Merge pull request #20 from Azure-Samples/azd-updates

azd refactoring, env var updates, add azure search

.devcontainer/devcontainer.json

@@ -11,7 +11,8 @@
 		"ghcr.io/devcontainers/features/azure-cli:1": {},
 		"ghcr.io/devcontainers/features/docker-in-docker:2": {},
 		"ghcr.io/devcontainers/features/kubectl-helm-minikube:1": {},
-		"ghcr.io/devcontainers/features/node:1": {}
+		"ghcr.io/devcontainers/features/node:1": {},
+		"ghcr.io/devcontainers/features/github-cli:1": {}
 	},
 	"customizations": {
 		"vscode": {

.github/workflows/azure-bicep-validate.yaml

@@ -0,0 +1,43 @@
+name: Bicep scripts
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - master
+  pull_request:
+    branches:
+      - main
+      - master
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout PR
+        if: ${{ github.event_name == 'pull_request'}}
+        uses: actions/checkout@v3
+        with:
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          ref: ${{ github.event.pull_request.head.ref }}
+
+      - name: Checkout branch
+        if: ${{ github.event_name == 'push'}}
+        uses: actions/checkout@v2
+
+      - name: Build Bicep
+        uses: azure/CLI@v1
+        with:
+          inlineScript: az bicep build -f infra/main.bicep
+
+      - name: Format Bicep
+        uses: azure/CLI@v1
+        with:
+          inlineScript: az bicep format -f infra/main.bicep
+
+      - name: Add updated Bicep files to commit
+        uses: EndBug/add-and-commit@v9
+        with:
+          message: 'Update Bicep files'
+          add: '*.bicep'

.github/workflows/azure-dev-validation.yaml

@@ -0,0 +1,36 @@
+name: Validate AZD template
+on:
+  push:
+    branches: [ main ]
+    paths:
+      - "infra/**"
+  pull_request:
+    branches: [ main ]
+    paths:
+      - "infra/**"
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build Bicep for linting
+        uses: azure/CLI@v1
+        with:
+          inlineScript: az config set bicep.use_binary_from_path=false && az bicep build -f infra/main.bicep --stdout
+
+      - name: Run Microsoft Security DevOps Analysis
+        uses: microsoft/security-devops-action@preview
+        id: msdo
+        continue-on-error: true
+        with:
+          tools: templateanalyzer
+
+      - name: Upload alerts to Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        if: github.repository == 'Azure-Samples/chat-rag-openai-csharp-prompty'
+        with:
+          sarif_file: ${{ steps.msdo.outputs.sarifFile }}

.github/workflows/azure-dev.yml

@@ -0,0 +1,69 @@
+on:
+  workflow_dispatch:
+  push:
+    # Run when commits are pushed to mainline branch (main or master)
+    # Set this to the mainline branch you are using
+    branches:
+      - main
+      - master
+
+# GitHub Actions workflow to deploy to Azure using azd
+# To configure required secrets for connecting to Azure, simply run `azd pipeline config`
+
+# Set up permissions for deploying with secretless Azure federated credentials
+# https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux#set-up-azure-login-with-openid-connect-authentication
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
+      AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
+      AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+      AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Install azd
+        uses: Azure/[email protected]
+
+      - name: Log in with Azure (Federated Credentials)
+        if: ${{ env.AZURE_CLIENT_ID != '' }}
+        run: |
+          azd auth login `
+            --client-id "$Env:AZURE_CLIENT_ID" `
+            --federated-credential-provider "github" `
+            --tenant-id "$Env:AZURE_TENANT_ID"
+        shell: pwsh
+
+      - name: Log in with Azure (Client Credentials)
+        if: ${{ env.AZURE_CREDENTIALS != '' }}
+        run: |
+          $info = $Env:AZURE_CREDENTIALS | ConvertFrom-Json -AsHashtable;
+          Write-Host "::add-mask::$($info.clientSecret)"
+
+          azd auth login `
+            --client-id "$($info.clientId)" `
+            --client-secret "$($info.clientSecret)" `
+            --tenant-id "$($info.tenantId)"
+        shell: pwsh
+        env:
+          AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Provision Infrastructure
+        run: azd provision --no-prompt
+        env:
+          AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
+          AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
+          AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Deploy Application
+        run: azd deploy --no-prompt
+        env:
+          AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
+          AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
+          AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}

README.md

@@ -67,7 +67,10 @@ To ensure best practices in your repo we recommend anyone creating solutions bas
 - **GitHub Account** - [Signup for a free account.](https://github.com/signup)
 - **Access to Azure Open AI Services** - [Learn about getting access.](https://learn.microsoft.com/legal/cognitive-services/openai/limited-access)
 - **Ability to provision Azure AI Search (Paid)** - Required for Semantic Ranker
-- **Service Region Selection** - We recommend using East US 2
+- **Terrafrom** - Install terraform to run deployments
+- **Docker Desktop** - Install Docker Desktop to run deployments
+- **Recommended Deployment Region** - East US 2 is the recommened region for this deployment. Not all models and services are available for each region. Learn more [here](https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models#model-summary-table-and-region-availability).
+
 
 ## Step 1: Development Environment
 

azure.yaml

@@ -1,8 +1,8 @@
 # yaml-language-server: $schema=https://raw.githubusercontent.com/Azure/azure-dev/main/schemas/v1.0/azure.yaml.json
 
-name: klug
+name: creativeagent
 metadata:
-  template: klug@0.0.1-beta
+  template: creativeagent@0.0.1-beta
 services:
   api:
     project: ./src/api

infra/aks_openai.tf

@@ -0,0 +1,7 @@
+resource "azurerm_role_assignment" "cog_user_role" {
+  count                            = try(local.is_default_workspace ? 0 : 1, 0)
+  principal_id                     = azurerm_kubernetes_cluster.aks[0].kubelet_identity[0].object_id
+  role_definition_name             = "Cognitive Services OpenAI User"
+  scope                            = azurerm_container_registry.acr[0].id
+  skip_service_principal_aad_check = true
+}

infra/hooks/preprovision.sh

@@ -50,5 +50,4 @@ TF_WORKSPACE_DIR="${GITHUB_WORKSPACE:+$GITHUB_WORKSPACE/}.azure/${AZURE_ENV_NAME
 mkdir -p "$TF_WORKSPACE_DIR"
 
 # Use the variable with the terraform command
-terraform -chdir="$TF_WORKSPACE_DIR" workspace select -or-create "$WORKSPACE"
-
+terraform -chdir="$TF_WORKSPACE_DIR" workspace select -or-create "$WORKSPACE"

infra/manifests/api/config.tmpl.yaml

@@ -10,4 +10,8 @@ data:
   AZURE_OPENAI_DEPLOYMENT_NAME: {{.Env.AZURE_OPENAI_DEPLOYMENT_NAME}}
   BING_SEARCH_ENDPOINT: {{.Env.BING_SEARCH_ENDPOINT}}
   BING_SEARCH_KEY: {{.Env.BING_SEARCH_KEY}}
+  AZURE_SEARCH_ENDPOINT: {{.Env.AZURE_SEARCH_ENDPOINT}}
+  AZURE_SEARCH_API_KEY: {{.Env.AZURE_SEARCH_API_KEY}}
+  AZURE_SEARCH_INDEX_NAME: {{.Env.AZURE_SEARCH_INDEX_NAME}}
+  VECTORDB_TYPE: {{.Env.VECTORDB_TYPE}}
 

infra/manifests/api/deployment.tmpl.yaml

@@ -34,10 +34,18 @@ spec:
               value: {{.Env.BING_SEARCH_ENDPOINT}}
             - name: BING_SEARCH_KEY
               value: {{.Env.BING_SEARCH_KEY}}
+            - name: AZURE_SEARCH_ENDPOINT
+              value: {{.Env.AZURE_SEARCH_ENDPOINT}}
+            - name: AZURE_SEARCH_API_KEY
+              value: {{.Env.AZURE_SEARCH_API_KEY}}
+            - name: AZURE_SEARCH_INDEX_NAME
+              value: {{.Env.AZURE_SEARCH_INDEX_NAME}}
+            - name: VECTORDB_TYPE
+              value: {{.Env.VECTORDB_TYPE}}
           resources:
             requests:
               memory: "256Mi"
               cpu: "1000m" 
             limits:
-              memory: "512Mi"
+              memory: "1024Mi"
               cpu: "2000m" 

infra/openai.tf

@@ -46,3 +46,19 @@ resource "azurerm_cognitive_deployment" "gpt35_deployment" {
     capacity = var.openai_35_turbo_model_capacity
   }
 }
+
+resource "azurerm_cognitive_deployment" "embedding_deployment" {
+  name                 = var.openai_embedding_model_name
+  cognitive_account_id = azurerm_cognitive_account.cog.id
+
+  model {
+    format  = "OpenAI"
+    name    = var.openai_embedding_model_name
+    version = var.openai_embedding_model_version
+  }
+
+  scale {
+    type     = "Standard"
+    capacity = var.openai_embedding_model_capacity
+  }
+}

infra/outputs.tf

@@ -70,6 +70,22 @@ output "AZURE_RESOURCE_GROUP" {
 output "AZURE_TENANT_ID" {
   value = data.azurerm_client_config.current.tenant_id
 }
+output "AZURE_SEARCH_ENDPOINT" {
+  value = "https://${azurerm_search_service.search.name}.search.windows.net"
+}
+
+output "AZURE_SEARCH_INDEX_NAME" {
+  value = var.search_index_name
+}
+
+output "AZURE_SEARCH_API_KEY" {
+  value     = azurerm_search_service.search.primary_key
+  sensitive = true
+}
+
+output "VECTORDB_TYPE" {
+  value = var.vectordb_type
+}
 
 output "BING_SEARCH_ENDPOINT" {
   value = jsondecode(azapi_resource.bing.output).properties.endpoint

infra/search.tf

@@ -0,0 +1,17 @@
+resource "azurecaf_name" "search_name" {
+  name          = local.resource_token
+  resource_type = "azurerm_search_service"
+  random_length = 0
+  clean_input   = true
+}
+
+resource "azurerm_search_service" "search" {
+  name                = azurecaf_name.search_name.result
+  resource_group_name = azurerm_resource_group.rg.name
+  location            = var.location
+  sku                 = "basic"
+
+  local_authentication_enabled = true
+  authentication_failure_mode  = "http403"
+  semantic_search_sku = "free"
+}

infra/tfstate/outputs.tf

@@ -8,4 +8,4 @@ output "RS_CONTAINER_NAME" {
 
 output "RS_RESOURCE_GROUP" {
   value = azurerm_resource_group.rg.name
-}
+}

infra/variables.tf

@@ -28,7 +28,7 @@ variable "openai_model_name" {
 variable "openai_model_version" {
   description = "value of azure openai model version"
   type        = string
-  default     = "vision-preview"
+  default     = "1106-Preview"
 }
 
 variable "openai_model_capacity" {
@@ -46,7 +46,7 @@ variable "openai_35_turbo_model_name" {
 variable "openai_35_turbo_model_version" {
   description = "value of azure openai model version"
   type        = string
-  default     = "1106"
+  default     = "0613"
 }
 
 variable "openai_35_turbo_model_capacity" {
@@ -55,12 +55,41 @@ variable "openai_35_turbo_model_capacity" {
   default     = 30
 }
 
+variable "openai_embedding_model_name" {
+  description = "value of azure openai model name"
+  type        = string
+  default     = "text-embedding-ada-002"
+}
+
+variable "openai_embedding_model_version" {
+  description = "value of azure openai model version"
+  type        = string
+  default     = "2"
+}
+
+variable "openai_embedding_model_capacity" {
+  description = "value of azure openai model capacity"
+  type        = number
+  default     = 30
+}
+
+
 variable "openai_api_version" {
   description = "value of azure openai api version"
   type        = string
   default     = "2023-12-01-preview"
 }
+variable "search_index_name" {
+  description = "value of search index name"
+  type        = string
+  default     = "docs"
+}
 
+variable "vectordb_type" {
+  description = "value of vectordb type"
+  type        = string
+  default     = "azure_search"
+}
 variable "k8s_namespace" {
   description = "value of kubernetes namespace"
   type        = string

src/api/api/agents/designer/designer.prompty

@@ -8,7 +8,7 @@ model:
   api: chat
   configuration:
         type: azure_openai
-        azure_deployment: ${env:AZURE_DEPLOYMENT_NAME}
+        azure_deployment: ${env:AZURE_OPENAI_DEPLOYMENT_NAME}
         api_key: ${env:AZURE_OPENAI_API_KEY"}
         api_version: ${env:AZURE_OPENAI_API_VERSION}
         azure_endpoint: ${env:AZURE_OPENAI_ENDPOINT}

src/api/api/agents/designer/designer.py

@@ -7,7 +7,7 @@
 def design(context, instructions, feedback):
     # Load prompty with AzureOpenAIModelConfiguration override
     configuration = AzureOpenAIModelConfiguration(
-        azure_deployment=os.getenv("AZURE_DEPLOYMENT_NAME"),
+        azure_deployment=os.getenv("AZURE_OPENAI_DEPLOYMENT_NAME"),
         api_key=os.getenv("AZURE_OPENAI_API_KEY"),
         api_version=os.getenv("AZURE_OPENAI_API_VERSION"),
         azure_endpoint=os.getenv("AZURE_OPENAI_ENDPOINT")

src/api/api/agents/editor/editor.py

@@ -14,7 +14,7 @@ def edit(article, feedback):
 
     # Load prompty with AzureOpenAIModelConfiguration override
     configuration = AzureOpenAIModelConfiguration(
-        azure_deployment=os.getenv("AZURE_DEPLOYMENT_NAME"),
+        azure_deployment=os.getenv("AZURE_OPENAI_DEPLOYMENT_NAME"),
         api_key=os.getenv("AZURE_OPENAI_API_KEY"),
         api_version=os.getenv("AZURE_OPENAI_API_VERSION"),
     )