README.md

# GOV.UK Notify API

Contains:
- the public-facing REST API for GOV.UK Notify, which teams can integrate with using [our clients](https://www.notifications.service.gov.uk/documentation)
- an internal-only REST API built using Flask to manage services, users, templates, etc (this is what the [admin app](http://github.com/alphagov/notifications-admin) talks to)
- asynchronous workers built using Celery to put things on queues and read them off to be processed, sent to providers, updated, etc

## Setting Up

### Python version

We run python 3.9 both locally and in production.

### psycopg2

[Follow these instructions on Mac M1 machines](https://github.com/psycopg/psycopg2/issues/1216#issuecomment-1068150544).

### AWS credentials

To run the API you will need appropriate AWS credentials. See the [Wiki](https://github.com/alphagov/notifications-manuals/wiki/aws-accounts#how-to-set-up-local-development) for more details.

### `environment.sh`

Creating and edit an environment.sh file.

```
echo "
export NOTIFY_ENVIRONMENT='development'

export MMG_API_KEY='MMG_API_KEY'
export FIRETEXT_API_KEY='FIRETEXT_ACTUAL_KEY'
export NOTIFICATION_QUEUE_PREFIX='YOUR_OWN_PREFIX'

export FLASK_APP=application.py
export FLASK_ENV=development
export WERKZEUG_DEBUG_PIN=off
"> environment.sh
```

Things to change:

* Replace `YOUR_OWN_PREFIX` with `local_dev_<first name>`.
* Run the following in the credentials repo to get the API keys.

```
notify-pass credentials/firetext
notify-pass credentials/mmg
```

### Secrets Detection

```
brew install detect-secrets # or pip install detect-secrets
detect-secrets scan
#review output of above, make sure none of the baseline entries are sensitive
detect-secrets scan > .secrets.baseline
#creates the baseline file
```

Ideally, you'll install `detect-secrets` so that it's accessible from any environment from which you _might_ commit. You can use `brew install` to make it available globally. You could also install via `pip install` inside a virtual environment, if you're sure you'll _only_ commit from that environment.

If you open .git/hooks/pre-commit you should see a simple bash script that runs the command below, reads the output and aborts before committing if detect-secrets finds a secret. You should be able to test it by staging a file with any high-entropy string like `"bblfwk3u4bt484+afw4avev5ae+afr4?/fa"` (it also has other ways to detect secrets, this is just the most straightforward to test). 

You can permit exceptions by adding an inline comment containing `pragma: allowlist secret`

The command that is actually run by the pre-commit hook is: `git diff --staged --name-only -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline`

You can also run against all tracked files staged or not: `git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline`

### Postgres

Install [Postgres.app](http://postgresapp.com/).

Currently the API works with PostgreSQL 11. After installation, open the Postgres app, open the sidebar, and update or replace the default server with a compatible version.

**Note:** you may need to add the following directory to your PATH in order to bootstrap the app.

```
export PATH=${PATH}:/Applications/Postgres.app/Contents/Versions/11/bin/
```

### Redis

To switch redis on you'll need to install it locally. On a Mac you can do:

```
# assuming you use Homebrew
brew install redis
brew services start redis
```

To use redis caching you need to switch it on with an environment variable:

```
export REDIS_ENABLED=1
```

##  To run the application

```
# install dependencies, etc.
make bootstrap

# run the web app
make run-flask

# run the background tasks
make run-celery

# run scheduled tasks (optional)
make run-celery-beat
```

We've had problems running Celery locally due to one of its dependencies: pycurl. Due to the complexity of the issue, we also support running Celery via Docker:

```
# install dependencies, etc.
make bootstrap-with-docker

# run the background tasks
make run-celery-with-docker

# run scheduled tasks
make run-celery-beat-with-docker
```

##  To test the application

```
# install dependencies, etc.
make bootstrap

make test
```

## To run one off tasks

Tasks are run through the `flask` command - run `flask --help` for more information. There are two sections we need to
care about: `flask db` contains alembic migration commands, and `flask command` contains all of our custom commands. For
example, to purge all dynamically generated functional test data, do the following:

Locally
```
flask command purge_functional_test_data -u <functional tests user name prefix>
```

On the server
```
cf run-task notify-api "flask command purge_functional_test_data -u <functional tests user name prefix>"
```

All commands and command options have a --help command if you need more information.

## Further documentation

- [Writing public APIs](docs/writing-public-apis.md)
- [Updating dependencies](https://github.com/alphagov/notifications-manuals/wiki/Dependencies)
Update description of what the API repo is for 2018-10-30 13:30:46 +00:00			`# GOV.UK Notify API`
Add trigger dependent build 2015-11-20 10:51:08 +00:00
Update description of what the API repo is for 2018-10-30 13:30:46 +00:00			`Contains:`
			`- the public-facing REST API for GOV.UK Notify, which teams can integrate with using [our clients](https://www.notifications.service.gov.uk/documentation)`
			`- an internal-only REST API built using Flask to manage services, users, templates, etc (this is what the [admin app](http://github.com/alphagov/notifications-admin) talks to)`
			`- asynchronous workers built using Celery to put things on queues and read them off to be processed, sent to providers, updated, etc`
Add trigger dependent build 2015-11-20 10:51:08 +00:00
Changes after review, and further thinking... 2016-10-04 15:09:58 +01:00			`## Setting Up`

Document Python version 2018-10-30 13:33:56 +00:00			`### Python version`

switch to python 3.9 2021-11-10 14:05:17 +00:00			`We run python 3.9 both locally and in production.`
Document Python version 2018-10-30 13:33:56 +00:00
Replace pycurl guidance with psycopg2 Since we moved to Dockerised Celery the pycurl guidance should no longer be necessary and doesn't work on newer Mac M1 machines. This also adds new guidance for psycopg2, which will hopefully be temporary (see issue comment). 2022-03-15 15:55:46 +00:00			`### psycopg2`
Link to guidance about installing pycurl This seems to be an issue for several people when we install new versions of the package. Older versions of the package seem to be equally affected, so the new need for this is likely related to us using a newer OS / XCode version. 2021-11-15 15:21:09 +00:00
Replace pycurl guidance with psycopg2 Since we moved to Dockerised Celery the pycurl guidance should no longer be necessary and doesn't work on newer Mac M1 machines. This also adds new guidance for psycopg2, which will hopefully be temporary (see issue comment). 2022-03-15 15:55:46 +00:00			`[Follow these instructions on Mac M1 machines](https://github.com/psycopg/psycopg2/issues/1216#issuecomment-1068150544).`
Link to guidance about installing pycurl This seems to be an issue for several people when we install new versions of the package. Older versions of the package seem to be equally affected, so the new need for this is likely related to us using a newer OS / XCode version. 2021-11-15 15:21:09 +00:00
Changes after review, and further thinking... 2016-10-04 15:09:58 +01:00			`### AWS credentials`
Updated README based on my experience getting things running 2016-10-04 11:12:55 +01:00
Revise section about AWS setup This is covered in Wiki in more detail. 2021-02-17 16:56:20 +00:00			`To run the API you will need appropriate AWS credentials. See the [Wiki](https://github.com/alphagov/notifications-manuals/wiki/aws-accounts#how-to-set-up-local-development) for more details.`
Changes after review, and further thinking... 2016-10-04 15:09:58 +01:00
Fix broken Markdown headings in README 2018-07-30 15:25:48 +01:00			### `environment.sh`
Changes after review, and further thinking... 2016-10-04 15:09:58 +01:00
Clarify setup instructions for environment.sh 2021-02-17 17:04:28 +00:00			`Creating and edit an environment.sh file.`
Updated sample values for secret keys in environment.sh to match that suggested in delivery app. Called out the reason for unique prefixes or queue names. 2016-02-17 10:20:40 +00:00
Update config Source the configuration from an environment file, this way it is similar to how the aws environment works 2016-02-16 15:25:46 +00:00			```
Update README with set up instructions. 2016-02-17 09:49:36 +00:00			`echo "`
Changes after review, and further thinking... 2016-10-04 15:09:58 +01:00			`export NOTIFY_ENVIRONMENT='development'`
move all static env vars from env.sh to config file in dev There's no reason to have things that never change in environment.sh. you'll want to update your environment.sh, then restart your shells (`exec bash` or `exec zsh` etc) This also changes the database to be set statically in the config, but overridable from the command line if you need to - for example, jenkins will override it with the dockerised postgres uri. 2018-02-21 18:12:03 +00:00
Simplified the config. Aim is to get the actual secrets in credstash to be env specific, and not the random collection of things we have at the moment. Secret definition also includes env specific things such as URLs / Queue prefixes / URLs for providers and so on. 2016-09-07 09:35:31 +01:00			`export MMG_API_KEY='MMG_API_KEY'`
Changes after review, and further thinking... 2016-10-04 15:09:58 +01:00			`export FIRETEXT_API_KEY='FIRETEXT_ACTUAL_KEY'`
			`export NOTIFICATION_QUEUE_PREFIX='YOUR_OWN_PREFIX'`
move all static env vars from env.sh to config file in dev There's no reason to have things that never change in environment.sh. you'll want to update your environment.sh, then restart your shells (`exec bash` or `exec zsh` etc) This also changes the database to be set statically in the config, but overridable from the command line if you need to - for example, jenkins will override it with the dockerised postgres uri. 2018-02-21 18:12:03 +00:00
Remove flask-script, move commands to click click (http://click.pocoo.org/) is used by flask to run its cli args. In removing flask_script (it's unmaintained), we had to migrate all our commands to use click. This is a change for the better in my eyes - you don't need to define the command in several places, and it makes managing options a bit easier. View diff with whitespace turned off unless you're a masochist. 2017-11-06 12:34:29 +00:00			`export FLASK_APP=application.py`
Swap FLASK_DEBUG for FLASK_ENV This achieves the same thing and gets rid of the warning about being in a production environment when the app starts up. 2021-02-18 09:10:13 +00:00			`export FLASK_ENV=development`
Remove flask-script, move commands to click click (http://click.pocoo.org/) is used by flask to run its cli args. In removing flask_script (it's unmaintained), we had to migrate all our commands to use click. This is a change for the better in my eyes - you don't need to define the command in several places, and it makes managing options a bit easier. View diff with whitespace turned off unless you're a masochist. 2017-11-06 12:34:29 +00:00			`export WERKZEUG_DEBUG_PIN=off`
Update README with set up instructions. 2016-02-17 09:49:36 +00:00			`"> environment.sh`
			```

Clarify setup instructions for environment.sh 2021-02-17 17:04:28 +00:00			`Things to change:`

			* Replace `YOUR_OWN_PREFIX` with `local_dev_<first name>`.
			`* Run the following in the credentials repo to get the API keys.`
Updated sample values for secret keys in environment.sh to match that suggested in delivery app. Called out the reason for unique prefixes or queue names. 2016-02-17 10:20:40 +00:00
Clarify setup instructions for environment.sh 2021-02-17 17:04:28 +00:00			```
Update where to get creds for sms providers Due to change in https://github.com/alphagov/notifications-credentials/pull/261 2022-02-07 10:46:05 +00:00			`notify-pass credentials/firetext`
			`notify-pass credentials/mmg`
Clarify setup instructions for environment.sh 2021-02-17 17:04:28 +00:00			```
Add celery run to readme 2016-02-23 12:28:10 +00:00
Add secrets detection section to readme 2022-06-28 15:30:09 -07:00			`### Secrets Detection`

			```
			`brew install detect-secrets # or pip install detect-secrets`
			`detect-secrets scan`
			`#review output of above, make sure none of the baseline entries are sensitive`
			`detect-secrets scan > .secrets.baseline`
			`#creates the baseline file`
			```

			Ideally, you'll install `detect-secrets` so that it's accessible from any environment from which you _might_ commit. You can use `brew install` to make it available globally. You could also install via `pip install` inside a virtual environment, if you're sure you'll _only_ commit from that environment.

			If you open .git/hooks/pre-commit you should see a simple bash script that runs the command below, reads the output and aborts before committing if detect-secrets finds a secret. You should be able to test it by staging a file with any high-entropy string like `"bblfwk3u4bt484+afw4avev5ae+afr4?/fa"` (it also has other ways to detect secrets, this is just the most straightforward to test).

			You can permit exceptions by adding an inline comment containing `pragma: allowlist secret`

			The command that is actually run by the pre-commit hook is: `git diff --staged --name-only -z \| xargs -0 detect-secrets-hook --baseline .secrets.baseline`

			You can also run against all tracked files staged or not: `git ls-files -z \| xargs -0 detect-secrets-hook --baseline .secrets.baseline`

Changes after review, and further thinking... 2016-10-04 15:09:58 +01:00			`### Postgres`
Updated README based on my experience getting things running 2016-10-04 11:12:55 +01:00
Update install instructions for Postgres This apps works with v11, but not with v13. Adding '\|\| true' in the Makefile means the 'bootstrap' rule can be run multiple times, even if the DB already exists. 2021-02-18 15:19:40 +00:00			`Install [Postgres.app](http://postgresapp.com/).`
Add celery run to readme 2016-02-23 12:28:10 +00:00
Update install instructions for Postgres This apps works with v11, but not with v13. Adding '\|\| true' in the Makefile means the 'bootstrap' rule can be run multiple times, even if the DB already exists. 2021-02-18 15:19:40 +00:00			`Currently the API works with PostgreSQL 11. After installation, open the Postgres app, open the sidebar, and update or replace the default server with a compatible version.`

			`Note: you may need to add the following directory to your PATH in order to bootstrap the app.`

			```
			`export PATH=${PATH}:/Applications/Postgres.app/Contents/Versions/11/bin/`
			```
Update README.md to reflect Postgres version needed Added note about installing Postgres 9.6 2018-11-07 16:33:22 +00:00
Updated readme 2016-12-02 10:09:36 +00:00			`### Redis`

Be more helpful for how to install / start Redis In response to [1]. [1]: https://github.com/alphagov/notifications-api/pull/3467#discussion_r815797015 2022-02-28 11:27:34 +00:00			`To switch redis on you'll need to install it locally. On a Mac you can do:`

			```
			`# assuming you use Homebrew`
			`brew install redis`
			`brew services start redis`
			```

			`To use redis caching you need to switch it on with an environment variable:`
Added README to tell users how tp switch REDIS on 2016-12-02 10:11:31 +00:00
Iterate local development with Docker This makes a few changes to: - Make local development consistent with our other apps. It's now faster to start Celery locally since we don't try to build the image each time - this is usually quick, but unnecessary. - Add support for connecting to a local Redis instance. Note that the previous suggestion of "REDIS = True" was incorrect as this would be turned into the literal string "True". I've also co-located and extended the recipes in the Makefile to make them a bit more visible. 2022-02-24 17:11:46 +00:00			```
Minor tweaks in response to PR comments 2022-02-25 17:49:07 +00:00			`export REDIS_ENABLED=1`
Iterate local development with Docker This makes a few changes to: - Make local development consistent with our other apps. It's now faster to start Celery locally since we don't try to build the image each time - this is usually quick, but unnecessary. - Add support for connecting to a local Redis instance. Note that the previous suggestion of "REDIS = True" was incorrect as this would be turned into the literal string "True". I've also co-located and extended the recipes in the Makefile to make them a bit more visible. 2022-02-24 17:11:46 +00:00			```
Updated readme 2016-12-02 10:09:36 +00:00
Add celery run to readme 2016-02-23 12:28:10 +00:00			`## To run the application`

			```
Make instructions to run app/tests more concise 2021-02-17 17:06:58 +00:00			`# install dependencies, etc.`
Move bootstrap tasks into the Makefile This is more consistent with how we run all other tasks. Note that the virtual env setup is not generally applicable, and developers of this repo should follow the guidance in the README. 2021-02-17 17:22:45 +00:00			`make bootstrap`
Make instructions to run app/tests more concise 2021-02-17 17:06:58 +00:00
			`# run the web app`
Switch to 'make' for running app processes These are simple enough that they don't need their own scripts. 2021-02-17 16:49:05 +00:00			`make run-flask`
Add celery run to readme 2016-02-23 12:28:10 +00:00
Make instructions to run app/tests more concise 2021-02-17 17:06:58 +00:00			`# run the background tasks`
Switch to 'make' for running app processes These are simple enough that they don't need their own scripts. 2021-02-17 16:49:05 +00:00			`make run-celery`
Add celery run to readme 2016-02-23 12:28:10 +00:00
Make instructions to run app/tests more concise 2021-02-17 17:06:58 +00:00			`# run scheduled tasks (optional)`
Switch to 'make' for running app processes These are simple enough that they don't need their own scripts. 2021-02-17 16:49:05 +00:00			`make run-celery-beat`
Readme update 2016-03-18 12:58:17 +00:00			```
Add server_commands and update readme.md Update command to search for services from the user. 2016-05-11 15:52:49 +01:00
Iterate local development with Docker This makes a few changes to: - Make local development consistent with our other apps. It's now faster to start Celery locally since we don't try to build the image each time - this is usually quick, but unnecessary. - Add support for connecting to a local Redis instance. Note that the previous suggestion of "REDIS = True" was incorrect as this would be turned into the literal string "True". I've also co-located and extended the recipes in the Makefile to make them a bit more visible. 2022-02-24 17:11:46 +00:00			`We've had problems running Celery locally due to one of its dependencies: pycurl. Due to the complexity of the issue, we also support running Celery via Docker:`

			```
			`# install dependencies, etc.`
			`make bootstrap-with-docker`

			`# run the background tasks`
			`make run-celery-with-docker`

			`# run scheduled tasks`
			`make run-celery-beat-with-docker`
Fix incorrect code block formatting in README 2022-03-08 12:42:14 +00:00			```
Iterate local development with Docker This makes a few changes to: - Make local development consistent with our other apps. It's now faster to start Celery locally since we don't try to build the image each time - this is usually quick, but unnecessary. - Add support for connecting to a local Redis instance. Note that the previous suggestion of "REDIS = True" was incorrect as this would be turned into the literal string "True". I've also co-located and extended the recipes in the Makefile to make them a bit more visible. 2022-02-24 17:11:46 +00:00
include section on testing in readme.md 2016-08-24 14:30:46 +01:00			`## To test the application`

			```
Make instructions to run app/tests more concise 2021-02-17 17:06:58 +00:00			`# install dependencies, etc.`
Move bootstrap tasks into the Makefile This is more consistent with how we run all other tasks. Note that the virtual env setup is not generally applicable, and developers of this repo should follow the guidance in the README. 2021-02-17 17:22:45 +00:00			`make bootstrap`
Make instructions to run app/tests more concise 2021-02-17 17:06:58 +00:00
include section on testing in readme.md 2016-08-24 14:30:46 +01:00			`make test`
			```

update readme and ensure makefile up to date 2017-11-22 16:36:09 +00:00			`## To run one off tasks`
Add server_commands and update readme.md Update command to search for services from the user. 2016-05-11 15:52:49 +01:00
update readme and ensure makefile up to date 2017-11-22 16:36:09 +00:00			Tasks are run through the `flask` command - run `flask --help` for more information. There are two sections we need to
			care about: `flask db` contains alembic migration commands, and `flask command` contains all of our custom commands. For
			`example, to purge all dynamically generated functional test data, do the following:`
Add server_commands and update readme.md Update command to search for services from the user. 2016-05-11 15:52:49 +01:00
			`Locally`
			```
update readme and ensure makefile up to date 2017-11-22 16:36:09 +00:00			`flask command purge_functional_test_data -u <functional tests user name prefix>`
Add server_commands and update readme.md Update command to search for services from the user. 2016-05-11 15:52:49 +01:00			```

			`On the server`
			```
update readme and ensure makefile up to date 2017-11-22 16:36:09 +00:00			`cf run-task notify-api "flask command purge_functional_test_data -u <functional tests user name prefix>"`
Add server_commands and update readme.md Update command to search for services from the user. 2016-05-11 15:52:49 +01:00			```
update readme and ensure makefile up to date 2017-11-22 16:36:09 +00:00
			`All commands and command options have a --help command if you need more information.`
Describe process for creating a new worker app 2018-03-08 14:02:08 +00:00
Extract content about new workers into own doc This is a bit too niche for the README, which should be focussed on the bare minimum someone needs to know to get started with a repo. Moving this content to its own doc is consistent with other apps [1] and gives it more room to grow. [1]: https://github.com/alphagov/notifications-admin/tree/master/docs 2021-09-15 15:33:42 +01:00			`## Further documentation`
Describe process for creating a new worker app 2018-03-08 14:02:08 +00:00
Add new guidance on writing public APIs In response to: https://github.com/alphagov/notifications-api/pull/3305#issuecomment-896631475 2021-09-15 17:09:04 +01:00			`- [Writing public APIs](docs/writing-public-apis.md)`
Centralise documentation for updating dependencies This follows the convention established in [1]. [1]: https://github.com/alphagov/notifications-antivirus/pull/83 2021-12-29 14:59:38 +00:00			`- [Updating dependencies](https://github.com/alphagov/notifications-manuals/wiki/Dependencies)`