Skip to content

CCM-11938: Move Proxygen Deploy to Internal #177

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sidnhs merged 6 commits into from
Oct 8, 2025
Merged

CCM-11938: Move Proxygen Deploy to Internal #177

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
1f40a24
CCM-11938: Setting calls for proxygen workflow in internal
sidnhs Oct 1, 2025
562fe50
CCM-11938: Fix sonar issues
sidnhs Oct 3, 2025
63f2b21
CCM-11938: Fix apim env var export
sidnhs Oct 3, 2025
d264cb5
CCM-11938: Fix apim env var export
sidnhs Oct 3, 2025
52ceefe
CCM-11938: Push to main default
sidnhs Oct 7, 2025
e3ffe7a
CCM-11938: Push to main default
sidnhs Oct 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
95 changes: 70 additions & 25 deletions .github/actions/build-proxies/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,27 @@ description: "Build Proxies"
inputs:
version:
description: "Version number"
required: false
releaseVersion:
description: "Release, tag, branch, or commit ID to be used for deployment"
required: true
environment:
description: "Deployment environment"
required: true
apimEnv:
description: "APIM environment"
required: true
runId:
description: "GitHub Actions run ID to fetch the OAS artifact from"
required: true
buildSandbox:
description: "Whether to build the sandbox OAS spec"
required: false
default: false
targetComponent:
description: "Name of the Component to deploy"
required: true
default: 'api'

runs:
using: composite
Expand All @@ -25,46 +45,71 @@ runs:
shell: bash
run: |

ENV="${{ inputs.apimEnv }}"
if [[ "$ENV" == "internal-dev" || "$ENV" == *pr ]]; then
echo "TARGET_DOMAIN=suppliers.dev.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
elif [[ "$ENV" == "int" ]]; then
echo "TARGET_DOMAIN=suppliers.nonprod.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
elif [[ "$ENV" == "prod" ]]; then
echo "TARGET_DOMAIN=suppliers.prod.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
else
echo "TARGET_DOMAIN=suppliers.dev.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
fi

if [ -z $PR_NUMBER ]
then
echo "INSTANCE=$PROXYGEN_API_NAME" >> $GITHUB_ENV
echo "TARGET=https://main.suppliers.dev.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
echo "TARGET=https://main.$TARGET_DOMAIN" >> $GITHUB_ENV
echo "SANDBOX_TAG=latest" >> $GITHUB_ENV
echo "MTLS_NAME=notify-supplier-mtls" >> $GITHUB_ENV
else
echo "TARGET=https://pr$PR_NUMBER.suppliers.dev.nhsnotify.national.nhs.uk" >> $GITHUB_ENV
echo "TARGET=https://pr$PR_NUMBER.$TARGET_DOMAIN" >> $GITHUB_ENV
echo "INSTANCE=$PROXYGEN_API_NAME-PR-$PR_NUMBER" >> $GITHUB_ENV
echo "SANDBOX_TAG=pr$PR_NUMBER" >> $GITHUB_ENV
echo "MTLS_NAME=notify-supplier-mtls-pr$PR_NUMBER" >> $GITHUB_ENV
fi

- name: Install Proxygen client
shell: bash
run: |
# Install proxygen cli
pip install pipx
pipx install proxygen-cli

# Setup proxygen auth and settings
mkdir -p ${HOME}/.proxygen
echo -n $PROXYGEN_PRIVATE_KEY | base64 --decode > ${HOME}/.proxygen/key
envsubst < ./.github/proxygen-credentials-template.yaml > ${HOME}/.proxygen/credentials.yaml
envsubst < ./.github/proxygen-credentials-template.yaml | cat
envsubst < ./.github/proxygen-settings.yaml > ${HOME}/.proxygen/settings.yaml
envsubst < ./.github/proxygen-settings.yaml | cat

- name: Build sandbox oas
- name: Build ${{ inputs.apimEnv }} oas
working-directory: .
env:
APIM_ENV: ${{ inputs.apimEnv }}
shell: bash
run: |
make build-json-oas-spec APIM_ENV=sandbox
if [ ${{ env.APIM_ENV }} == "internal-dev-sandbox" ] && [ ${{ inputs.buildSandbox }} == true ]
then
echo "Building sandbox OAS spec"
make build-json-oas-spec APIM_ENV=sandbox
else
echo "Building env specific OAS spec"
make build-json-oas-spec APIM_ENV=${{ env.APIM_ENV }}
fi

- name: Set docker tag
shell: bash
run: |
jq --arg newtag "$SANDBOX_TAG" '.["x-nhsd-apim"].target.containers[0].image.tag = $newtag' build/notify-supplier.json > build/notify-supplier_target.json && mv build/notify-supplier_target.json build/notify-supplier.json
if [[ $APIM_ENV == *-pr ]]; then
echo "Removing pr suffix from APIM_ENV after building OAS and calling proxygen"
APIM_ENV=$(echo "$APIM_ENV" | sed 's/-pr$//')
fi
echo "APIM_ENV=$APIM_ENV" >> $GITHUB_ENV

- name: Upload OAS Spec
uses: actions/upload-artifact@v4
with:
name: ${{ env.APIM_ENV }}-build-output
path: ./build

- name: Deploy to Internal Dev Sandbox
- name: Trigger deploy proxy
env:
PR_TRIGGER_PAT: ${{ env.PR_TRIGGER_PAT }}
shell: bash
run: |
proxygen instance deploy internal-dev-sandbox $INSTANCE build/notify-supplier.json --no-confirm
.github/scripts/dispatch_internal_repo_workflow.sh \
--infraRepoName "nhs-notify-supplier-api" \
--releaseVersion "${{ inputs.releaseVersion }}" \
--targetComponent "${{ inputs.targetComponent }}" \
--targetWorkflow "proxy-deploy.yaml" \
--targetEnvironment "${{ inputs.environment }}" \
--runId "${{ inputs.runId }}" \
--buildSandbox ${{ inputs.buildSandbox }} \
--apimEnvironment "${{ env.APIM_ENV }}" \
--boundedContext "notify-supplier" \
--targetDomain "$TARGET_DOMAIN" \
--version "${{ inputs.version }}"
76 changes: 70 additions & 6 deletions .github/scripts/dispatch_internal_repo_workflow.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,10 @@ while [[ $# -gt 0 ]]; do
internalRef="$2"
shift 2
;;
--runId) # Github Run ID (optional)
runId="$2"
shift 2
;;
--overrides) # Terraform overrides for passing in extra variables (optional)
overrides="$2"
shift 2
Expand All @@ -80,6 +84,26 @@ while [[ $# -gt 0 ]]; do
overrideRoleName="$2"
shift 2
;;
--buildSandbox) # Build sandbox flag (optional)
buildSandbox="$2"
shift 2
;;
--apimEnvironment) # APIM environment (optional)
apimEnvironment="$2"
shift 2
;;
--boundedContext) # Bounded context (optional)
boundedContext="$2"
shift 2
;;
--targetDomain) # Target domain (optional)
targetDomain="$2"
shift 2
;;
--version) # Version (optional)
version="$2"
shift 2
;;
*)
echo "[ERROR] Unknown argument: $1"
exit 1
Expand All @@ -101,6 +125,30 @@ if [[ -z "$internalRef" ]]; then
internalRef="main"
fi

if [[ -z "$runId" ]]; then
runId=""
fi

if [[ -z "$buildSandbox" ]]; then
buildSandbox=""
fi

if [[ -z "$apimEnvironment" ]]; then
apimEnvironment=""
fi

if [[ -z "$boundedContext" ]]; then
boundedContext=""
fi

if [[ -z "$targetDomain" ]]; then
targetDomain=""
fi

if [[ -z "$version" ]]; then
version=""
fi

echo "==================== Workflow Dispatch Parameters ===================="
echo " infraRepoName: $infraRepoName"
echo " releaseVersion: $releaseVersion"
Expand All @@ -114,6 +162,12 @@ echo " overrides: $overrides"
echo " overrideProjectName: $overrideProjectName"
echo " overrideRoleName: $overrideRoleName"
echo " targetProject: $targetProject"
echo " runId: $runId"
echo " buildSandbox: $buildSandbox"
echo " apimEnvironment: $apimEnvironment"
echo " boundedContext: $boundedContext"
echo " targetDomain: $targetDomain"
echo " version: $version"

DISPATCH_EVENT=$(jq -ncM \
--arg infraRepoName "$infraRepoName" \
Expand All @@ -127,6 +181,12 @@ DISPATCH_EVENT=$(jq -ncM \
--arg overrideProjectName "$overrideProjectName" \
--arg overrideRoleName "$overrideRoleName" \
--arg targetProject "$targetProject" \
--arg runId "$runId" \
--arg buildSandbox "$buildSandbox" \
--arg apimEnvironment "$apimEnvironment" \
--arg boundedContext "$boundedContext" \
--arg targetDomain "$targetDomain" \
--arg version "$version" \
'{
"ref": "'"$internalRef"'",
"inputs": (
Expand All @@ -135,18 +195,26 @@ DISPATCH_EVENT=$(jq -ncM \
(if $overrideProjectName != "" then { "overrideProjectName": $overrideProjectName } else {} end) +
(if $overrideRoleName != "" then { "overrideRoleName": $overrideRoleName } else {} end) +
(if $targetProject != "" then { "targetProject": $targetProject } else {} end) +
(if $overrides != "" then { "overrides": $overrides } else {} end) +
(if $runId != "" then { "runId": $runId } else {} end) +
(if $buildSandbox != "" then { "buildSandbox": $buildSandbox } else {} end) +
(if $apimEnvironment != "" then { "apimEnvironment": $apimEnvironment } else {} end) +
(if $boundedContext != "" then { "boundedContext": $boundedContext } else {} end) +
(if $targetDomain != "" then { "targetDomain": $targetDomain } else {} end) +
(if $version != "" then { "version": $version } else {} end) +
(if $targetAccountGroup != "" then { "targetAccountGroup": $targetAccountGroup } else {} end) +
{
"releaseVersion": $releaseVersion,
"targetEnvironment": $targetEnvironment,
"targetAccountGroup": $targetAccountGroup,
"targetComponent": $targetComponent,
"overrides": $overrides,
}
)
}')

echo "[INFO] Triggering workflow '$targetWorkflow' in nhs-notify-internal..."

echo "[DEBUG] Dispatch event payload: $DISPATCH_EVENT"

trigger_response=$(curl -s -L \
--fail \
-X POST \
Expand Down Expand Up @@ -185,16 +253,12 @@ for _ in {1..18}; do
workflow_run_url=$(echo "$response" | jq -r \
--arg targetWorkflow "$targetWorkflow" \
--arg targetEnvironment "$targetEnvironment" \
--arg targetAccountGroup "$targetAccountGroup" \
--arg targetComponent "$targetComponent" \
--arg terraformAction "$terraformAction" \
'.workflow_runs[]
| select(.path == ".github/workflows/" + $targetWorkflow)
| select(.name
| contains($targetEnvironment)
and contains($targetAccountGroup)
and contains($targetComponent)
and contains($terraformAction)
)
| .url')

Expand Down
83 changes: 83 additions & 0 deletions .github/workflows/manual-proxy-environment-deploy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
name: Deploy proxy to environment
run-name: Proxygen Deployment for ${{ inputs.proxy_environment }}

on:
workflow_dispatch:
inputs:
proxy_environment:
description: Name of the proxygen environment to deploy to
required: true
type: choice
default: internal-dev
options:
- internal-dev
- int
- prod

permissions:
contents: read

jobs:
deploy-environment:
runs-on: ubuntu-latest
name: Deploy to Environment
steps:
- name: Checkout
uses: actions/checkout@v4

- uses: actions/setup-node@v4
with:
node-version: 24

- name: Npm install
working-directory: .
run: npm ci
shell: bash

- name: "Check if pull request exists for this branch and set ENVIRONMENT/APIM_ENV"
id: pr_exists
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
branch_name=${GITHUB_HEAD_REF:-$(echo $GITHUB_REF | sed 's#refs/heads/##')}
echo "Current branch is '$branch_name'"

if [ -z "${{ inputs.proxy_environment }}" ]; then
ENVIRONMENT="internal-dev"
else
ENVIRONMENT="${{ inputs.proxy_environment }}"
fi

pr_json=$(gh pr list --head "$branch_name" --state open --json number --limit 1)
pr_number=$(echo "$pr_json" | jq -r '.[0].number // empty')

if [[ -n "$pr_number" ]]; then
echo "Pull request exists: #$pr_number"
echo "does_pull_request_exist=true" >> $GITHUB_OUTPUT
echo "pr_number=$pr_number" >> $GITHUB_OUTPUT
APIM_ENV="$ENVIRONMENT-pr"
echo "changing environment variable so that PR number is used in proxy pipeline for setting env vars"
ENVIRONMENT="pr$pr_number"
else
echo "Pull request doesn't exist, setting target env to main"
echo "does_pull_request_exist=false" >> $GITHUB_OUTPUT
echo "pr_number=" >> $GITHUB_OUTPUT
APIM_ENV="$ENVIRONMENT"
$ENVIRONMENT='main'
fi

echo "ENVIRONMENT=$ENVIRONMENT" >> $GITHUB_ENV
echo "APIM_ENV=$APIM_ENV" >> $GITHUB_ENV

- name: "Build proxies"
env:
PROXYGEN_API_NAME: nhs-notify-supplier
PR_NUMBER: ${{ steps.pr_exists.outputs.pr_number }}
PR_TRIGGER_PAT: ${{ secrets.PR_TRIGGER_PAT }}
uses: ./.github/actions/build-proxies
with:
environment: "${{ env.ENVIRONMENT }}"
apimEnv: "${{ env.APIM_ENV }}"
runId: "${{ github.run_id }}"
buildSandbox: false
releaseVersion: ${{ github.ref_name }}
Loading