Feature/cdapi-78

.github/workflows/preview-env.yaml

@@ -21,7 +21,7 @@ env:
   PYTHON_VERSION: 3.14
   LAMBDA_RUNTIME: python3.14
   LAMBDA_HANDLER: lambda_handler.handler
-  MOCK_LAMBDA_HANDLER: handler.handler
+  MOCK_LAMBDA_HANDLER: lambda_handler.handler
   MTLS_SECRET_NAME: ${{ vars.PREVIEW_ENV_MTLS_SECRET_NAME }}
   PROXYGEN_KEY_ID: ${{ vars.PREVIEW_ENV_PROXYGEN_KEY_ID }}
   PROXYGEN_CLIENT_ID: ${{ vars.PREVIEW_ENV_PROXYGEN_CLIENT_ID }}
@@ -54,18 +54,10 @@ jobs:
         with:
           python-version: ${{ env.PYTHON_VERSION }}
 
-      - name: Package artifact
+      - name: Package artifacts
         run: |
           make build
 
-      # Place holder mock artifact packaging to allow testing of mock API in preview environment;
-      # can be extended to build a real mock Lambda if needed
-      - name: Package mock artifact
-        run: |
-          cd infrastructure/environments/preview
-          rm -f mock_artifact.zip
-          zip -r mock_artifact.zip .
-
       - name: Select AWS role inputs
         id: role-select
         env:
@@ -306,12 +298,23 @@ jobs:
           echo "url      = ${{ steps.names.outputs.int_preview_url }}"
 
       # ---------- Handle mock endpoints ----------
+      - name: Get Secrets for mocks
+        uses: aws-actions/aws-secretsmanager-get-secrets@a9a7eb4e2f2871d30dc5b892576fde60a2ecc802
+        with:
+          secret-ids: |
+            /cds/pathology/dev/jwks/secret
+          name-transformation: lowercase
+
       - name: Create or update mock Lambda (on open/sync/reopen)
         if: github.event.action != 'closed'
         env:
           TOKEN_EXPIRY_TIME: ${{ secrets.TOKEN_LIFETIME }}
+          AUTH_URL: "${{ steps.names.outputs.mock_preview_url }}/apim/oauth2/token"
+          JWKS_SECRET: ${{ env._cds_pathology_dev_jwks_secret }}
+          PUBLIC_KEY_URL: "https://example.com"
+          TOKEN_TABLE_NAME: "mock_services_dev"
         run: |
-          cd infrastructure/environments/preview
+          cd mocks/target/
           MFN="${{ steps.names.outputs.mock_function_name }}"
           SAFE="${{ steps.branch.outputs.safe }}"
           TOKEN_LIFETIME="${TOKEN_EXPIRY_TIME:-15m}"
@@ -336,18 +339,28 @@ jobs:
               --handler "${{ env.MOCK_LAMBDA_HANDLER }}" \
               --environment "Variables={CLIENT_PUBLIC_KEY_ARN=mock, \
                                         DDB_INDEX_TAG=$SAFE, \
-                                        TOKEN_LIFETIME=$TOKEN_LIFETIME}" || true
+                                        TOKEN_LIFETIME=$TOKEN_LIFETIME, \
+                                        AUTH_URL=$AUTH_URL, \
+                                        PUBLIC_KEY_URL=$PUBLIC_KEY_URL, \
+                                        API_KEY=$JWKS_SECRET, \
+                                        TOKEN_TABLE_NAME=$TOKEN_TABLE_NAME \
+                                        }" || true
             wait_for_lambda_ready
-            aws lambda update-function-code --function-name "$MFN" --zip-file "fileb://mock_artifact.zip" --publish
+            aws lambda update-function-code --function-name "$MFN" --zip-file "fileb://artifact.zip" --publish
           else
             aws lambda create-function --function-name "$MFN" \
               --runtime "${{ env.LAMBDA_RUNTIME }}" \
               --handler "${{ env.MOCK_LAMBDA_HANDLER }}" \
-              --zip-file "fileb://mock_artifact.zip" \
+              --zip-file "fileb://artifact.zip" \
               --role "${{ steps.role-select.outputs.lambda_role }}" \
               --environment "Variables={CLIENT_PUBLIC_KEY_ARN=mock, \
                                         DDB_INDEX_TAG=$SAFE, \
-                                        TOKEN_LIFETIME=$TOKEN_LIFETIME}" \
+                                        TOKEN_LIFETIME=$TOKEN_LIFETIME, \
+                                        AUTH_URL=$AUTH_URL, \
+                                        PUBLIC_KEY_URL=$PUBLIC_KEY_URL, \
+                                        API_KEY=$JWKS_SECRET, \
+                                        TOKEN_TABLE_NAME=$TOKEN_TABLE_NAME, \
+                                        }" \
               --publish
             wait_for_lambda_ready
           fi
@@ -644,6 +657,12 @@ jobs:
         with:
           path: pathology-api/test-artefacts/
           merge-multiple: false
+      - name: "Download mock test coverage artefacts"
+        if: always() && github.event.action != 'closed'
+        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
+        with:
+          path: mocks/test-artefacts/
+          merge-multiple: false
       - name: "Merge coverage data"
         if: always() && github.event.action != 'closed'
         run: make test-coverage
@@ -652,20 +671,35 @@ jobs:
         run: |
           cd pathology-api/test-artefacts
           mv coverage-merged.xml "${{ steps.create-name.outputs.artefact-name }}.xml"
+          cd ../..
+          cd mocks/test-artefacts
+          mv coverage-merged.xml ${{ steps.create-name.outputs.artefact-name }}-mocks.xml
       - name: "Upload combined coverage report"
         if: always() && github.event.action != 'closed'
         uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: ${{ steps.create-name.outputs.artefact-name }}
           path: pathology-api/test-artefacts
           retention-days: 30
-
+      - name: "Upload mocks coverage report"
+        if: always() && github.event.action != 'closed'
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        with:
+          name: ${{ steps.create-name.outputs.artefact-name }}-mocks
+          path: mocks/test-artefacts
+          retention-days: 30
       - name: "Download merged coverage report"
         if: always() && github.event.action != 'closed'
         uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: ${{ steps.create-name.outputs.artefact-name }}
           path: coverage-reports/
+      - name: "Download mock coverage report"
+        if: always() && github.event.action != 'closed'
+        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
+        with:
+          name: ${{ steps.create-name.outputs.artefact-name }}-mocks
+          path: coverage-reports/
       - name: "SonarCloud Scan"
         if: always() && github.event.action != 'closed' && github.actor != 'dependabot[bot]'
         uses: SonarSource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 #7.0.0
@@ -675,7 +709,7 @@ jobs:
           args: >
             -Dsonar.organization=${{ vars.SONAR_ORGANISATION_KEY }}
             -Dsonar.projectKey=${{ vars.SONAR_PROJECT_KEY }}
-            -Dsonar.python.coverage.reportPaths=coverage-reports/${{ steps.create-name.outputs.artefact-name }}.xml
+            -Dsonar.python.coverage.reportPaths=coverage-reports/${{ steps.create-name.outputs.artefact-name }}.xml,coverage-reports/${{ steps.create-name.outputs.artefact-name }}-mocks.xml
 
       - name: Comment function name on PR
         if: github.event_name == 'pull_request' && github.event.action != 'closed'

.github/workflows/stage-2-test.yaml

@@ -41,13 +41,20 @@ jobs:
           python-version: ${{ inputs.python_version }}
       - name: "Run unit test suite"
         run: make test-unit
-      - name: "Upload unit test results"
+      - name: "Upload unit test results for pathology-api"
         if: always()
         uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: unit-test-results
           path: pathology-api/test-artefacts/
           retention-days: 30
+      - name: "Upload unit test results for mocks"
+        if: always()
+        uses: actions/upload-artifact@v6
+        with:
+          name: mock-unit-test-results
+          path: mocks/test-artefacts/
+          retention-days: 30
       - name: "Publish unit test results to summary"
         if: always()
         uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 # v2.4
@@ -87,7 +94,7 @@ jobs:
   test-schema:
     name: "Schema validation tests"
     runs-on: ubuntu-latest
-    timeout-minutes: 5
+    timeout-minutes: 10
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v6

.github/workflows/update-sonar-statistics.yaml

@@ -55,16 +55,28 @@ jobs:
           cd ../..
 
           COVERAGE_UNIT_ONLY=true make test-coverage
+
           cd pathology-api/test-artefacts
           mv coverage-merged.xml "${{ steps.create-name.outputs.artefact-name }}.xml"
 
+          cd ../..
+          cd mocks/test-artefacts
+          mv coverage-merged.xml "${{ steps.create-name.outputs.artefact-name }}-mocks.xml"
+
       - name: "Upload combined coverage report"
         uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: ${{ steps.create-name.outputs.artefact-name }}
           path: pathology-api/test-artefacts
           retention-days: 30
 
+      - name: "Upload mocks coverage report"
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        with:
+          name: ${{ steps.create-name.outputs.artefact-name }}-mocks
+          path: mocks/test-artefacts
+          retention-days: 30
+
   sonarcloud-analysis:
     name: "SonarCloud Analysis"
     needs: run-tests
@@ -77,17 +89,23 @@ jobs:
         with:
           fetch-depth: 0 # Fetch all history for accurate SonarCloud analysis
 
+      - name: "Create coverage artefact name"
+        id: create-name
+        uses: ./.github/actions/create-artefact-name
+        with:
+          prefix: coverage
+
       - name: "Download merged coverage report"
         uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: ${{ steps.create-name.outputs.artefact-name }}
           path: coverage-reports/
 
-      - name: "Create coverage artefact name"
-        id: create-name
-        uses: ./.github/actions/create-artefact-name
+      - name: "Download mock coverage report"
+        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
         with:
-          prefix: coverage
+          name: ${{ steps.create-name.outputs.artefact-name }}-mocks
+          path: coverage-reports/
 
       - name: "SonarCloud Scan"
         uses: SonarSource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 #7.0.0
@@ -97,5 +115,5 @@ jobs:
           args: >
             -Dsonar.organization=${{ vars.SONAR_ORGANISATION_KEY }}
             -Dsonar.projectKey=${{ vars.SONAR_PROJECT_KEY }}
-            -Dsonar.python.coverage.reportPaths=coverage-reports/${{ steps.create-name.outputs.artefact-name }}/${{ steps.create-name.outputs.artefact-name }}.xml
+            -Dsonar.python.coverage.reportPaths=coverage-reports/${{ steps.create-name.outputs.artefact-name }}.xml,coverage-reports/${{ steps.create-name.outputs.artefact-name }}-mocks.xml
 

.gitleaksignore

@@ -6,6 +6,5 @@ cd9c0efec38c5d63053dd865e5d4e207c0760d91:docs/guides/Perform_static_analysis.md:
 
 pathology-api/pyproject.toml:ipv4:51
 pathology-api/pyproject.toml:ipv4:50
-
 mocks/pyproject.toml:ipv4:54
 mocks/pyproject.toml:ipv4:55