NHSDigital · nhsd-david-wass · Aug 1, 2025 · Jul 15, 2025 · Jul 24, 2025 · Jul 28, 2025
@@ -98,5 +98,5 @@
     "source=${localEnv:HOME}/.gnupg,target=/home/vscode/.gnupg,type=bind,consistency=cached"
   ],
   "name": "Ubuntu",
-  "postCreateCommand": "pipx install pre-commit && make config && echo 'export GPG_TTY=$TTY' | cat - ~/.zshrc > temp && mv temp ~/.zshrc"
+  "postCreateCommand": "scripts/devcontainer/postcreatecommand.sh"
 }
@@ -0,0 +1,64 @@
+name: "Build Proxies"
+description: "Build Proxies"
+inputs:
+  version:
+    description: "Version number"
+    required: true
+runs:
+  using: composite
+
+  steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 24
+
+    - name: Npm install
+      working-directory: .
+      run: npm ci
+      shell: bash
+
+    - name: Build oas
+      working-directory: .
+      shell: bash
+      run: |
+        make publish-oas
+
+    - name: Setup Proxy Name
+      shell: bash
+      run: |
+
+        if [ -z $PR_NUMBER ]
+        then
+          echo "INSTANCE=$PROXYGEN_API_NAME" >> $GITHUB_ENV
+        else
+          echo "INSTANCE=$PROXYGEN_API_NAME-PR-$PR_NUMBER" >> $GITHUB_ENV
+        fi
+
+
+    - name: Install Proxygen client
+      shell: bash
+      run: |
+        # Install proxygen cli
+        pip install pipx
+        pipx install proxygen-cli
+
+        # Setup proxygen auth and settings
+        mkdir -p ${HOME}/.proxygen
+        echo -n $PROXYGEN_PRIVATE_KEY | base64 --decode > ${HOME}/.proxygen/key
+        envsubst < ./.github/proxygen-credentials-template.yaml > ${HOME}/.proxygen/credentials.yaml
+        envsubst < ./.github/proxygen-credentials-template.yaml | cat
+        envsubst < ./.github/proxygen-settings.yaml > ${HOME}/.proxygen/settings.yaml
+        envsubst < ./.github/proxygen-settings.yaml | cat
+
+
+    - name: Deploy to Internal Dev
+      shell: bash
+      run: |
+        proxygen instance deploy internal-dev $INSTANCE build/notify-supplier.json --no-confirm
+
+    - name: Deploy to Internal Dev Sandbox
+      shell: bash
+      run: |
+        proxygen instance deploy internal-dev-sandbox $INSTANCE build/notify-supplier.json --no-confirm
@@ -0,0 +1,4 @@
+client_id: $PROXYGEN_CLIENT_ID
+key_id: $PROXYGEN_KID
+private_key_path: key
+base_url: https://identity.prod.api.platform.nhs.uk/realms/api-producers
@@ -0,0 +1,2 @@
+endpoint_url: https://proxygen.prod.api.platform.nhs.uk
+api: nhs-notify-supplier
@@ -27,6 +27,7 @@ jobs:
       version: ${{ steps.variables.outputs.version }}
       is_version_prerelease: ${{ steps.variables.outputs.is_version_prerelease }}
       does_pull_request_exist: ${{ steps.pr_exists.outputs.does_pull_request_exist }}
+      pr_number: ${{ steps.pr_exists.outputs.pr_number }}
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4
@@ -56,6 +57,8 @@ jobs:
           if gh pr list --head $branch_name | grep -q .; then
             echo "Pull request exists"
             echo "does_pull_request_exist=true" >> $GITHUB_OUTPUT
+            PR_NUMBER=$(gh pr list --head "$branch_name" --state open --json number -q '.[0].number')
+            echo "pr_number=$PR_NUMBER" >> $GITHUB_OUTPUT
           else
             echo "Pull request doesn't exist"
             echo "does_pull_request_exist=false" >> $GITHUB_OUTPUT
@@ -72,6 +75,7 @@ jobs:
           export VERSION="${{ steps.variables.outputs.version }}"
           export DOES_PULL_REQUEST_EXIST="${{ steps.pr_exists.outputs.does_pull_request_exist }}"
           export IS_VERSION_PRERELEASE="${{ steps.variables.outputs.is_version_prerelease }}"
+          export PR_NUMBER="${{ steps.pr_exists.outputs.pr_number }}"
           make list-variables
   commit-stage: # Recommended maximum execution time is 2 minutes
     name: "Commit stage"
@@ -112,6 +116,7 @@ jobs:
       python_version: "${{ needs.metadata.outputs.python_version }}"
       terraform_version: "${{ needs.metadata.outputs.terraform_version }}"
       version: "${{ needs.metadata.outputs.version }}"
+      pr_number: "${{ needs.metadata.outputs.pr_number }}"
     secrets: inherit
   acceptance-stage: # Recommended maximum execution time is 10 minutes
     name: "Acceptance stage"

@@ -31,6 +31,10 @@ on:
         description: "Version of the software, set by the CI/CD pipeline workflow"
         required: true
         type: string
+      pr_number:
+        description: "PR Number if it exists"
+        required: false
+        type: string
 
 jobs:
   artefact-jekyll-docs:
@@ -81,6 +85,32 @@ jobs:
         with:
           version: "${{ inputs.version }}"
 
+  artefact-proxies:
+    name: "Build proxies"
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    env:
+      PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_ENCODED_NOTIFY_SUPPLIER_PRIVATE_KEY }}
+      PROXYGEN_KID: notify-supplier-key-1
+      PROXYGEN_CLIENT_ID: nhs-notify-supplier-client
+      PROXYGEN_API_NAME: nhs-notify-supplier
+      PR_NUMBER: ${{ inputs.pr_number }}
+    steps:
+      - name: Verify environment variables
+        shell: bash
+        run: |
+          echo "PROXYGEN_PRIVATE_KEY is set: [${{ secrets.PROXYGEN_ENCODED_NOTIFY_SUPPLIER_PRIVATE_KEY != '' }}]"
+          echo "PROXYGEN_KID: $PROXYGEN_KID"
+          echo "PROXYGEN_CLIENT_ID: $PROXYGEN_CLIENT_ID"
+          echo "PROXYGEN_API_NAME: $PROXYGEN_API_NAME"
+          echo "PR_NUMBER: $PR_NUMBER"
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+      - name: "Build proxies"
+        uses: ./.github/actions/build-proxies
+        with:
+          version: "${{ inputs.version }}"
+
   # artefact-1:
   #   name: "Artefact 1"
   #   runs-on: ubuntu-latest

@@ -29,6 +29,19 @@ clean:: # Clean-up project resources (main) @Operations
 serve:
 	npm run serve
 
+
+lint-oas:
+	npm run lint-oas
+
+publish-oas:
+	npm run publish-oas
+
+serve-oas:
+	npm run serve-oas
+
+bundle-oas:
+	npm run bundle-oas
+
 serve-swagger:
 	npm run serve-swagger-docs
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		endpoint_url: https://proxygen.prod.api.platform.nhs.uk
		api: nhs-notify-supplier