Skip to main content

Build

🛠 Productionise your “hello NHS” into a small, safe, supportable project—dashboards, APIs, pipelines, or automation.
Why this page?

This section shows the minimum viable steps to move from learning to something live. It emphasises repeatability, IG guardrails, and small deployments that can be expanded later.

Starter project kits

📊 Dashboards
Dash · Shiny · Evidence.dev
Ship an internal KPI page with refresh and definitions.

🔌 APIs & Apps
FastAPI · Express · Next.js
Expose a KPI or model via a tiny, documented endpoint.

🚚 Data pipelines
Python ETL · dbt (optional) · DuckDB
Extract → validate → publish to Parquet/SQL views.

⚙️ Automation
Python + Scheduler · Dev Containers
Automate routine refreshes with logs and alerts.

🤖 ML models
scikit‑learn · MLflow (optional) · FastAPI
Train → validate → serve a simple prediction.

90‑minute baseline (works for most builds)

  1. Create a repo: code + README + LICENSE + .gitignore + SECURITY.md (who to contact).
  2. Data contract: define one source table/view per KPI/model; add created_utc, source_system, and a plain‑English definition.
  3. Environment: .env.example checked in; local .env ignored; secrets documented in README.
  4. Run script: make run or run.ps1 that executes end‑to‑end on a dev machine.
  5. Validation: add 2–3 fast checks (row counts vs yesterday; rates within bounds). Fail loud.
  6. Packaging: Dockerfile or VS Code Dev Container for reproducible runs.
  7. Docs: “How to run”, “How to deploy”, “Data definitions”, “Known limitations”.

Tiny deployment presets

☁️ Azure App Service (container)

# image already in ACR; see Learn → Azure
az webapp create -g rg-nhs -p nhs-plan -n nhs-kpi-api \
  --deployment-container-image-name nhsregistry.azurecr.io/nhs-kpi-api:latest
az webapp config appsettings set -g rg-nhs -n nhs-kpi-api --settings PORT=8000

☁️ AWS App Runner (ECR image)

aws apprunner create-service \
  --service-name nhs-kpi-api \
  --source-configuration ImageRepository="{ImageIdentifier=<acct>.dkr.ecr.<region>.amazonaws.com/nhs-kpi-api:latest,ImageRepositoryType=ECR,ImageConfiguration={Port=8000}}"

Lock down later with VNET/PrivateLink (Azure) or VPC/WAF/IAM (AWS). See /learn/azure · /learn/aws.

IG & safety gates (copy into your README)

  • Data: use synthetic or de‑identified samples in examples. Avoid free‑text PHI.
  • Secrets: .env for local only; Key Vault/Secrets Manager in staging/prod.
  • Transport: enforce TLS; set Encrypt=Yes for SQL connections.
  • Access: least privilege; parameterised SQL; consider Row‑Level Security.
  • Logging: keep request/refresh logs; avoid sensitive payloads.
  • Approvals: link to DPIA/IG tickets and approvals.

CI/CD seed (GitHub Actions)

.github/workflows/ci.yml
name: CI
on: [push, pull_request]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with: { python-version: '3.11' }
      - run: pip install -r requirements.txt || true
      - run: python -m pytest -q || echo "no tests yet"
      - run: echo "✅ Smoke build complete"

Add branch protection → require status checks before merge.

Operational metrics to track

  • Latency: source load → dashboard/API refresh (target < 30 min for daily KPIs).
  • Reliability: % successful runs; validation pass rate.
  • Adoption: views per week; API call count; stakeholder list.
  • Change flow: PR lead time; review time; rollback success.
  • Cost: monthly cloud/runtime cost for the service.

Persona‑focused build guides

📊 BI Analyst
SQL view → extract → mini dashboard with refresh & definitions.

📈 Data Scientist
Feature pipeline → model → API/visualiser with guardrails.

💻 Developer
Secure KPI API + React/Next.js UI, containerised.

🔧 Data Engineer
Scheduled ETL with validations and observability.

See also: /learn/secrets · /learn/azure · /learn/aws

What’s next?

You’ve completed the Build stage. Keep momentum: