ci: add security analysis action (#145) #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Evaluate Chat Relevance, Fluency, Coherence, and Groundedness | |
| on: | |
| workflow_dispatch: | |
| push: | |
| # Run when commits are pushed to mainline branch (main or master) | |
| # Set this to the mainline branch you are using | |
| branches: | |
| - main | |
| - azd | |
| # Set up permissions for deploying with secretless Azure federated credentials | |
| # https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux#set-up-azure-login-with-openid-connect-authentication | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| evaluate: | |
| runs-on: ubuntu-latest | |
| env: | |
| AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
| AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
| AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} | |
| AZURE_OPENAI_ENDPOINT: ${{ secrets.AZURE_OPENAI_ENDPOINT }} | |
| AZURE_OPENAI_API_VERSION: ${{ secrets.AZURE_OPENAI_API_VERSION }} | |
| AZURE_DEPLOYMENT_NAME: "gpt-4" | |
| AZURE_EMBEDDING_NAME: "text-embedding-ada-002" | |
| COSMOS_ENDPOINT: "${{ secrets.CONTOSO_SEARCH_ENDPOINT }}" | |
| AZURE_SEARCH_ENDPOINT: "${{ secrets.AZURE_SEARCH_ENDPOINT }}" | |
| steps: | |
| - name: checkout repo content | |
| uses: actions/checkout@v4 # checkout the repository content | |
| - name: setup python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.10' # install the python version needed | |
| - name: install python packages | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| - name: install promptflow dev bits | |
| run: | | |
| # unstall old promptflow | |
| pip uninstall -y promptflow promptflow-azure promptflow-core promptflow-devkit promptflow-tools promptflow-evals | |
| # install dev packages | |
| pip install promptflow-evals==0.2.0.dev125831637 --extra-index-url https://azuremlsdktestpypi.azureedge.net/promptflow | |
| pip install azure_ai_ml==1.16.0a20240501004 --extra-index-url https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-python/pypi/simple/ | |
| pip install azure-cli | |
| pip install bs4 | |
| pip install ipykernel | |
| pip install azure-cosmos==4.6.0 | |
| pip install azure-search-documents==11.4.0 | |
| pf version | |
| - name: Azure login | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ env.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ env.AZURE_TENANT_ID }} | |
| subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }} | |
| - name: Set az account | |
| uses: azure/CLI@v2 | |
| with: | |
| inlineScript: | | |
| az account set --subscription ${{env.AZURE_SUBSCRIPTION_ID}} | |
| - name: Set Promptflow config | |
| run: | | |
| pf config set trace.destination=azureml://subscriptions/${{ env.AZURE_SUBSCRIPTION_ID }}/resourceGroups/rg-${{ vars.AZURE_ENV_NAME }}/providers/Microsoft.MachineLearningServices/workspaces/${{ vars.ML_WORKSPACE_NAME }} | |
| - name: evaluate chat data using the eval sdk | |
| working-directory: ./evaluations | |
| run: | | |
| python evaluations_chat.py | |
| - name: Upload eval results as build artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: eval_result | |
| path: ./evaluations/eval_result.jsonl | |
| - name: GitHub Summary Step | |
| if: ${{ success() }} | |
| working-directory: ./evaluations | |
| run: | | |
| studio_url=$(cat studio_url.txt) | |
| echo $studio_url | |
| echo "🔗 [View in Azure Studio Here]($studio_url)" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "📊 Promptflow Evaluation Results" >> $GITHUB_STEP_SUMMARY | |
| cat eval_result.md >> $GITHUB_STEP_SUMMARY | |