From 6e7f9b2769cc856f3dd971efc2ccc4bbbbd1d370 Mon Sep 17 00:00:00 2001 From: Francisco Videira Date: Thu, 30 Apr 2026 13:13:30 +0000 Subject: [PATCH 1/4] Use proxygen ptl or prod secrets --- .github/actions/build-proxies/action.yml | 4 ++-- .github/actions/build-sandbox/action.yml | 1 + .github/proxygen-credentials-template.yaml | 2 +- .github/proxygen-settings.yaml | 2 +- 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/actions/build-proxies/action.yml b/.github/actions/build-proxies/action.yml index 728edf4bc..b6b417adf 100644 --- a/.github/actions/build-proxies/action.yml +++ b/.github/actions/build-proxies/action.yml @@ -13,10 +13,10 @@ inputs: required: false default: false environment: - description: "Deployment environment" + description: "Deployment environment (e.g. main, prNNN)" required: true apimEnv: - description: "APIM environment" + description: "APIM environment (e.g. internal-dev, int, ref, prod)" required: true runId: description: "GitHub Actions run ID to fetch the OAS artifact from" diff --git a/.github/actions/build-sandbox/action.yml b/.github/actions/build-sandbox/action.yml index dd4d947e8..1612dbc3e 100644 --- a/.github/actions/build-sandbox/action.yml +++ b/.github/actions/build-sandbox/action.yml @@ -1,3 +1,4 @@ +# Can this be deleted? Not used anywhere... Internal workflows build sandbox proxies name: "Build Sandbox" description: "Build Sandbox" inputs: diff --git a/.github/proxygen-credentials-template.yaml b/.github/proxygen-credentials-template.yaml index e39465bf0..b1414bdc4 100644 --- a/.github/proxygen-credentials-template.yaml +++ b/.github/proxygen-credentials-template.yaml @@ -1,4 +1,4 @@ client_id: $PROXYGEN_CLIENT_ID key_id: $PROXYGEN_KID private_key_path: key -base_url: https://identity.prod.api.platform.nhs.uk/realms/api-producers +base_url: https://identity.$PROXYGEN_ENV.api.platform.nhs.uk/realms/api-producers diff --git a/.github/proxygen-settings.yaml b/.github/proxygen-settings.yaml index 8eb364c50..d0c9d27d6 100644 --- a/.github/proxygen-settings.yaml +++ b/.github/proxygen-settings.yaml @@ -1,2 +1,2 @@ -endpoint_url: https://proxygen.prod.api.platform.nhs.uk +endpoint_url: https://proxygen.$PROXYGEN_ENV.api.platform.nhs.uk api: nhs-notify-supplier From 22dc26b258f5fc7094ba9292449a058e84b53bbd Mon Sep 17 00:00:00 2001 From: Francisco Videira Date: Thu, 30 Apr 2026 13:15:41 +0000 Subject: [PATCH 2/4] delete? --- .github/proxygen-credentials-template.yaml | 1 + .github/proxygen-settings.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/proxygen-credentials-template.yaml b/.github/proxygen-credentials-template.yaml index b1414bdc4..450677191 100644 --- a/.github/proxygen-credentials-template.yaml +++ b/.github/proxygen-credentials-template.yaml @@ -1,3 +1,4 @@ +# delete? client_id: $PROXYGEN_CLIENT_ID key_id: $PROXYGEN_KID private_key_path: key diff --git a/.github/proxygen-settings.yaml b/.github/proxygen-settings.yaml index d0c9d27d6..f09bfd30f 100644 --- a/.github/proxygen-settings.yaml +++ b/.github/proxygen-settings.yaml @@ -1,2 +1,3 @@ +# delete? endpoint_url: https://proxygen.$PROXYGEN_ENV.api.platform.nhs.uk api: nhs-notify-supplier From b0e84d2ac327db08c7d625be86b03c19276070df Mon Sep 17 00:00:00 2001 From: Francisco Videira Date: Thu, 30 Apr 2026 13:42:35 +0000 Subject: [PATCH 3/4] delete build-sandbox and related --- .github/actions/build-sandbox/action.yml | 64 ---------------------- .github/proxygen-credentials-template.yaml | 5 -- .github/proxygen-settings.yaml | 3 - 3 files changed, 72 deletions(-) delete mode 100644 .github/actions/build-sandbox/action.yml delete mode 100644 .github/proxygen-credentials-template.yaml delete mode 100644 .github/proxygen-settings.yaml diff --git a/.github/actions/build-sandbox/action.yml b/.github/actions/build-sandbox/action.yml deleted file mode 100644 index 1612dbc3e..000000000 --- a/.github/actions/build-sandbox/action.yml +++ /dev/null @@ -1,64 +0,0 @@ -# Can this be deleted? Not used anywhere... Internal workflows build sandbox proxies -name: "Build Sandbox" -description: "Build Sandbox" -inputs: - version: - description: "Version number" - required: true - - NODE_AUTH_TOKEN: - description: "Token for access to github package registry" - required: true -runs: - using: composite - - steps: - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 - with: - node-version: 22 - registry-url: 'https://npm.pkg.github.com' - - - name: Npm install - working-directory: . - env: - NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }} - run: npm ci - shell: bash - - - name: Install Proxygen client - shell: bash - run: | - # Install proxygen cli - pip install pipx - pipx install proxygen-cli - - # Setup proxygen auth and settings - mkdir -p ${HOME}/.proxygen - echo -n $PROXYGEN_PRIVATE_KEY | base64 --decode > ${HOME}/.proxygen/key - envsubst < ./.github/proxygen-credentials-template.yaml > ${HOME}/.proxygen/credentials.yaml - envsubst < ./.github/proxygen-credentials-template.yaml | cat - envsubst < ./.github/proxygen-settings.yaml > ${HOME}/.proxygen/settings.yaml - envsubst < ./.github/proxygen-settings.yaml | cat - - - name: Setup Sandbox tag - shell: bash - run: | - if [ -z $PR_NUMBER ] - then - echo "SANDBOX_TAG=latest" >> $GITHUB_ENV - else - echo "SANDBOX_TAG=pr$PR_NUMBER" >> $GITHUB_ENV - fi - - - name: Build and publish sandbox Docker image - shell: bash - working-directory: ./sandbox - run: | - proxygen docker get-login | bash - docker build -t nhs-notify-supplier:$SANDBOX_TAG . - DOCKER_REGISTRY=$(proxygen docker registry | tail -1) - IMAGE_ID=$(docker images -q nhs-notify-supplier:$SANDBOX_TAG) - docker tag $IMAGE_ID $DOCKER_REGISTRY/nhs-notify-supplier:$SANDBOX_TAG - docker push $DOCKER_REGISTRY/nhs-notify-supplier:$SANDBOX_TAG diff --git a/.github/proxygen-credentials-template.yaml b/.github/proxygen-credentials-template.yaml deleted file mode 100644 index 450677191..000000000 --- a/.github/proxygen-credentials-template.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# delete? -client_id: $PROXYGEN_CLIENT_ID -key_id: $PROXYGEN_KID -private_key_path: key -base_url: https://identity.$PROXYGEN_ENV.api.platform.nhs.uk/realms/api-producers diff --git a/.github/proxygen-settings.yaml b/.github/proxygen-settings.yaml deleted file mode 100644 index f09bfd30f..000000000 --- a/.github/proxygen-settings.yaml +++ /dev/null @@ -1,3 +0,0 @@ -# delete? -endpoint_url: https://proxygen.$PROXYGEN_ENV.api.platform.nhs.uk -api: nhs-notify-supplier From 891d5d595bf9d84b7bbae63a8e42b20caa35b754 Mon Sep 17 00:00:00 2001 From: Mark Slowey Date: Fri, 1 May 2026 09:45:21 +0100 Subject: [PATCH 4/4] CCM-15594: Add override to internal branch --- .github/actions/build-proxies/action.yml | 3 ++- .github/workflows/deploy-supplier-api.yaml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/actions/build-proxies/action.yml b/.github/actions/build-proxies/action.yml index b6b417adf..1b3e6d278 100644 --- a/.github/actions/build-proxies/action.yml +++ b/.github/actions/build-proxies/action.yml @@ -118,4 +118,5 @@ runs: --apimEnvironment "${{ env.APIM_ENV }}" \ --boundedContext "notify-supplier" \ --targetDomain "$TARGET_DOMAIN" \ - --version "${{ inputs.version }}" + --version "${{ inputs.version }}" \ + --internalRef "feature/CCM-15594" diff --git a/.github/workflows/deploy-supplier-api.yaml b/.github/workflows/deploy-supplier-api.yaml index c7d96d9eb..a01b7454f 100644 --- a/.github/workflows/deploy-supplier-api.yaml +++ b/.github/workflows/deploy-supplier-api.yaml @@ -214,7 +214,8 @@ jobs: --targetEnvironment "${{ needs.validate.outputs.target_environment }}" \ --targetAccountGroup "${{ needs.validate.outputs.target_account_group }}" \ --targetComponent "api" \ - --terraformAction "apply" + --terraformAction "apply" \ + --internalRef "feature/CCM-15594" deploy-proxy: name: Deploy proxy