Skip to main content

Share

📢 Turn your quickstarts into something people can use — safely, consistently, and with clear ownership.
Why this page?

Sharing is where value happens. This page focuses on safe dissemination, repeatability, and lightweight release practices that NHS teams can adopt quickly.

Choose your route​

đź“Š Dashboards
Dash · Shiny · Evidence.dev
Publish an internal KPI page with refresh, definitions, and audit trail.

🔌 APIs
FastAPI · Express
Expose a KPI/model as a small, documented, authenticated endpoint.

📦 Datasets
CSV/Parquet + metadata
Export clean, versioned extracts with data definitions.

đź—‚ Code & repos
GitHub (private/public)
Share code with PR reviews, CI checks, and a security contact.

90‑minute release checklist​

  1. Package: code + README + LICENSE + .gitignore + SECURITY.md (contact).
  2. Definition of done: link to the KPI/view(s) or API spec; include owners and refresh cadence.
  3. Secrets: .env.example checked in; local .env ignored; production uses a secret store.
  4. Run script: run.ps1 or make run to reproduce end‑to‑end on a clean machine.
  5. Validation: at least two checks (row counts vs yesterday; bounds on rates). Fail loud.
  6. Artifact: static site (Evidence), dashboard URL, API base URL, or dataset location.
  7. Release note: short “what changed” with a date, link to PR, and rollback note.

Tip: keep your first share tiny — one KPI page, one API endpoint, or one dataset. Iterate weekly.

Distribution patterns​

Intranet / on‑prem (reverse proxy)​

  • Host Dash/Shiny behind IIS or NGINX with TLS and SSO (Azure AD).
  • Restrict to staff networks; log access; avoid free‑text PHI in responses.

Azure​

  • Dash/API → App Service or Container Apps.
  • Secrets → Key Vault via Managed Identity.
  • Private access → VNET integration, Private Endpoints for SQL/Key Vault.
  • See: /learn/azure.

AWS​

  • Dash/API → App Runner (no servers) or ECS Fargate.
  • Secrets → Secrets Manager (env injection or SDK).
  • Private access → VPC, Security Groups, optional WAF.
  • See: /learn/aws.

IG & safety gates (copy into your README)​

  • Data: use synthetic/de‑identified samples in examples; apply suppression for small numbers.
  • Transport: enforce TLS; set Encrypt=Yes in SQL connection strings.
  • Access: least privilege; parameterised SQL; consider Row‑Level Security for shared views.
  • Secrets: never in code or git. Use Key Vault / Secrets Manager in non‑dev.
  • Logging: record refresh/API calls; avoid sensitive payloads.
  • Approvals: link to DPIA/IG tickets and approvals; list data owners and SLAs.

Lightweight release notes (template)​

# Release: KPI Dashboard v0.2 — 2025‑08‑10

**What changed**
- Added DNA rate chart and “data last updated” badge.

**Owner**: BI Team — bi.team@trust.nhs.uk  
**Data source**: dbo.vw_PracticeKPI (owner: Data Engineering)  
**Refresh**: daily 03:00

**Validation**
- Row count Δ within ±5% of yesterday
- Attendance rate bounds 0–1

**Rollback**
- Revert PR #123; previous static build available at /releases/v0.1

Measure what matters​

  • Adoption: dashboard views / API calls per week; feedback tickets resolved.
  • Reliability: % successful refreshes; validation pass rate; time to fix.
  • Latency: source load → visible update (target < 30 min for daily KPIs).
  • Compliance: secrets in store, TLS enforced, audit trail present.

What’s next?

You’ve completed the Share stage. Keep momentum: