Skip to content

Commit

Permalink
[Pipelines] Pipeline use federated credential (#3036)
Browse files Browse the repository at this point in the history 
# Description


![image](https://github.com/microsoft/promptflow/assets/2208599/8d2824e8-b42a-4d1b-a83f-d1f8f97e8cdd)

It doesn't change anything about pipeline contents.

# All Promptflow Contribution checklist:
- [ ] **The pull request does not introduce [breaking changes].**
- [ ] **CHANGELOG is updated for new features, bug fixes or other
significant changes.**
- [ ] **I have read the [contribution guidelines](../CONTRIBUTING.md).**
- [ ] **Create an issue and link to the pull request to get dedicated
review from promptflow team. Learn more: [suggested
workflow](../CONTRIBUTING.md#suggested-workflow).**

## General Guidelines and Best Practices
- [ ] Title of the pull request is clear and informative.
- [ ] There are a small number of commits, each of which have an
informative message. This means that previously merged commits do not
appear in the history of the PR. For more information on cleaning up the
commits in your PR, [see this
page](https://github.com/Azure/azure-powershell/blob/master/documentation/development-docs/cleaning-up-commits.md).

### Testing Guidelines
- [ ] Pull request includes test coverage for the included changes.
  • Loading branch information
@crazygao
crazygao authored May 9, 2024
1 parent 772246f commit dcd4e96
Show file tree
Hide file tree
Showing 108 changed files with 1,926 additions and 244 deletions.
1 change: 1 addition & 0 deletions .cspell.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
"examples/flex-flows/README.md",
"examples/prompty/README.md",
"scripts/docs/_build/**",
"scripts/readme/**",
"src/promptflow-azure/promptflow/azure/_restclient/flow/**",
"src/promptflow-azure/promptflow/azure/_restclient/swagger.json",
"src/promptflow-azure/promptflow/azure/_models/**",
Expand Down
14 changes: 10 additions & 4 deletions .github/workflows/build_msi_installer.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ on:
required: false
description: 'Set the version of the private msi installer'

permissions:
id-token: write
contents: read

env:
packageSetupType: promptflow_with_extra
testWorkingDirectory: src/promptflow
Expand All @@ -29,7 +33,8 @@ jobs:
build_msi_installer:
runs-on: windows-latest
name: Build Windows MSI

environment:
internal
steps:
- name: Check input parameters
run: |
Expand Down Expand Up @@ -173,10 +178,11 @@ jobs:
msbuild /t:rebuild /p:Configuration=Release /p:Platform=x64 promptflow.wixproj
shell: pwsh

- name: Azure Login
uses: azure/login@v1
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
subscription-id: ${{secrets.AZURE_SUBSCRIPTION_ID}}
tenant-id: ${{secrets.AZURE_TENANT_ID}}
client-id: ${{secrets.AZURE_CLIENT_ID}}

- name: Download JSON file from Azure Blob Storage
id: download-json
Expand Down
17 changes: 15 additions & 2 deletions .github/workflows/promptflow-core-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,16 @@ env:
TRACING_DIRECTORY: ${{ github.workspace }}/src/promptflow-tracing
WORKING_DIRECTORY: ${{ github.workspace }}/src/promptflow-core
RECORD_DIRECTORY: ${{ github.workspace }}/src/promptflow-recording
PROMPTFLOW_DIRECTORY: ${{ github.workspace }}/src/promptflow

permissions:
id-token: write
contents: read

jobs:
core_test:
environment:
internal
strategy:
matrix:
os: [ubuntu-latest]
Expand Down Expand Up @@ -50,7 +57,9 @@ jobs:
if: github.event_name != 'pull_request'
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
subscription-id: ${{secrets.AZURE_SUBSCRIPTION_ID}}
tenant-id: ${{secrets.AZURE_TENANT_ID}}
client-id: ${{secrets.AZURE_CLIENT_ID}}
- name: generate live test resources (non pull_request workflow)
if: github.event_name != 'pull_request'
uses: "./.github/actions/step_generate_configs"
Expand All @@ -73,6 +82,8 @@ jobs:
${{ env.WORKING_DIRECTORY }}/core/htmlcov/
azureml_serving_test:
environment:
internal
strategy:
matrix:
os: [ubuntu-latest]
Expand Down Expand Up @@ -102,7 +113,9 @@ jobs:
if: github.event_name != 'pull_request'
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
subscription-id: ${{secrets.AZURE_SUBSCRIPTION_ID}}
tenant-id: ${{secrets.AZURE_TENANT_ID}}
client-id: ${{secrets.AZURE_CLIENT_ID}}
- name: generate live test resources (non pull_request workflow)
if: github.event_name != 'pull_request'
uses: "./.github/actions/step_generate_configs"
Expand Down
12 changes: 11 additions & 1 deletion .github/workflows/promptflow-executor-e2e-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,11 @@ env:
PYTHONPATH: ${{ github.workspace }}/src/promptflow
IS_IN_CI_PIPELINE: "true"
RECORD_DIRECTORY: ${{ github.workspace }}/src/promptflow-recording

permissions:
id-token: write
contents: read

jobs:
authorize:
environment:
Expand Down Expand Up @@ -76,12 +81,15 @@ jobs:
path: |
${{ github.workspace }}/src/promptflow/dist/*.whl
${{ github.workspace }}/src/promptflow-tools/dist/*.whl
executor_e2e_tests:
needs: build
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest]
environment:
internal
runs-on: ${{ matrix.os }}
steps:
- name: Set test mode
Expand Down Expand Up @@ -123,7 +131,9 @@ jobs:
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
subscription-id: ${{secrets.AZURE_SUBSCRIPTION_ID}}
tenant-id: ${{secrets.AZURE_TENANT_ID}}
client-id: ${{secrets.AZURE_CLIENT_ID}}
- name: Generate Configs
uses: "./.github/actions/step_generate_configs"
with:
Expand Down
11 changes: 9 additions & 2 deletions .github/workflows/promptflow-executor-unit-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,9 @@ on:
- src/promptflow-recording/recordings/local/executor_node_cache.*
- .github/workflows/promptflow-executor-unit-test.yml
workflow_dispatch:
permissions:
id-token: write
contents: read
env:
packageSetupType: promptflow_with_extra
testWorkingDirectory: ${{ github.workspace }}/src/promptflow
Expand Down Expand Up @@ -78,6 +81,8 @@ jobs:
${{ github.workspace }}/src/promptflow-tools/dist/*.whl
executor_unit_tests:
needs: build
environment:
internal
strategy:
fail-fast: false
matrix:
Expand Down Expand Up @@ -128,7 +133,9 @@ jobs:
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
subscription-id: ${{secrets.AZURE_SUBSCRIPTION_ID}}
tenant-id: ${{secrets.AZURE_TENANT_ID}}
client-id: ${{secrets.AZURE_CLIENT_ID}}
- name: Generate Configs
uses: "./.github/actions/step_generate_configs"
with:
Expand Down Expand Up @@ -187,4 +194,4 @@ jobs:
pythonVersion: 3.9
coverageThreshold: 50
token: ${{ secrets.GITHUB_TOKEN }}
context: test/executor_unit
context: test/executor_unit
9 changes: 8 additions & 1 deletion .github/workflows/promptflow-global-config-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@ on:
- scripts/building/**
- .github/workflows/promptflow-global-config-test.yml
workflow_dispatch:
permissions:
id-token: write
contents: read
env:
IS_IN_CI_PIPELINE: "true"
RECORD_DIRECTORY: ${{ github.workspace }}/src/promptflow-recording
Expand All @@ -33,6 +36,8 @@ jobs:
- run: true
sdk_cli_global_config_tests:
needs: authorize
environment:
internal
strategy:
fail-fast: false
matrix:
Expand Down Expand Up @@ -79,7 +84,9 @@ jobs:
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
subscription-id: ${{secrets.AZURE_SUBSCRIPTION_ID}}
tenant-id: ${{secrets.AZURE_TENANT_ID}}
client-id: ${{secrets.AZURE_CLIENT_ID}}
- name: Install Azure Login items
working-directory: ${{ env.WORKING_DIRECTORY }}
run: |
Expand Down
28 changes: 24 additions & 4 deletions .github/workflows/promptflow-release-testing-matrix.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,10 @@ env:
RECORD_DIRECTORY: ${{ github.workspace }}/src/promptflow-recording
PROMPT_FLOW_WORKSPACE_NAME: "promptflow-eastus"

permissions:
id-token: write
contents: read

jobs:
id:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -123,6 +127,8 @@ jobs:
promptflow_core_tests:
if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call' || github.event_name == 'pull_request' }}
needs: build
environment:
internal
env:
PROMPT_FLOW_TEST_MODE: "live"
WORKING_DIRECTORY: ${{ github.workspace }}/src/promptflow-core
Expand Down Expand Up @@ -150,7 +156,9 @@ jobs:
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
subscription-id: ${{secrets.AZURE_SUBSCRIPTION_ID}}
tenant-id: ${{secrets.AZURE_TENANT_ID}}
client-id: ${{secrets.AZURE_CLIENT_ID}}
- name: Generate Configs
uses: "./.github/actions/step_generate_configs"
with:
Expand Down Expand Up @@ -226,6 +234,8 @@ jobs:
promptflow_devkit_tests:
if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call' || github.event_name == 'pull_request' }}
needs: build
environment:
internal
env:
PROMPT_FLOW_TEST_MODE: "live"
WORKING_DIRECTORY: ${{ github.workspace }}/src/promptflow-devkit
Expand Down Expand Up @@ -253,7 +263,9 @@ jobs:
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
subscription-id: ${{secrets.AZURE_SUBSCRIPTION_ID}}
tenant-id: ${{secrets.AZURE_TENANT_ID}}
client-id: ${{secrets.AZURE_CLIENT_ID}}
- name: Generate Configs
uses: "./.github/actions/step_generate_configs"
with:
Expand Down Expand Up @@ -283,6 +295,8 @@ jobs:
promptflow_azure_tests:
needs: build
environment:
internal
strategy:
fail-fast: false
matrix:
Expand Down Expand Up @@ -311,7 +325,9 @@ jobs:
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
subscription-id: ${{secrets.AZURE_SUBSCRIPTION_ID}}
tenant-id: ${{secrets.AZURE_TENANT_ID}}
client-id: ${{secrets.AZURE_CLIENT_ID}}
- name: Generate Configs
uses: "./.github/actions/step_generate_configs"
with:
Expand Down Expand Up @@ -344,6 +360,8 @@ jobs:
promptflow_executor_tests:
if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call' || github.event_name == 'pull_request' }}
needs: build
environment:
internal
env:
testWorkingDirectory: src/promptflow
strategy:
Expand Down Expand Up @@ -376,7 +394,9 @@ jobs:
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
subscription-id: ${{secrets.AZURE_SUBSCRIPTION_ID}}
tenant-id: ${{secrets.AZURE_TENANT_ID}}
client-id: ${{secrets.AZURE_CLIENT_ID}}
- name: Generate Configs
uses: "./.github/actions/step_generate_configs"
with:
Expand Down
11 changes: 9 additions & 2 deletions .github/workflows/promptflow-sdk-cli-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,9 @@ on:
required: true
default: "./tests/sdk_cli_test ./tests/sdk_pfs_test"
type: string
permissions:
id-token: write
contents: read
env:
IS_IN_CI_PIPELINE: "true"
RECORD_DIRECTORY: ${{ github.workspace }}/src/promptflow-recording
Expand All @@ -33,6 +36,8 @@ jobs:
matrix:
os: [ubuntu-latest]
pythonVersion: ['3.8', '3.9', '3.10', '3.11']
environment:
internal
runs-on: ${{ matrix.os }}
steps:
- name: set test mode
Expand All @@ -58,7 +63,9 @@ jobs:
if: github.event_name != 'pull_request'
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
subscription-id: ${{secrets.AZURE_SUBSCRIPTION_ID}}
tenant-id: ${{secrets.AZURE_TENANT_ID}}
client-id: ${{secrets.AZURE_CLIENT_ID}}
- name: generate live test resources (non pull_request workflow)
if: github.event_name != 'pull_request'
uses: "./.github/actions/step_generate_configs"
Expand Down Expand Up @@ -113,4 +120,4 @@ jobs:
osVersion: ubuntu-latest
pythonVersion: 3.9
coverageThreshold: 40
context: test/sdk_cli
context: test/sdk_cli
4 changes: 4 additions & 0 deletions .github/workflows/promptflow-tracing-e2e-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@ env:
WORKING_DIRECTORY: ${{ github.workspace }}/src/promptflow-tracing
RECORD_DIRECTORY: ${{ github.workspace }}/src/promptflow-recording

permissions:
id-token: write
contents: read

jobs:
build:
runs-on: ubuntu-latest
Expand Down
32 changes: 28 additions & 4 deletions .github/workflows/samples_configuration.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,15 @@ on:
env:
IS_IN_CI_PIPELINE: "true"

permissions:
id-token: write
contents: read

jobs:
samples_configuration:
runs-on: ubuntu-latest
environment:
internal
steps:
- name: Checkout repository
uses: actions/checkout@v4
Expand All @@ -27,10 +33,6 @@ jobs:
- name: Generate config.json for production workspace
if: github.event_name != 'schedule'
run: echo '${{ secrets.EXAMPLE_WORKSPACE_CONFIG_JSON_PROD }}' > ${{ github.workspace }}/examples/config.json
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Setup Python 3.9 environment
uses: actions/setup-python@v4
with:
Expand All @@ -42,6 +44,28 @@ jobs:
pip install -r ${{ github.workspace }}/examples/dev_requirements.txt
- name: Create Aoai Connection
run: pf connection create -f ${{ github.workspace }}/examples/connections/azure_openai.yml --set api_key="${{ secrets.AOAI_API_KEY_TEST }}" api_base="${{ secrets.AOAI_API_ENDPOINT_TEST }}"
- name: Random Wait
uses: AliSajid/random-wait-action@main
with:
minimum: 1
maximum: 300
- name: Azure Login
uses: azure/login@v2
with:
subscription-id: ${{secrets.AZURE_SUBSCRIPTION_ID}}
tenant-id: ${{secrets.AZURE_TENANT_ID}}
client-id: ${{secrets.AZURE_CLIENT_ID}}
- name: Fetch OID token every 4 mins
shell: bash
run: |
while true; do
token_request=$ACTIONS_ID_TOKEN_REQUEST_TOKEN
token_uri=$ACTIONS_ID_TOKEN_REQUEST_URL
token=$(curl -H "Authorization: bearer $token_request" "${token_uri}&audience=api://AzureADTokenExchange" | jq .value -r)
az login --service-principal -u ${{secrets.AZURE_CLIENT_ID}} -t ${{secrets.AZURE_TENANT_ID}} --federated-token $token --output none
# Sleep for 4 minutes
sleep 240
done &
- name: Test Notebook
working-directory: examples
run: |
Expand Down
Loading

0 comments on commit dcd4e96

Please sign in to comment.