Skip to content

Commit

Permalink
Add demo bot code (#2)
Browse files Browse the repository at this point in the history 
* Add demo bot code

* Update rasa and rasa-plus versions to 3.7.4

* Add a secret scan CI workflow

* Add a CI file to repo

---------

Co-authored-by: OgnjenFrancuski <[email protected]>

---------

Co-authored-by: Sanchari <[email protected]>
  • Loading branch information
@OgnjenFrancuski @sanchariGr
OgnjenFrancuski and sanchariGr authored Jan 19, 2024
1 parent fc0cb45 commit 4a2bfdd
Show file tree
Hide file tree
Showing 138 changed files with 10,882 additions and 0 deletions.
174 changes: 174 additions & 0 deletions .github/workflows/continous-integration.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,174 @@
name: Continous Integration and Deployment

on:
push:
branches:
- main
pull_request:

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

env:
DEFAULT_PYTHON_VERSION: '3.9'
POETRY_VERSION: 1.4.2

jobs:
train-model:
name: Train model
runs-on: ubuntu-22.04

steps:
- name: Checkout git repository 🕝
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c

- name: Setup Python
uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b
with:
python-version: ${{ env.DEFAULT_PYTHON_VERSION }}

- name: Install poetry 🦄
uses: Gr1N/setup-poetry@15821dc8a61bc630db542ae4baf6a7c19a994844
with:
poetry-version: ${{ env.POETRY_VERSION }}

- name: Load Poetry Cached Libraries ⬇
id: cache-poetry
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
with:
path: .venv
key: ${{ runner.os }}-poetry-${{ env.POETRY_VERSION }}-${{ env.DEFAULT_PYTHON_VERSION }}-${{ hashFiles('**/poetry.lock') }}
restore-keys: ${{ runner.os }}-poetry-${{ env.DEFAULT_PYTHON_VERSION }}

- name: Create virtual environment
if: steps.cache-poetry.outputs.cache-hit != 'true'
run: python -m venv create .venv

- name: Set up virtual environment
run: poetry config virtualenvs.in-project true

# Authenticate with gcloud for release registry (where Rasa is published)
- id: "auth-release"
name: Authenticate with gcloud for release registry 🎫
uses: "google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d"
with:
token_format: 'access_token'
credentials_json: "${{ secrets.RASA_RELEASES_READ }}"

- name: Configure OAuth token for poetry
run: |
poetry config http-basic.rasa-plus oauth2accesstoken $(gcloud auth print-access-token)
- name: Install Dependencies 📦
run: |
make install
- name: Train model
env:
OPENAI_API_KEY: ${{secrets.OPENAI_API_KEY}}
RASA_PRO_LICENSE: ${{secrets.RASA_PRO_LICENSE}}
RASA_PRO_BETA_INTENTLESS: true
run: |
make train
- name: Upload model to Rasa X
id: upload_model
run: |
cd models
files=(*)
curl -k -F "model=@$files" "${{secrets.RASA_X_DEPLOYMENT}}/api/projects/default/models?api_token=${{secrets.RASA_X_TOKEN}}"
echo "model=${files%%.*}" >> "$GITHUB_OUTPUT"
- name: Tag model as production in Rasa X
if: github.ref == 'refs/heads/main'
run: |
curl --request PUT \
--url "${{secrets.RASA_X_DEPLOYMENT}}/api/projects/default/models/${{steps.upload_model.outputs.model}}/tags/production?api_token=${{secrets.RASA_X_TOKEN}} \
--header 'content-type: application/json'
- name: Persist model
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
with:
name: trained-model
path: models/${{steps.upload_model.outputs.model}}.tar.gz

run_e2e_tests:
name: Run e2e Tests
runs-on: ubuntu-22.04
needs: [train-model]

steps:
- name: Checkout git repository 🕝
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c

- name: Setup Python
uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b
with:
python-version: ${{ env.DEFAULT_PYTHON_VERSION }}

- name: Install poetry 🦄
uses: Gr1N/setup-poetry@15821dc8a61bc630db542ae4baf6a7c19a994844
with:
poetry-version: ${{ env.POETRY_VERSION }}

- name: Load Poetry Cached Libraries ⬇
id: cache-poetry
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
with:
path: .venv
key: ${{ runner.os }}-poetry-${{ env.POETRY_VERSION }}-${{ env.DEFAULT_PYTHON_VERSION }}-${{ hashFiles('**/poetry.lock') }}
restore-keys: ${{ runner.os }}-poetry-${{ env.DEFAULT_PYTHON_VERSION }}

- name: Create virtual environment
if: steps.cache-poetry.outputs.cache-hit != 'true'
run: python -m venv create .venv

- name: Set up virtual environment
run: poetry config virtualenvs.in-project true

# Authenticate with gcloud for release registry (where Rasa is published)
- id: "auth-release"
name: Authenticate with gcloud for release registry 🎫
uses: "google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d"
with:
token_format: 'access_token'
credentials_json: "${{ secrets.RASA_RELEASES_READ }}"

- name: Configure OAuth token for poetry
run: |
poetry config http-basic.rasa-plus oauth2accesstoken $(gcloud auth print-access-token)
- name: Install Dependencies 📦
run: |
make install
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
with:
name: trained-model
path: models/

- name: Init LLM Cache
id: cache-llm
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
with:
path: .rasa
key: rasa-llm-cache

- name: Run e2e passing tests
env:
OPENAI_API_KEY: ${{secrets.OPENAI_API_KEY}}
RASA_PRO_LICENSE: ${{secrets.RASA_PRO_LICENSE}}
RASA_PRO_BETA_INTENTLESS: true
run: |
make actions &
make test-passing
- name: Run e2e failing tests
env:
OPENAI_API_KEY: ${{secrets.OPENAI_API_KEY}}
RASA_PRO_LICENSE: ${{secrets.RASA_PRO_LICENSE}}
RASA_PRO_BETA_INTENTLESS: true
run: |
make actions &
make test-failing | grep '0 passed'
50 changes: 50 additions & 0 deletions .github/workflows/secret-scan-trivy.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
name: Security Checks
on: [pull_request]
jobs:
trivy:
name: Detecting hardcoded secrets
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
with:
# Fetch all history for all tags and branches
fetch-depth: '0'
- name: Run Trivy vulnerability scanner
id: trivy
uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac
continue-on-error: true
with:
format: 'table'
scan-type: 'fs'
exit-code: '1'
security-checks: 'secret'
- name: Alert on secret finding
if: steps.trivy.outcome == 'failure'
uses: slackapi/slack-github-action@936158bbe252e9a6062e793ea4609642c966e302
with:
payload: |
{
"text": "*A secret was detected in a GitHub commit in the repo ${{ github.repository }}.*\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*A secret was detected in a GitHub commit in the repo ${{ github.repository }}.*\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}"
}
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_CODESECURITY_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
- name: Fail build if a secret is found
if: steps.trivy.outcome == 'failure'
run: |
echo "=========================================================="
echo "| This build has failed because Trivy detected a secret. |"
echo "=========================================================="
echo "1. Check the step 'Run Trivy vulnerability scanner' for output to help you find the secret."
echo "2. If the finding is a false positive, add it as an entry to trivy-secret.yaml in the root of the repo to suppress the finding."
echo "3. If the finding is valid, the security team can help advise your next steps."
exit 1
137 changes: 137 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,137 @@
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
.idea/
.DS_Store
# emacs
*~

# C extensions
*.so

# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
pip-wheel-metadata/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST

# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec

# Installer logs
pip-log.txt
pip-delete-this-directory.txt

# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/

# Translations
*.mo
*.pot

# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal

# Flask stuff:
instance/
.webassets-cache

# Scrapy stuff:
.scrapy

# Sphinx documentation
docs/_build/

# PyBuilder
target/

# Jupyter Notebook
.ipynb_checkpoints

# IPython
profile_default/
ipython_config.py

# pyenv
.python-version
# asdf
.tool-versions

# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock

# PEP 582; used by e.g. github.com/David-OConnor/pyflow
__pypackages__/

# Celery stuff
celerybeat-schedule
celerybeat.pid

# SageMath parsed files
*.sage.py

# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/

# Spyder project settings
.spyderproject
.spyproject

# Rope project settings
.ropeproject

# mkdocs documentation
/site

# mypy
.mypy_cache/
.dmypy.json
dmypy.json

# Pyre type checker
.pyre/
.rasa/
models/
Loading

0 comments on commit 4a2bfdd

Please sign in to comment.