From 4b2ca5cb9ea35b27d94277a54c726954ec2796f8 Mon Sep 17 00:00:00 2001 From: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com> Date: Wed, 21 Jan 2026 14:39:12 +0000 Subject: [PATCH 01/10] Modify base path and API naming to v2 Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com> --- .github/scripts/deploy_api.sh | 2 +- packages/specification/prescriptions-for-patients.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index 456592f89..92673fb65 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -44,7 +44,7 @@ fi # Determine the proxy instance based on the provided $STACK_NAME apigee_api=prescriptions-for-patients-proxygen apigee_client=prescriptions-for-patients-proxygen -instance="pfp-proxygen${instance_suffix}" +instance="prescriptions-for-patients-v2${instance_suffix}" echo "Proxy instance: ${instance}" echo "Apigee api: ${apigee_api}" diff --git a/packages/specification/prescriptions-for-patients.yaml b/packages/specification/prescriptions-for-patients.yaml index e2b36da6d..3e03c48d9 100644 --- a/packages/specification/prescriptions-for-patients.yaml +++ b/packages/specification/prescriptions-for-patients.yaml @@ -4,7 +4,7 @@ openapi: 3.0.3 info: - title: Prescriptions for Patients API + title: Prescriptions for Patients API v2 version: "0.0.1" contact: name: Prescriptions for Patients API Support From e5e2a1097dbbe25aebf4b8545169a1882be0bbf5 Mon Sep 17 00:00:00 2001 From: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com> Date: Wed, 21 Jan 2026 16:30:11 +0000 Subject: [PATCH 02/10] Change apigee api name Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com> --- .github/scripts/deploy_api.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index 92673fb65..88f2eb79d 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -42,9 +42,9 @@ if [[ "${IS_PULL_REQUEST}" == "true" ]]; then fi # Determine the proxy instance based on the provided $STACK_NAME -apigee_api=prescriptions-for-patients-proxygen +apigee_api=prescriptions-for-patients-proxygen-v2 apigee_client=prescriptions-for-patients-proxygen -instance="prescriptions-for-patients-v2${instance_suffix}" +instance="prescriptions-for-patients-proxygen-v2${instance_suffix}" echo "Proxy instance: ${instance}" echo "Apigee api: ${apigee_api}" From d516c8b74649d7854480c247e16abd9c87a614ac Mon Sep 17 00:00:00 2001 From: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com> Date: Wed, 21 Jan 2026 16:43:37 +0000 Subject: [PATCH 03/10] Adjust API name and bump tests for new PFPv2 path Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com> --- .github/scripts/deploy_api.sh | 4 ++-- .github/workflows/run_regression_tests.yml | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index 88f2eb79d..5f87ec678 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -42,9 +42,9 @@ if [[ "${IS_PULL_REQUEST}" == "true" ]]; then fi # Determine the proxy instance based on the provided $STACK_NAME -apigee_api=prescriptions-for-patients-proxygen-v2 +apigee_api=prescriptions-for-patients-v2 apigee_client=prescriptions-for-patients-proxygen -instance="prescriptions-for-patients-proxygen-v2${instance_suffix}" +instance="prescriptions-for-patients-v2${instance_suffix}" echo "Proxy instance: ${instance}" echo "Apigee api: ${apigee_api}" diff --git a/.github/workflows/run_regression_tests.yml b/.github/workflows/run_regression_tests.yml index 84d211e71..2772e148c 100644 --- a/.github/workflows/run_regression_tests.yml +++ b/.github/workflows/run_regression_tests.yml @@ -79,8 +79,8 @@ jobs: GITHUB-TOKEN: ${{ steps.generate-token.outputs.token }} run: | if [[ "$TARGET_ENVIRONMENT" != "prod" && "$TARGET_ENVIRONMENT" != "ref" ]]; then - REGRESSION_TEST_REPO_TAG="v3.8.10" # This is the tag or branch of the regression test code to run, usually a version tag like v3.1.0 or a branch name - REGRESSION_TEST_WORKFLOW_TAG="v3.8.10" # This is the tag of the github workflow to run, usually the same as REGRESSION_TEST_REPO_TAG + REGRESSION_TEST_REPO_TAG="v3.8.11" # This is the tag or branch of the regression test code to run, usually a version tag like v3.1.0 or a branch name + REGRESSION_TEST_WORKFLOW_TAG="v3.8.11" # This is the tag of the github workflow to run, usually the same as REGRESSION_TEST_REPO_TAG if [[ -z "$REGRESSION_TEST_REPO_TAG" || -z "$REGRESSION_TEST_WORKFLOW_TAG" ]]; then echo "Error: One or both tag variables are not set" >&2 @@ -121,8 +121,8 @@ jobs: GITHUB-TOKEN: ${{ steps.generate-token.outputs.token }} run: | if [[ "$TARGET_ENVIRONMENT" != "prod" && "$TARGET_ENVIRONMENT" != "ref" ]]; then - REGRESSION_TEST_REPO_TAG="v3.8.10" # This is the tag or branch of the regression test code to run, usually a version tag like v3.1.0 or a branch name - REGRESSION_TEST_WORKFLOW_TAG="v3.8.10" # This is the tag of the github workflow to run, usually the same as REGRESSION_TEST_REPO_TAG + REGRESSION_TEST_REPO_TAG="v3.8.11" # This is the tag or branch of the regression test code to run, usually a version tag like v3.1.0 or a branch name + REGRESSION_TEST_WORKFLOW_TAG="v3.8.11" # This is the tag of the github workflow to run, usually the same as REGRESSION_TEST_REPO_TAG if [[ -z "$REGRESSION_TEST_REPO_TAG" || -z "$REGRESSION_TEST_WORKFLOW_TAG" ]]; then echo "Error: One or both tag variables are not set" >&2 From 93aa7ba7928243a63712be916d2ec15fbcf263e7 Mon Sep 17 00:00:00 2001 From: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com> Date: Fri, 23 Jan 2026 14:08:34 +0000 Subject: [PATCH 04/10] Change the client name too Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com> --- .github/scripts/deploy_api.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index 5f87ec678..77b320a30 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -43,7 +43,7 @@ fi # Determine the proxy instance based on the provided $STACK_NAME apigee_api=prescriptions-for-patients-v2 -apigee_client=prescriptions-for-patients-proxygen +apigee_client=prescriptions-for-patients-v2 instance="prescriptions-for-patients-v2${instance_suffix}" echo "Proxy instance: ${instance}" From f65892fd78f6d9b2fef07b97bb5c8fb2467d08dc Mon Sep 17 00:00:00 2001 From: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com> Date: Fri, 23 Jan 2026 14:50:07 +0000 Subject: [PATCH 05/10] Adjust KID and private key value (within secrets) Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com> --- .github/workflows/sam_release_code.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sam_release_code.yml b/.github/workflows/sam_release_code.yml index 86ec7804a..234360153 100644 --- a/.github/workflows/sam_release_code.yml +++ b/.github/workflows/sam_release_code.yml @@ -205,7 +205,7 @@ jobs: AWS_ENVIRONMENT: ${{ inputs.TARGET_ENVIRONMENT }} APIGEE_ENVIRONMENT: ${{ inputs.APIGEE_ENVIRONMENT }} PROXYGEN_PRIVATE_KEY_NAME: PrescriptionsForPatientsProxygenPrivateKey - PROXYGEN_KID: prescriptions-for-patients + PROXYGEN_KID: "2026-01-22-PROD-prescriptions-for-patients-v2" DRY_RUN: false ENABLE_MUTUAL_TLS: ${{ inputs.ENABLE_MUTUAL_TLS }} MTLS_KEY: ${{ inputs.MTLS_KEY }} From 9f686202f2d08b399803cc1fa9ed6be9cf13b8db Mon Sep 17 00:00:00 2001 From: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com> Date: Fri, 23 Jan 2026 15:10:23 +0000 Subject: [PATCH 06/10] Correct client naming Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com> --- .github/scripts/deploy_api.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index 77b320a30..02dfc9bb5 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -43,7 +43,7 @@ fi # Determine the proxy instance based on the provided $STACK_NAME apigee_api=prescriptions-for-patients-v2 -apigee_client=prescriptions-for-patients-v2 +apigee_client=prescriptions-for-patients-v2-prod instance="prescriptions-for-patients-v2${instance_suffix}" echo "Proxy instance: ${instance}" From 460664e57d1a301616669f5deba421f0e288c282 Mon Sep 17 00:00:00 2001 From: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com> Date: Fri, 23 Jan 2026 15:49:06 +0000 Subject: [PATCH 07/10] Change api naming Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com> --- .github/scripts/deploy_api.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index 02dfc9bb5..0dd1662b4 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -42,7 +42,7 @@ if [[ "${IS_PULL_REQUEST}" == "true" ]]; then fi # Determine the proxy instance based on the provided $STACK_NAME -apigee_api=prescriptions-for-patients-v2 +apigee_api=prescriptions-for-patients-v2-prod apigee_client=prescriptions-for-patients-v2-prod instance="prescriptions-for-patients-v2${instance_suffix}" From 911e336b9012fa3d9bac74afea3adefbceefce44 Mon Sep 17 00:00:00 2001 From: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com> Date: Fri, 23 Jan 2026 15:49:41 +0000 Subject: [PATCH 08/10] Adjust client too Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com> --- .github/scripts/deploy_api.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index 0dd1662b4..8b51415f0 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -43,7 +43,7 @@ fi # Determine the proxy instance based on the provided $STACK_NAME apigee_api=prescriptions-for-patients-v2-prod -apigee_client=prescriptions-for-patients-v2-prod +apigee_client=prescriptions-for-patients-v2-prod-client instance="prescriptions-for-patients-v2${instance_suffix}" echo "Proxy instance: ${instance}" From a0ddfbec03ebd487e9ad32f9eeef717b3f1e4817 Mon Sep 17 00:00:00 2001 From: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com> Date: Mon, 26 Jan 2026 11:25:36 +0000 Subject: [PATCH 09/10] Submit mTLS always Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com> --- .github/scripts/deploy_api.sh | 44 +++++++++++++++++------------------ 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index 8b51415f0..b8e894183 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -99,31 +99,31 @@ echo "Retrieving proxygen credentials" # Retrieve the proxygen private key and client private key and cert from AWS Secrets Manager proxygen_private_key_arn=$(aws cloudformation list-exports --query "Exports[?Name=='secrets:${PROXYGEN_PRIVATE_KEY_NAME}'].Value" --output text) -if [[ "${ENABLE_MUTUAL_TLS}" == "true" ]]; then - echo - echo "Store the secret used for mutual TLS to AWS using Proxygen proxy lambda" - if [[ "${DRY_RUN}" == "false" ]]; then - jq -n --arg apiName "${apigee_api}" \ - --arg apiClient "${apigee_client}" \ - --arg environment "${APIGEE_ENVIRONMENT}" \ - --arg secretName "${MTLS_KEY}" \ - --arg secretKey "${client_private_key}" \ - --arg secretCert "${client_cert}" \ - --arg kid "${PROXYGEN_KID}" \ - --arg proxygenSecretName "${proxygen_private_key_arn}" \ - '{apiName: $apiName, apiClient: $apiClient, environment: $environment, secretName: $secretName, secretKey: $secretKey, secretCert: $secretCert, kid, $kid, proxygenSecretName: $proxygenSecretName}' > payload.json +# if [[ "${ENABLE_MUTUAL_TLS}" == "true" ]]; then +echo +echo "Store the secret used for mutual TLS to AWS using Proxygen proxy lambda" +if [[ "${DRY_RUN}" == "false" ]]; then + jq -n --arg apiName "${apigee_api}" \ + --arg apiClient "${apigee_client}" \ + --arg environment "${APIGEE_ENVIRONMENT}" \ + --arg secretName "${MTLS_KEY}" \ + --arg secretKey "${client_private_key}" \ + --arg secretCert "${client_cert}" \ + --arg kid "${PROXYGEN_KID}" \ + --arg proxygenSecretName "${proxygen_private_key_arn}" \ + '{apiName: $apiName, apiClient: $apiClient, environment: $environment, secretName: $secretName, secretKey: $secretKey, secretCert: $secretCert, kid, $kid, proxygenSecretName: $proxygenSecretName}' > payload.json - aws lambda invoke --function-name "${put_secret_lambda}" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json - if eval "cat response.json | jq -e '.FunctionError' >/dev/null"; then - echo 'Error calling lambda' - cat out.txt - exit 1 - fi - echo "Secret stored successfully" - else - echo "Would call ${put_secret_lambda}" + aws lambda invoke --function-name "${put_secret_lambda}" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json + if eval "cat response.json | jq -e '.FunctionError' >/dev/null"; then + echo 'Error calling lambda' + cat out.txt + exit 1 fi + echo "Secret stored successfully" +else + echo "Would call ${put_secret_lambda}" fi +# fi echo echo "Deploy the API instance using Proxygen proxy lambda" From 8eeb355e5b7026c473d137b422997aedbfed5df2 Mon Sep 17 00:00:00 2001 From: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com> Date: Mon, 26 Jan 2026 13:02:11 +0000 Subject: [PATCH 10/10] Remove the client value Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com> --- .github/scripts/deploy_api.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index b8e894183..15e18de4a 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -43,7 +43,7 @@ fi # Determine the proxy instance based on the provided $STACK_NAME apigee_api=prescriptions-for-patients-v2-prod -apigee_client=prescriptions-for-patients-v2-prod-client +apigee_client=prescriptions-for-patients-v2-prod instance="prescriptions-for-patients-v2${instance_suffix}" echo "Proxy instance: ${instance}"