo "TARGET=https://suppliers.dev.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
+          echo "SANDBOX_TAG=latest" >> $GITHUB_ENV
         else
           echo "TARGET=https://pr$PR_NUMBER.suppliers.dev.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
           echo "INSTANCE=$PROXYGEN_API_NAME-PR-$PR_NUMBER" >> $GITHUB_ENV
+          echo "SANDBOX_TAG=pr$PR_NUMBER" >> $GITHUB_ENV
         fi
 
 
@@ -54,6 +50,12 @@ runs:
         envsubst < ./.github/proxygen-settings.yaml > ${HOME}/.proxygen/settings.yaml
         envsubst < ./.github/proxygen-settings.yaml | cat
 
+    - name: Build internal dev oas
+      working-directory: .
+      shell: bash
+      run: |
+        make build-json-oas-spec APIM_ENV=dev
+
     - name: Set target
       shell: bash
       run: |
@@ -65,6 +67,17 @@ runs:
       run: |
         proxygen instance deploy internal-dev $INSTANCE build/notify-supplier.json --no-confirm
 
+    - name: Build sandbox oas
+      working-directory: .
+      shell: bash
+      run: |
+        make build-json-oas-spec APIM_ENV=sandbox
+
+    - name: Set docker tag
+      shell: bash
+      run: |
+        jq --arg newtag "$SANDBOX_TAG" '.["x-nhsd-apim"].target.containers[0].image.tag = $newtag' build/notify-supplier.json > build/notify-supplier_target.json && mv build/notify-supplier_target.json build/notify-supplier.json
+
     - name: Deploy to Internal Dev Sandbox
       shell: bash
       run: |

.github/actions/build-sandbox/action.yml

@@ -0,0 +1,56 @@
+name: "Build Sandbox"
+description: "Build Sandbox"
+inputs:
+  version:
+    description: "Version number"
+    required: true
+runs:
+  using: composite
+
+  steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 24
+
+    - name: Npm install
+      working-directory: .
+      run: npm ci
+      shell: bash
+
+    - name: Install Proxygen client
+      shell: bash
+      run: |
+        # Install proxygen cli
+        pip install pipx
+        pipx install proxygen-cli
+
+        # Setup proxygen auth and settings
+        mkdir -p ${HOME}/.proxygen
+        echo -n $PROXYGEN_PRIVATE_KEY | base64 --decode > ${HOME}/.proxygen/key
+        envsubst < ./.github/proxygen-credentials-template.yaml > ${HOME}/.proxygen/credentials.yaml
+        envsubst < ./.github/proxygen-credentials-template.yaml | cat
+        envsubst < ./.github/proxygen-settings.yaml > ${HOME}/.proxygen/settings.yaml
+        envsubst < ./.github/proxygen-settings.yaml | cat
+
+    - name: Setup Sandbox tag
+      shell: bash
+      run: |
+        if [ -z $PR_NUMBER ]
+        then
+          echo "SANDBOX_TAG=latest" >> $GITHUB_ENV
+        else
+          echo "SANDBOX_TAG=pr$PR_NUMBER" >> $GITHUB_ENV
+        fi
+
+    - name: Build and publish sandbox Docker image
+      shell: bash
+      working-directory: ./sandbox
+      run: |
+          proxygen docker get-login | bash
+          docker build -t nhs-notify-supplier:$SANDBOX_TAG .
+          DOCKER_REGISTRY=$(proxygen docker registry | tail -1)
+          IMAGE_ID=$(docker images -q nhs-notify-supplier:$SANDBOX_TAG)
+          docker tag $IMAGE_ID $DOCKER_REGISTRY/nhs-notify-supplier:$SANDBOX_TAG
+          docker push $DOCKER_REGISTRY/nhs-notify-supplier:$SANDBOX_TAG

.github/workflows/stage-3-build.yaml

@@ -96,21 +96,31 @@ jobs:
       PROXYGEN_API_NAME: nhs-notify-supplier
       PR_NUMBER: ${{ inputs.pr_number }}
     steps:
-      - name: Verify environment variables
-        shell: bash
-        run: |
-          echo "PROXYGEN_PRIVATE_KEY is set: [${{ secrets.PROXYGEN_ENCODED_NOTIFY_SUPPLIER_PRIVATE_KEY != '' }}]"
-          echo "PROXYGEN_KID: $PROXYGEN_KID"
-          echo "PROXYGEN_CLIENT_ID: $PROXYGEN_CLIENT_ID"
-          echo "PROXYGEN_API_NAME: $PROXYGEN_API_NAME"
-          echo "PR_NUMBER: $PR_NUMBER"
       - name: "Checkout code"
         uses: actions/checkout@v4
       - name: "Build proxies"
         uses: ./.github/actions/build-proxies
         with:
           version: "${{ inputs.version }}"
 
+  artefact-sandbox:
+    name: "Build sandbox"
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    env:
+      PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_ENCODED_NOTIFY_SUPPLIER_PRIVATE_KEY }}
+      PROXYGEN_KID: notify-supplier-key-1
+      PROXYGEN_CLIENT_ID: nhs-notify-supplier-client
+      PROXYGEN_API_NAME: nhs-notify-supplier
+      PR_NUMBER: ${{ inputs.pr_number }}
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+      - name: "Build sandbox"
+        uses: ./.github/actions/build-sandbox
+        with:
+          version: "${{ inputs.version }}"
+
   # artefact-1:
   #   name: "Artefact 1"
   #   runs-on: ubuntu-latest

.gitignore

@@ -23,3 +23,4 @@ node_modules
 dist
 .DS_Store
 .reports
+/sandbox/*.log

Makefile

@@ -26,6 +26,13 @@ clean:: # Clean-up project resources (main) @Operations
 	(cd sdk && make clean)
 	(cd server && make clean)
 	(cd src/server && make clean)
+
+guard-%:
+	@ if [ "${${*}}" = "" ]; then \
+		echo "Variable $* not set"; \
+		echo "Usage: make <target> APIM_ENV=<env>"
+		exit 1; \
+	fi
 serve:
 	npm run serve
 
@@ -36,12 +43,40 @@ lint-oas:
 publish-oas:
 	npm run publish-oas
 
+set-target: guard-APIM_ENV
+	@ TARGET=target-$$APIM_ENV.yml \
+	envsubst '$${TARGET}' \
+	< specification/api/components/x-nhsd-apim/target-template.yml > specification/api/components/x-nhsd-apim/target.yml
+
+set-access: guard-APIM_ENV
+	@ ACCESS=access-$$APIM_ENV.yml \
+	envsubst '$${ACCESS}' \
+	< specification/api/components/x-nhsd-apim/access-template.yml > specification/api/components/x-nhsd-apim/access.yml
+
+construct-spec: guard-APIM_ENV
+	$(MAKE) set-target APIM_ENV=$$APIM_ENV
+	$(MAKE) set-access APIM_ENV=$$APIM_ENV
+
+build-json-oas-spec: guard-APIM_ENV
+	$(MAKE) construct-spec APIM_ENV=$$APIM_ENV
+	$(MAKE) publish-oas
+
+
+build-yml-oas-spec: guard-APIM_ENV
+	$(MAKE) construct-spec APIM_ENV=$$APIM_ENV
+	$(MAKE) bundle-oas
+
 serve-oas:
 	npm run serve-oas
 
 bundle-oas:
 	npm run bundle-oas
 
+generate-sandbox:
+	$(MAKE) build-json-oas-spec APIM_ENV=sandbox
+	jq --slurpfile status sandbox/HealthcheckEndpoint.json '.paths += $status[0]' build/notify-supplier.json > tmp.json && mv tmp.json build/notify-supplier.json
+	npm run generate-sandbox
+
 serve-swagger:
 	npm run serve-swagger-docs
 

openapitools.json

@@ -0,0 +1,7 @@
+{
+  "$schema": "./node_modules/@openapitools/openapi-generator-cli/config.schema.json",
+  "generator-cli": {
+    "version": "7.14.0"
+  },
+  "spaces": 2
+}