initial attempt at git workflow

Author: nhsd-david-wass

.github/actions/build-proxies/action.yml

@@ -0,0 +1,62 @@
+name: "Build Proxies"
+description: "Build Proxies"
+inputs:
+  version:
+    description: "Version number"
+    required: true
+runs:
+  using: composite
+
+  steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 24
+
+    - name: Npm install
+      working-directory: .
+      run: npm ci
+      shell: bash
+
+    - name: Build oas
+      working-directory: .
+      shell: bash
+      run: |
+        make publish-oas
+
+    - name: Setup Proxy Name
+      shell: bash
+      run: |
+
+        if [ -z $PR_NUMBER ]
+        then
+          echo "INSTANCE=$PROXYGEN_API_NAME" >> $GITHUB_ENV
+        else
+          echo "INSTANCE=$PROXYGEN_API_NAME-$PR_NUMBER" >> $GITHUB_ENV
+        fi
+
+        echo "Instance name set to: $PROXYGEN_API_NAME${PR_NUMBER:+-$PR_NUMBER}"
+
+
+
+    - name: Install Proxygen client
+      shell: bash
+      run: |
+        # Install proxygen cli
+        pip install proxygen-cli
+
+        # Setup proxygen auth and settings
+        mkdir -p ${HOME}/.proxygen
+        echo -n $PROXYGEN_PRIVATE_KEY > ${HOME}/.proxygen/key
+        envsubst < ./.github/proxygen-credentials-template.yaml > ${HOME}/.proxygen/credentials.yaml
+        envsubst < ./.github/proxygen-credentials-template.yaml | cat
+        envsubst < ./.github/proxygen-settings.yaml > ${HOME}/.proxygen/settings.yaml
+        envsubst < ./.github/proxygen-settings.yaml | cat
+
+
+    - name: Deploy to Internal Dev
+      shell: bash
+      run: |
+        echo $INSTANCE
+        proxygen instance deploy internal-dev $INSTANCE build/notify-supplier.json --no-confirm

.github/proxygen-credentials-template.yaml

@@ -0,0 +1,4 @@
+client_id: $PROXYGEN_CLIENT_ID
+key_id: $PROXYGEN_KID
+private_key_path: key
+base_url: https://identity.prod.api.platform.nhs.uk/realms/api-producers

.github/proxygen-settings.yaml

@@ -0,0 +1,2 @@
+endpoint_url: https://proxygen.prod.api.platform.nhs.uk
+api: nhs-notify-supplier

.github/workflows/stage-3-build.yaml

@@ -81,6 +81,32 @@ jobs:
         with:
           version: "${{ inputs.version }}"
 
+  artefact-proxies:
+    name: "Build proxies"
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    env:
+      PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_NOTIFY_SUPPLIER_PRIVATE_KEY }}
+      PROXYGEN_KID: notify-supplier-key-1
+      PROXYGEN_CLIENT_ID: nhs-notify-supplier-client
+      PROXYGEN_API_NAME: nhs-notify-supplier
+      PR_NUMBER: ${{ github.event.number }}
+    steps:
+      - name: Verify environment variables
+        shell: bash
+        run: |
+          echo "PROXYGEN_PRIVATE_KEY is set: [${{ secrets.PROXYGEN_NOTIFY_SUPPLIER_PRIVATE_KEY != '' }}]"
+          echo "PROXYGEN_KID: $PROXYGEN_KID"
+          echo "PROXYGEN_CLIENT_ID: $PROXYGEN_CLIENT_ID"
+          echo "PROXYGEN_API_NAME: $PROXYGEN_API_NAME"
+          echo "PR_NUMBER: $PR_NUMBER"
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+      - name: "Build proxies"
+        uses: ./.github/actions/build-proxies
+        with:
+          version: "${{ inputs.version }}"
+
   # artefact-1:
   #   name: "Artefact 1"
   #   runs-on: ubuntu-latest

package.json

@@ -46,7 +46,7 @@
   },
   "scripts": {
     "build": "npm run bundle-oas && npm run generate --buildver=$npm_config_buildver",
-    "bundle-oas": "mkdir -p build && redocly bundle specification/api/notify-supplier-phase1.yml --dereferenced --remove-unused-components --ext yml > build/notify-supplier.yml",
+    "bundle-oas": "mkdir -p build && redocly bundle specification/api/notify-supplier-phase1.yml --dereferenced -k --remove-unused-components --ext yml > build/notify-supplier.yml",
     "generate": "npm run generate:cs --buildver=$npm_config_buildver && npm run generate:html && npm run generate:ts --buildver=$npm_config_buildver && npm run generate:python",
     "generate-dependencies": "npm run generate-dependencies --workspaces --if-present",
     "generate:cs": "./sdk/generate-cs.sh $npm_config_buildver",
@@ -57,7 +57,7 @@
     "lint": "npm run lint --workspaces",
     "lint-oas": "redocly lint specification/api/notify-supplier-phase1.yml",
     "lint:fix": "npm run lint:fix --workspaces",
-    "publish-oas": "mkdir -p build && redocly bundle specification/api/notify-supplier-phase1.yml --dereferenced --remove-unused-components --ext json > build/notify-supplier.json",
+    "publish-oas": "mkdir -p build && redocly bundle specification/api/notify-supplier-phase1.yml --dereferenced -k --remove-unused-components --ext json > build/notify-supplier.json",
     "serve": "npm run serve-html-docs",
     "serve-html-docs": "npx serve sdk/html -p 3050",
     "serve-oas": "redocly preview-docs -p 5000 build/notify-supplier.json",

specification/api/components/endpoints/getDataId.yml

@@ -2,8 +2,6 @@ summary: Fetch a data file
 operationId: get-data-id
 tags:
   - data
-x-stoplight:
-  id: 98lwlebl1vxeq
 responses:
   "303":
     description: See Other

specification/api/components/schemas/LetterStatusItem.yml

@@ -17,8 +17,6 @@ properties:
         $ref: "./LetterStatus.yml"
       requestedProductionStatus:
         $ref: "./ProductionStatus.yml"
-        x-stoplight:
-          id: kqs13rn7s4wv3
       reasonCode:
         type: number
         description: Reason code for the given status

specification/api/components/schemas/LetterUpdateItem.yml

@@ -14,8 +14,6 @@ properties:
         $ref: "./LetterStatus.yml"
       requestedProductionStatus:
         $ref: "./ProductionStatus.yml"
-        x-stoplight:
-          id: tqw1mlpdzl3v7
         description: |-
           The requested production status for this letter.
           May only be set by NHS Notify.

specification/api/components/schemas/ProductionStatus.yml

@@ -1,6 +1,4 @@
 type: string
-x-stoplight:
-  id: lvub504h38th0
 enum:
   - ACTIVE
   - HOLD

specification/api/notify-supplier-phase1.yml

@@ -1,4 +1,4 @@
-openapi: 3.1.1
+openapi: 3.0.3
 info:
   version: next
   title: NHS Notify Supplier API
@@ -8,7 +8,7 @@ info:
     This specification represents the in-development 'next' version of the API schema
     and should be treated as unstable.
 security:
-  - authorization: [ ]
+  - app-level0: [ ]
 paths:
   /letter:
     parameters:
@@ -77,16 +77,10 @@ paths:
       $ref: 'components/endpoints/headDataId.yml'
 components:
   securitySchemes:
-    authorization:
-      type: oauth2
-      description: |-
-        An [OAuth 2.0 bearer token](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/application-restricted-restful-apis-signed-jwt-authentication).
-        Required in all environments except local and sandbox.
-      flows:
-        authorizationCode:
-          authorizationUrl: ''
-          tokenUrl: ''
-          scopes: []
+    nhs-login-p0:
+      $ref: https://proxygen.ptl.api.platform.nhs.uk/components/securitySchemes/nhs-login-p0
+    app-level0:
+      $ref: https://proxygen.ptl.api.platform.nhs.uk/components/securitySchemes/app-level0
 tags:
   - name: letter
     description: ''