agentops-accelerator 0.3.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- agentops/__init__.py +10 -0
- agentops/__main__.py +6 -0
- agentops/agent/__init__.py +12 -0
- agentops/agent/_legacy_ids.py +92 -0
- agentops/agent/analyzer.py +207 -0
- agentops/agent/checks/__init__.py +1 -0
- agentops/agent/checks/catalog.py +880 -0
- agentops/agent/checks/errors.py +279 -0
- agentops/agent/checks/foundry_config.py +75 -0
- agentops/agent/checks/latency.py +84 -0
- agentops/agent/checks/opex.py +157 -0
- agentops/agent/checks/opex_workspace.py +874 -0
- agentops/agent/checks/posture.py +36 -0
- agentops/agent/checks/posture_rules/__init__.py +53 -0
- agentops/agent/checks/posture_rules/content_filter.py +59 -0
- agentops/agent/checks/posture_rules/diagnostics.py +74 -0
- agentops/agent/checks/posture_rules/local_auth.py +55 -0
- agentops/agent/checks/posture_rules/managed_identity.py +59 -0
- agentops/agent/checks/posture_rules/network.py +68 -0
- agentops/agent/checks/regression.py +78 -0
- agentops/agent/checks/release_readiness.py +182 -0
- agentops/agent/checks/safety.py +247 -0
- agentops/agent/checks/spec_conformance.py +375 -0
- agentops/agent/cockpit.py +5159 -0
- agentops/agent/config.py +240 -0
- agentops/agent/findings.py +113 -0
- agentops/agent/history.py +142 -0
- agentops/agent/knowledge/__init__.py +182 -0
- agentops/agent/knowledge/waf-checklist.csv +39 -0
- agentops/agent/llm_assist/__init__.py +16 -0
- agentops/agent/llm_assist/_base.py +124 -0
- agentops/agent/llm_assist/_bundle_rule.py +154 -0
- agentops/agent/llm_assist/_client.py +347 -0
- agentops/agent/llm_assist/_dataset_rules.py +191 -0
- agentops/agent/llm_assist/_engine.py +106 -0
- agentops/agent/llm_assist/_prompt_rules.py +291 -0
- agentops/agent/llm_assist/_spec_rules.py +235 -0
- agentops/agent/production_telemetry.py +430 -0
- agentops/agent/report.py +207 -0
- agentops/agent/server/__init__.py +1 -0
- agentops/agent/server/app.py +84 -0
- agentops/agent/server/auth.py +94 -0
- agentops/agent/server/chat.py +44 -0
- agentops/agent/server/protocol.py +72 -0
- agentops/agent/sources/__init__.py +1 -0
- agentops/agent/sources/azure_monitor.py +523 -0
- agentops/agent/sources/azure_resources.py +602 -0
- agentops/agent/sources/foundry_control.py +174 -0
- agentops/agent/sources/results_history.py +494 -0
- agentops/agent/sources/spec_detectors/__init__.py +42 -0
- agentops/agent/sources/spec_detectors/_base.py +58 -0
- agentops/agent/sources/spec_detectors/agents_md.py +75 -0
- agentops/agent/sources/spec_detectors/spec_kit.py +172 -0
- agentops/agent/time_range.py +117 -0
- agentops/cli/__init__.py +1 -0
- agentops/cli/app.py +4823 -0
- agentops/core/__init__.py +1 -0
- agentops/core/agentops_config.py +592 -0
- agentops/core/config_loader.py +22 -0
- agentops/core/evaluators.py +480 -0
- agentops/core/release_evidence.py +56 -0
- agentops/core/results.py +117 -0
- agentops/mcp/__init__.py +10 -0
- agentops/mcp/server.py +232 -0
- agentops/pipeline/__init__.py +8 -0
- agentops/pipeline/cloud_results.py +189 -0
- agentops/pipeline/cloud_runner.py +901 -0
- agentops/pipeline/comparison.py +108 -0
- agentops/pipeline/diagnostics.py +51 -0
- agentops/pipeline/invocations.py +535 -0
- agentops/pipeline/official_eval.py +414 -0
- agentops/pipeline/orchestrator.py +775 -0
- agentops/pipeline/prompt_deploy.py +377 -0
- agentops/pipeline/publisher.py +121 -0
- agentops/pipeline/reporter.py +202 -0
- agentops/pipeline/runtime.py +409 -0
- agentops/pipeline/thresholds.py +84 -0
- agentops/services/__init__.py +1 -0
- agentops/services/cicd.py +720 -0
- agentops/services/eval_analysis.py +848 -0
- agentops/services/evidence_pack.py +757 -0
- agentops/services/initializer.py +86 -0
- agentops/services/preflight.py +470 -0
- agentops/services/setup_wizard.py +709 -0
- agentops/services/skills.py +643 -0
- agentops/services/trace_promotion.py +300 -0
- agentops/services/workflow_analysis.py +1129 -0
- agentops/templates/.gitignore +15 -0
- agentops/templates/__init__.py +1 -0
- agentops/templates/agent-server/Dockerfile +23 -0
- agentops/templates/agent-server/README.md +61 -0
- agentops/templates/agent-server/main.bicep +94 -0
- agentops/templates/agent.yaml +87 -0
- agentops/templates/agentops.yaml +58 -0
- agentops/templates/foundry.svg +71 -0
- agentops/templates/icon.png +0 -0
- agentops/templates/pipelines/azuredevops/agentops-deploy-dev-azd.yml +118 -0
- agentops/templates/pipelines/azuredevops/agentops-deploy-dev.yml +73 -0
- agentops/templates/pipelines/azuredevops/agentops-deploy-prod-azd.yml +141 -0
- agentops/templates/pipelines/azuredevops/agentops-deploy-prod.yml +94 -0
- agentops/templates/pipelines/azuredevops/agentops-deploy-prompt-agent.yml +167 -0
- agentops/templates/pipelines/azuredevops/agentops-deploy-qa-azd.yml +118 -0
- agentops/templates/pipelines/azuredevops/agentops-deploy-qa.yml +68 -0
- agentops/templates/pipelines/azuredevops/agentops-pr-prompt-agent.yml +210 -0
- agentops/templates/pipelines/azuredevops/agentops-pr.yml +155 -0
- agentops/templates/pipelines/azuredevops/agentops-watchdog.yml +106 -0
- agentops/templates/project.gitignore +36 -0
- agentops/templates/sample-traces.jsonl +3 -0
- agentops/templates/skills/agentops-agent/SKILL.md +137 -0
- agentops/templates/skills/agentops-config/SKILL.md +113 -0
- agentops/templates/skills/agentops-dataset/SKILL.md +84 -0
- agentops/templates/skills/agentops-eval/SKILL.md +189 -0
- agentops/templates/skills/agentops-report/SKILL.md +71 -0
- agentops/templates/skills/agentops-workflow/SKILL.md +471 -0
- agentops/templates/smoke.jsonl +3 -0
- agentops/templates/waf-checklist.README.md +84 -0
- agentops/templates/waf-checklist.csv +22 -0
- agentops/templates/workflows/agentops-deploy-dev-azd.yml +166 -0
- agentops/templates/workflows/agentops-deploy-dev.yml +187 -0
- agentops/templates/workflows/agentops-deploy-prod-azd.yml +183 -0
- agentops/templates/workflows/agentops-deploy-prod.yml +171 -0
- agentops/templates/workflows/agentops-deploy-prompt-agent.yml +197 -0
- agentops/templates/workflows/agentops-deploy-qa-azd.yml +156 -0
- agentops/templates/workflows/agentops-deploy-qa.yml +145 -0
- agentops/templates/workflows/agentops-pr-prompt-agent.yml +210 -0
- agentops/templates/workflows/agentops-pr.yml +148 -0
- agentops/templates/workflows/agentops-watchdog.yml +122 -0
- agentops/utils/__init__.py +1 -0
- agentops/utils/azd_env.py +435 -0
- agentops/utils/azure_endpoints.py +62 -0
- agentops/utils/colors.py +47 -0
- agentops/utils/dotenv_loader.py +105 -0
- agentops/utils/foundry_discovery.py +229 -0
- agentops/utils/logging.py +59 -0
- agentops/utils/telemetry.py +554 -0
- agentops/utils/yaml.py +36 -0
- agentops_accelerator-0.3.0.dist-info/METADATA +278 -0
- agentops_accelerator-0.3.0.dist-info/RECORD +142 -0
- agentops_accelerator-0.3.0.dist-info/WHEEL +5 -0
- agentops_accelerator-0.3.0.dist-info/entry_points.txt +2 -0
- agentops_accelerator-0.3.0.dist-info/licenses/LICENSE +21 -0
- agentops_accelerator-0.3.0.dist-info/top_level.txt +1 -0
|
@@ -0,0 +1,166 @@
|
|
|
1
|
+
# AgentOps - Deploy to DEV with azd
|
|
2
|
+
#
|
|
3
|
+
# agentops:deploy-mode=azd
|
|
4
|
+
#
|
|
5
|
+
# Runs on push to develop. Delegates infrastructure and app deployment to
|
|
6
|
+
# Azure Developer CLI. AgentOps only gates quality; azd owns provision,
|
|
7
|
+
# deployment packaging, and any hooks declared in azure.yaml.
|
|
8
|
+
#
|
|
9
|
+
# Generated by `agentops workflow generate --deploy-mode azd`.
|
|
10
|
+
|
|
11
|
+
name: AgentOps Deploy (DEV)
|
|
12
|
+
|
|
13
|
+
on:
|
|
14
|
+
push:
|
|
15
|
+
branches:
|
|
16
|
+
- develop
|
|
17
|
+
workflow_dispatch:
|
|
18
|
+
inputs:
|
|
19
|
+
config:
|
|
20
|
+
description: "Path to agentops.yaml (defaults to ./agentops.yaml at repo root)"
|
|
21
|
+
required: false
|
|
22
|
+
default: "agentops.yaml"
|
|
23
|
+
provision:
|
|
24
|
+
description: "Run azd provision before deploy"
|
|
25
|
+
required: false
|
|
26
|
+
type: boolean
|
|
27
|
+
default: true
|
|
28
|
+
|
|
29
|
+
permissions:
|
|
30
|
+
contents: read
|
|
31
|
+
id-token: write
|
|
32
|
+
packages: write
|
|
33
|
+
|
|
34
|
+
concurrency:
|
|
35
|
+
group: agentops-deploy-dev-${{ github.ref }}
|
|
36
|
+
cancel-in-progress: false
|
|
37
|
+
|
|
38
|
+
jobs:
|
|
39
|
+
provision:
|
|
40
|
+
name: azd provision (DEV)
|
|
41
|
+
runs-on: ubuntu-latest
|
|
42
|
+
environment: dev
|
|
43
|
+
timeout-minutes: 45
|
|
44
|
+
steps:
|
|
45
|
+
- name: Checkout
|
|
46
|
+
uses: actions/checkout@v6
|
|
47
|
+
|
|
48
|
+
- name: Set up azd
|
|
49
|
+
uses: Azure/setup-azd@v2
|
|
50
|
+
|
|
51
|
+
- name: Azure login (OIDC)
|
|
52
|
+
uses: azure/login@v3
|
|
53
|
+
with:
|
|
54
|
+
client-id: ${{ vars.AZURE_CLIENT_ID }}
|
|
55
|
+
tenant-id: ${{ vars.AZURE_TENANT_ID }}
|
|
56
|
+
subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
|
|
57
|
+
|
|
58
|
+
- name: Prepare azd environment
|
|
59
|
+
env:
|
|
60
|
+
AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME || 'dev' }}
|
|
61
|
+
AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
|
|
62
|
+
run: |
|
|
63
|
+
test -f azure.yaml || {
|
|
64
|
+
echo "::error file=azure.yaml::No azure.yaml found. Ask your coding agent to generate a zero-trust azd deployment, then re-run this workflow."
|
|
65
|
+
exit 1
|
|
66
|
+
}
|
|
67
|
+
azd env new "$AZURE_ENV_NAME" --no-prompt --subscription "${{ vars.AZURE_SUBSCRIPTION_ID }}" ${AZURE_LOCATION:+--location "$AZURE_LOCATION"} \
|
|
68
|
+
|| azd env select "$AZURE_ENV_NAME"
|
|
69
|
+
azd env set AZURE_SUBSCRIPTION_ID "${{ vars.AZURE_SUBSCRIPTION_ID }}"
|
|
70
|
+
if [ -n "$AZURE_LOCATION" ]; then
|
|
71
|
+
azd env set AZURE_LOCATION "$AZURE_LOCATION"
|
|
72
|
+
fi
|
|
73
|
+
|
|
74
|
+
- name: Run azd provision
|
|
75
|
+
env:
|
|
76
|
+
AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME || 'dev' }}
|
|
77
|
+
run: |
|
|
78
|
+
SHOULD_PROVISION="true"
|
|
79
|
+
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
|
|
80
|
+
SHOULD_PROVISION="${{ inputs.provision }}"
|
|
81
|
+
fi
|
|
82
|
+
if [ "$SHOULD_PROVISION" = "true" ]; then
|
|
83
|
+
__AILZ_PREFLIGHT_COMMAND__
|
|
84
|
+
azd provision --no-prompt
|
|
85
|
+
else
|
|
86
|
+
echo "Skipping azd provision by workflow input."
|
|
87
|
+
fi
|
|
88
|
+
|
|
89
|
+
eval:
|
|
90
|
+
name: Eval (gate)
|
|
91
|
+
needs: provision
|
|
92
|
+
runs-on: ubuntu-latest
|
|
93
|
+
timeout-minutes: 30
|
|
94
|
+
steps:
|
|
95
|
+
- name: Checkout
|
|
96
|
+
uses: actions/checkout@v6
|
|
97
|
+
|
|
98
|
+
- name: Azure login (OIDC)
|
|
99
|
+
uses: azure/login@v3
|
|
100
|
+
with:
|
|
101
|
+
client-id: ${{ vars.AZURE_CLIENT_ID }}
|
|
102
|
+
tenant-id: ${{ vars.AZURE_TENANT_ID }}
|
|
103
|
+
subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
|
|
104
|
+
|
|
105
|
+
- name: Set up Python
|
|
106
|
+
uses: actions/setup-python@v6
|
|
107
|
+
with:
|
|
108
|
+
python-version: "3.11"
|
|
109
|
+
|
|
110
|
+
- name: Install uv
|
|
111
|
+
uses: astral-sh/setup-uv@v7
|
|
112
|
+
with:
|
|
113
|
+
enable-cache: false
|
|
114
|
+
|
|
115
|
+
- name: Install AgentOps Toolkit
|
|
116
|
+
run: |
|
|
117
|
+
uv pip install --system "agentops-accelerator[foundry] @ git+https://github.com/Azure/agentops.git@main"
|
|
118
|
+
|
|
119
|
+
__EVAL_STEPS__
|
|
120
|
+
|
|
121
|
+
- name: Upload AgentOps results
|
|
122
|
+
if: always()
|
|
123
|
+
uses: actions/upload-artifact@v7
|
|
124
|
+
with:
|
|
125
|
+
name: agentops-dev-results
|
|
126
|
+
path: |
|
|
127
|
+
__EVAL_ARTIFACT_PATHS__
|
|
128
|
+
if-no-files-found: warn
|
|
129
|
+
|
|
130
|
+
deploy:
|
|
131
|
+
name: azd deploy (DEV)
|
|
132
|
+
needs: eval
|
|
133
|
+
runs-on: ubuntu-latest
|
|
134
|
+
environment: dev
|
|
135
|
+
timeout-minutes: 45
|
|
136
|
+
steps:
|
|
137
|
+
- name: Checkout
|
|
138
|
+
uses: actions/checkout@v6
|
|
139
|
+
|
|
140
|
+
- name: Set up azd
|
|
141
|
+
uses: Azure/setup-azd@v2
|
|
142
|
+
|
|
143
|
+
- name: Azure login (OIDC)
|
|
144
|
+
uses: azure/login@v3
|
|
145
|
+
with:
|
|
146
|
+
client-id: ${{ vars.AZURE_CLIENT_ID }}
|
|
147
|
+
tenant-id: ${{ vars.AZURE_TENANT_ID }}
|
|
148
|
+
subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
|
|
149
|
+
|
|
150
|
+
- name: Run azd deploy
|
|
151
|
+
env:
|
|
152
|
+
AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME || 'dev' }}
|
|
153
|
+
AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
|
|
154
|
+
run: |
|
|
155
|
+
test -f azure.yaml || {
|
|
156
|
+
echo "::error file=azure.yaml::No azure.yaml found. Ask your coding agent to generate a zero-trust azd deployment, then re-run this workflow."
|
|
157
|
+
exit 1
|
|
158
|
+
}
|
|
159
|
+
azd env new "$AZURE_ENV_NAME" --no-prompt --subscription "${{ vars.AZURE_SUBSCRIPTION_ID }}" ${AZURE_LOCATION:+--location "$AZURE_LOCATION"} \
|
|
160
|
+
|| azd env select "$AZURE_ENV_NAME"
|
|
161
|
+
azd env set AZURE_SUBSCRIPTION_ID "${{ vars.AZURE_SUBSCRIPTION_ID }}"
|
|
162
|
+
if [ -n "$AZURE_LOCATION" ]; then
|
|
163
|
+
azd env set AZURE_LOCATION "$AZURE_LOCATION"
|
|
164
|
+
fi
|
|
165
|
+
azd env refresh "$AZURE_ENV_NAME" --no-prompt
|
|
166
|
+
azd deploy --no-prompt
|
|
@@ -0,0 +1,187 @@
|
|
|
1
|
+
# AgentOps — Deploy to DEV
|
|
2
|
+
#
|
|
3
|
+
# Triggers on every push to `develop`. Runs the AgentOps eval as a
|
|
4
|
+
# quality gate, then builds and deploys to the `dev` GitHub Environment.
|
|
5
|
+
#
|
|
6
|
+
# To finish wiring this for your project:
|
|
7
|
+
# 1. Configure the `dev` GitHub Environment (Settings -> Environments).
|
|
8
|
+
# Add any environment-specific variables/secrets there.
|
|
9
|
+
# 2. Fill in the `Build` and `Deploy` steps below to match your stack
|
|
10
|
+
# (see commented examples).
|
|
11
|
+
# 3. Make sure the AgentOps eval passes locally first:
|
|
12
|
+
# agentops eval run
|
|
13
|
+
#
|
|
14
|
+
# Generated by `agentops workflow generate`.
|
|
15
|
+
|
|
16
|
+
name: AgentOps Deploy (DEV)
|
|
17
|
+
|
|
18
|
+
on:
|
|
19
|
+
push:
|
|
20
|
+
branches:
|
|
21
|
+
- develop
|
|
22
|
+
workflow_dispatch:
|
|
23
|
+
inputs:
|
|
24
|
+
config:
|
|
25
|
+
description: "Path to agentops.yaml (defaults to ./agentops.yaml at repo root)"
|
|
26
|
+
required: false
|
|
27
|
+
default: "agentops.yaml"
|
|
28
|
+
|
|
29
|
+
permissions:
|
|
30
|
+
contents: read
|
|
31
|
+
id-token: write
|
|
32
|
+
packages: write
|
|
33
|
+
|
|
34
|
+
concurrency:
|
|
35
|
+
group: agentops-deploy-dev-${{ github.ref }}
|
|
36
|
+
cancel-in-progress: false
|
|
37
|
+
|
|
38
|
+
jobs:
|
|
39
|
+
eval:
|
|
40
|
+
name: Eval (gate)
|
|
41
|
+
runs-on: ubuntu-latest
|
|
42
|
+
timeout-minutes: 30
|
|
43
|
+
steps:
|
|
44
|
+
- name: Checkout
|
|
45
|
+
uses: actions/checkout@v6
|
|
46
|
+
|
|
47
|
+
- name: Azure login (OIDC)
|
|
48
|
+
uses: azure/login@v3
|
|
49
|
+
with:
|
|
50
|
+
client-id: ${{ vars.AZURE_CLIENT_ID }}
|
|
51
|
+
tenant-id: ${{ vars.AZURE_TENANT_ID }}
|
|
52
|
+
subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
|
|
53
|
+
|
|
54
|
+
- name: Set up Python
|
|
55
|
+
uses: actions/setup-python@v6
|
|
56
|
+
with:
|
|
57
|
+
python-version: "3.11"
|
|
58
|
+
|
|
59
|
+
# uv is ~5-10x faster than pip on cold installs; the AgentOps stack
|
|
60
|
+
# (azure-* + opentelemetry-instrumentation-*) pulls dozens of small
|
|
61
|
+
# wheels so the speed-up is very visible in CI.
|
|
62
|
+
- name: Install uv
|
|
63
|
+
uses: astral-sh/setup-uv@v7
|
|
64
|
+
with:
|
|
65
|
+
enable-cache: false
|
|
66
|
+
|
|
67
|
+
- name: Install AgentOps Toolkit
|
|
68
|
+
run: |
|
|
69
|
+
# NOTE: pinned to GitHub main until the next package release includes this flow.
|
|
70
|
+
# Switch to `uv pip install --system "agentops-accelerator[foundry]"` after release.
|
|
71
|
+
uv pip install --system "agentops-accelerator[foundry] @ git+https://github.com/Azure/agentops.git@main"
|
|
72
|
+
|
|
73
|
+
__EVAL_STEPS__
|
|
74
|
+
|
|
75
|
+
- name: Upload AgentOps results
|
|
76
|
+
if: always()
|
|
77
|
+
uses: actions/upload-artifact@v7
|
|
78
|
+
with:
|
|
79
|
+
name: agentops-dev-results
|
|
80
|
+
path: |
|
|
81
|
+
__EVAL_ARTIFACT_PATHS__
|
|
82
|
+
if-no-files-found: warn
|
|
83
|
+
|
|
84
|
+
- name: Step summary
|
|
85
|
+
if: always()
|
|
86
|
+
run: |
|
|
87
|
+
{
|
|
88
|
+
echo "## AgentOps Eval (DEV gate)"
|
|
89
|
+
echo
|
|
90
|
+
if [ -f .agentops/results/latest/report.md ]; then
|
|
91
|
+
cat .agentops/results/latest/report.md
|
|
92
|
+
fi
|
|
93
|
+
} >> "$GITHUB_STEP_SUMMARY"
|
|
94
|
+
|
|
95
|
+
build:
|
|
96
|
+
name: Build
|
|
97
|
+
needs: eval
|
|
98
|
+
runs-on: ubuntu-latest
|
|
99
|
+
timeout-minutes: 30
|
|
100
|
+
steps:
|
|
101
|
+
- name: Checkout
|
|
102
|
+
uses: actions/checkout@v6
|
|
103
|
+
|
|
104
|
+
- name: Azure login (OIDC)
|
|
105
|
+
uses: azure/login@v3
|
|
106
|
+
with:
|
|
107
|
+
client-id: ${{ vars.AZURE_CLIENT_ID }}
|
|
108
|
+
tenant-id: ${{ vars.AZURE_TENANT_ID }}
|
|
109
|
+
subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
|
|
110
|
+
|
|
111
|
+
# ---------------------------------------------------------------
|
|
112
|
+
# TODO: replace this placeholder with your build step.
|
|
113
|
+
#
|
|
114
|
+
# Examples (uncomment one):
|
|
115
|
+
#
|
|
116
|
+
# # Python wheel:
|
|
117
|
+
# - uses: actions/setup-python@v6
|
|
118
|
+
# with: { python-version: "3.11" }
|
|
119
|
+
# - run: pip install build && python -m build
|
|
120
|
+
#
|
|
121
|
+
# # Docker image to ACR (server-side build):
|
|
122
|
+
# - run: |
|
|
123
|
+
# az acr build \
|
|
124
|
+
# --registry "${{ vars.ACR_NAME }}" \
|
|
125
|
+
# --image "myapp:${{ github.sha }}" \
|
|
126
|
+
# .
|
|
127
|
+
#
|
|
128
|
+
# # azd package:
|
|
129
|
+
# - uses: Azure/setup-azd@v2
|
|
130
|
+
# - run: azd package --no-prompt
|
|
131
|
+
# ---------------------------------------------------------------
|
|
132
|
+
- name: Build (placeholder)
|
|
133
|
+
run: |
|
|
134
|
+
echo "TODO: replace this step with your build."
|
|
135
|
+
echo "See the commented examples in this workflow."
|
|
136
|
+
|
|
137
|
+
deploy:
|
|
138
|
+
name: Deploy to DEV
|
|
139
|
+
needs: build
|
|
140
|
+
runs-on: ubuntu-latest
|
|
141
|
+
environment: dev
|
|
142
|
+
timeout-minutes: 30
|
|
143
|
+
steps:
|
|
144
|
+
- name: Checkout
|
|
145
|
+
uses: actions/checkout@v6
|
|
146
|
+
|
|
147
|
+
- name: Azure login (OIDC)
|
|
148
|
+
uses: azure/login@v3
|
|
149
|
+
with:
|
|
150
|
+
client-id: ${{ vars.AZURE_CLIENT_ID }}
|
|
151
|
+
tenant-id: ${{ vars.AZURE_TENANT_ID }}
|
|
152
|
+
subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
|
|
153
|
+
|
|
154
|
+
# ---------------------------------------------------------------
|
|
155
|
+
# TODO: replace this placeholder with your deploy step.
|
|
156
|
+
#
|
|
157
|
+
# Examples (uncomment one):
|
|
158
|
+
#
|
|
159
|
+
# # Azure Container Apps:
|
|
160
|
+
# - run: |
|
|
161
|
+
# az containerapp update \
|
|
162
|
+
# --name "${{ vars.ACA_APP_NAME }}" \
|
|
163
|
+
# --resource-group "${{ vars.AZURE_RESOURCE_GROUP }}" \
|
|
164
|
+
# --image "${{ vars.ACR_NAME }}.azurecr.io/myapp:${{ github.sha }}"
|
|
165
|
+
#
|
|
166
|
+
# # Azure App Service:
|
|
167
|
+
# - uses: azure/webapps-deploy@v3
|
|
168
|
+
# with:
|
|
169
|
+
# app-name: ${{ vars.WEBAPP_NAME }}
|
|
170
|
+
# package: ./dist
|
|
171
|
+
#
|
|
172
|
+
# # Foundry prompt agent:
|
|
173
|
+
# # Prefer regenerating this workflow with:
|
|
174
|
+
# # agentops workflow generate --deploy-mode prompt-agent --force
|
|
175
|
+
# # That path creates a candidate Foundry version from prompt_file,
|
|
176
|
+
# # evaluates that exact version, then records it as deployed.
|
|
177
|
+
#
|
|
178
|
+
# # azd up / deploy:
|
|
179
|
+
# - uses: Azure/setup-azd@v2
|
|
180
|
+
# - run: azd deploy --no-prompt
|
|
181
|
+
# env:
|
|
182
|
+
# AZURE_ENV_NAME: dev
|
|
183
|
+
# ---------------------------------------------------------------
|
|
184
|
+
- name: Deploy (placeholder)
|
|
185
|
+
run: |
|
|
186
|
+
echo "TODO: replace this step with your deploy."
|
|
187
|
+
echo "Target environment: dev"
|
|
@@ -0,0 +1,183 @@
|
|
|
1
|
+
# AgentOps - Deploy to PRODUCTION with azd
|
|
2
|
+
#
|
|
3
|
+
# agentops:deploy-mode=azd
|
|
4
|
+
#
|
|
5
|
+
# Runs on push to main. Production should have required reviewers in the
|
|
6
|
+
# GitHub Environment. azd provision is opt-in for production; app deploy
|
|
7
|
+
# only runs after the AgentOps safety/quality gate passes.
|
|
8
|
+
#
|
|
9
|
+
# Generated by `agentops workflow generate --deploy-mode azd`.
|
|
10
|
+
|
|
11
|
+
name: AgentOps Deploy (PROD)
|
|
12
|
+
|
|
13
|
+
on:
|
|
14
|
+
push:
|
|
15
|
+
branches:
|
|
16
|
+
- main
|
|
17
|
+
workflow_dispatch:
|
|
18
|
+
inputs:
|
|
19
|
+
config:
|
|
20
|
+
description: "Path to agentops.yaml (defaults to ./agentops.yaml at repo root)"
|
|
21
|
+
required: false
|
|
22
|
+
default: "agentops.yaml"
|
|
23
|
+
provision:
|
|
24
|
+
description: "Run azd provision before deploy"
|
|
25
|
+
required: false
|
|
26
|
+
type: boolean
|
|
27
|
+
default: false
|
|
28
|
+
|
|
29
|
+
permissions:
|
|
30
|
+
contents: read
|
|
31
|
+
id-token: write
|
|
32
|
+
packages: write
|
|
33
|
+
|
|
34
|
+
concurrency:
|
|
35
|
+
group: agentops-deploy-prod-${{ github.ref }}
|
|
36
|
+
cancel-in-progress: false
|
|
37
|
+
|
|
38
|
+
jobs:
|
|
39
|
+
provision:
|
|
40
|
+
name: azd environment (PROD)
|
|
41
|
+
runs-on: ubuntu-latest
|
|
42
|
+
environment: production
|
|
43
|
+
timeout-minutes: 45
|
|
44
|
+
steps:
|
|
45
|
+
- name: Checkout
|
|
46
|
+
uses: actions/checkout@v6
|
|
47
|
+
- name: Set up azd
|
|
48
|
+
uses: Azure/setup-azd@v2
|
|
49
|
+
- name: Azure login (OIDC)
|
|
50
|
+
uses: azure/login@v3
|
|
51
|
+
with:
|
|
52
|
+
client-id: ${{ vars.AZURE_CLIENT_ID }}
|
|
53
|
+
tenant-id: ${{ vars.AZURE_TENANT_ID }}
|
|
54
|
+
subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
|
|
55
|
+
- name: Prepare azd environment
|
|
56
|
+
env:
|
|
57
|
+
AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME || 'production' }}
|
|
58
|
+
AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
|
|
59
|
+
run: |
|
|
60
|
+
test -f azure.yaml || {
|
|
61
|
+
echo "::error file=azure.yaml::No azure.yaml found. Ask your coding agent to generate a zero-trust azd deployment, then re-run this workflow."
|
|
62
|
+
exit 1
|
|
63
|
+
}
|
|
64
|
+
azd env new "$AZURE_ENV_NAME" --no-prompt --subscription "${{ vars.AZURE_SUBSCRIPTION_ID }}" ${AZURE_LOCATION:+--location "$AZURE_LOCATION"} \
|
|
65
|
+
|| azd env select "$AZURE_ENV_NAME"
|
|
66
|
+
azd env set AZURE_SUBSCRIPTION_ID "${{ vars.AZURE_SUBSCRIPTION_ID }}"
|
|
67
|
+
if [ -n "$AZURE_LOCATION" ]; then
|
|
68
|
+
azd env set AZURE_LOCATION "$AZURE_LOCATION"
|
|
69
|
+
fi
|
|
70
|
+
- name: Run azd provision when requested
|
|
71
|
+
env:
|
|
72
|
+
AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME || 'production' }}
|
|
73
|
+
run: |
|
|
74
|
+
SHOULD_PROVISION="false"
|
|
75
|
+
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
|
|
76
|
+
SHOULD_PROVISION="${{ inputs.provision }}"
|
|
77
|
+
fi
|
|
78
|
+
if [ "$SHOULD_PROVISION" = "true" ]; then
|
|
79
|
+
__AILZ_PREFLIGHT_COMMAND__
|
|
80
|
+
azd provision --no-prompt
|
|
81
|
+
else
|
|
82
|
+
echo "Skipping azd provision for PROD. Use workflow_dispatch with provision=true for reviewed infra changes."
|
|
83
|
+
fi
|
|
84
|
+
|
|
85
|
+
safety-eval:
|
|
86
|
+
name: Safety eval (gate)
|
|
87
|
+
needs: provision
|
|
88
|
+
runs-on: ubuntu-latest
|
|
89
|
+
timeout-minutes: 30
|
|
90
|
+
steps:
|
|
91
|
+
- name: Checkout
|
|
92
|
+
uses: actions/checkout@v6
|
|
93
|
+
- name: Azure login (OIDC)
|
|
94
|
+
uses: azure/login@v3
|
|
95
|
+
with:
|
|
96
|
+
client-id: ${{ vars.AZURE_CLIENT_ID }}
|
|
97
|
+
tenant-id: ${{ vars.AZURE_TENANT_ID }}
|
|
98
|
+
subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
|
|
99
|
+
- name: Set up Python
|
|
100
|
+
uses: actions/setup-python@v6
|
|
101
|
+
with:
|
|
102
|
+
python-version: "3.11"
|
|
103
|
+
- name: Install uv
|
|
104
|
+
uses: astral-sh/setup-uv@v7
|
|
105
|
+
with:
|
|
106
|
+
enable-cache: false
|
|
107
|
+
|
|
108
|
+
- name: Install AgentOps Toolkit
|
|
109
|
+
run: uv pip install --system "agentops-accelerator[foundry,agent] @ git+https://github.com/Azure/agentops.git@main"
|
|
110
|
+
__EVAL_STEPS__
|
|
111
|
+
- name: Generate release evidence
|
|
112
|
+
if: always()
|
|
113
|
+
env:
|
|
114
|
+
AZURE_AI_FOUNDRY_PROJECT_ENDPOINT: ${{ vars.AZURE_AI_FOUNDRY_PROJECT_ENDPOINT }}
|
|
115
|
+
AZURE_OPENAI_ENDPOINT: ${{ vars.AZURE_OPENAI_ENDPOINT }}
|
|
116
|
+
AZURE_OPENAI_DEPLOYMENT: ${{ vars.AZURE_OPENAI_DEPLOYMENT }}
|
|
117
|
+
APPLICATIONINSIGHTS_CONNECTION_STRING: ${{ secrets.APPLICATIONINSIGHTS_CONNECTION_STRING || vars.APPLICATIONINSIGHTS_CONNECTION_STRING }}
|
|
118
|
+
run: |
|
|
119
|
+
agentops doctor --workspace . --out .agentops/agent/report.md \
|
|
120
|
+
--severity-fail critical --evidence-pack
|
|
121
|
+
- name: Upload AgentOps results
|
|
122
|
+
if: always()
|
|
123
|
+
uses: actions/upload-artifact@v7
|
|
124
|
+
with:
|
|
125
|
+
name: agentops-prod-results
|
|
126
|
+
path: |
|
|
127
|
+
__EVAL_ARTIFACT_PATHS__
|
|
128
|
+
.agentops/agent/report.md
|
|
129
|
+
.agentops/release/latest/evidence.json
|
|
130
|
+
.agentops/release/latest/evidence.md
|
|
131
|
+
if-no-files-found: warn
|
|
132
|
+
|
|
133
|
+
- name: Step summary
|
|
134
|
+
if: always()
|
|
135
|
+
run: |
|
|
136
|
+
{
|
|
137
|
+
echo "## AgentOps Safety Eval (PROD gate)"
|
|
138
|
+
echo
|
|
139
|
+
if [ -f .agentops/results/latest/report.md ]; then
|
|
140
|
+
cat .agentops/results/latest/report.md
|
|
141
|
+
fi
|
|
142
|
+
if [ -f .agentops/release/latest/evidence.md ]; then
|
|
143
|
+
echo
|
|
144
|
+
echo "---"
|
|
145
|
+
echo
|
|
146
|
+
cat .agentops/release/latest/evidence.md
|
|
147
|
+
fi
|
|
148
|
+
} >> "$GITHUB_STEP_SUMMARY"
|
|
149
|
+
|
|
150
|
+
deploy:
|
|
151
|
+
name: azd deploy (PROD)
|
|
152
|
+
needs: safety-eval
|
|
153
|
+
runs-on: ubuntu-latest
|
|
154
|
+
environment: production
|
|
155
|
+
timeout-minutes: 45
|
|
156
|
+
steps:
|
|
157
|
+
- name: Checkout
|
|
158
|
+
uses: actions/checkout@v6
|
|
159
|
+
- name: Set up azd
|
|
160
|
+
uses: Azure/setup-azd@v2
|
|
161
|
+
- name: Azure login (OIDC)
|
|
162
|
+
uses: azure/login@v3
|
|
163
|
+
with:
|
|
164
|
+
client-id: ${{ vars.AZURE_CLIENT_ID }}
|
|
165
|
+
tenant-id: ${{ vars.AZURE_TENANT_ID }}
|
|
166
|
+
subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
|
|
167
|
+
- name: Run azd deploy
|
|
168
|
+
env:
|
|
169
|
+
AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME || 'production' }}
|
|
170
|
+
AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
|
|
171
|
+
run: |
|
|
172
|
+
test -f azure.yaml || {
|
|
173
|
+
echo "::error file=azure.yaml::No azure.yaml found. Ask your coding agent to generate a zero-trust azd deployment, then re-run this workflow."
|
|
174
|
+
exit 1
|
|
175
|
+
}
|
|
176
|
+
azd env new "$AZURE_ENV_NAME" --no-prompt --subscription "${{ vars.AZURE_SUBSCRIPTION_ID }}" ${AZURE_LOCATION:+--location "$AZURE_LOCATION"} \
|
|
177
|
+
|| azd env select "$AZURE_ENV_NAME"
|
|
178
|
+
azd env set AZURE_SUBSCRIPTION_ID "${{ vars.AZURE_SUBSCRIPTION_ID }}"
|
|
179
|
+
if [ -n "$AZURE_LOCATION" ]; then
|
|
180
|
+
azd env set AZURE_LOCATION "$AZURE_LOCATION"
|
|
181
|
+
fi
|
|
182
|
+
azd env refresh "$AZURE_ENV_NAME" --no-prompt
|
|
183
|
+
azd deploy --no-prompt
|
|
@@ -0,0 +1,171 @@
|
|
|
1
|
+
# AgentOps — Deploy to PRODUCTION
|
|
2
|
+
#
|
|
3
|
+
# Triggers on every push to `main` (typically the merge of a release
|
|
4
|
+
# branch). Runs a safety/quality eval, builds, and deploys to the
|
|
5
|
+
# `production` GitHub Environment.
|
|
6
|
+
#
|
|
7
|
+
# IMPORTANT: configure the `production` environment with REQUIRED
|
|
8
|
+
# REVIEWERS so a deploy to prod always needs human approval:
|
|
9
|
+
# Repo Settings -> Environments -> production
|
|
10
|
+
# -> Required reviewers (add at least one)
|
|
11
|
+
# -> (optional) Wait timer
|
|
12
|
+
# -> (optional) Deployment branches: only `main`
|
|
13
|
+
#
|
|
14
|
+
# To finish wiring this for your project:
|
|
15
|
+
# 1. Configure the `production` environment as described above.
|
|
16
|
+
# 2. Optionally point the eval step at a hardened safety bundle
|
|
17
|
+
# (e.g. `.agentops/runs/safety.yaml`).
|
|
18
|
+
# 3. Fill in the `Build` and `Deploy` steps below to match your stack
|
|
19
|
+
# (see commented examples in agentops-deploy-dev.yml).
|
|
20
|
+
#
|
|
21
|
+
# Generated by `agentops workflow generate`.
|
|
22
|
+
|
|
23
|
+
name: AgentOps Deploy (PROD)
|
|
24
|
+
|
|
25
|
+
on:
|
|
26
|
+
push:
|
|
27
|
+
branches:
|
|
28
|
+
- main
|
|
29
|
+
workflow_dispatch:
|
|
30
|
+
inputs:
|
|
31
|
+
config:
|
|
32
|
+
description: "Path to agentops.yaml (defaults to ./agentops.yaml at repo root)"
|
|
33
|
+
required: false
|
|
34
|
+
default: "agentops.yaml"
|
|
35
|
+
|
|
36
|
+
permissions:
|
|
37
|
+
contents: read
|
|
38
|
+
id-token: write
|
|
39
|
+
packages: write
|
|
40
|
+
|
|
41
|
+
concurrency:
|
|
42
|
+
group: agentops-deploy-prod-${{ github.ref }}
|
|
43
|
+
cancel-in-progress: false
|
|
44
|
+
|
|
45
|
+
jobs:
|
|
46
|
+
safety-eval:
|
|
47
|
+
name: Safety eval (gate)
|
|
48
|
+
runs-on: ubuntu-latest
|
|
49
|
+
timeout-minutes: 30
|
|
50
|
+
steps:
|
|
51
|
+
- name: Checkout
|
|
52
|
+
uses: actions/checkout@v6
|
|
53
|
+
|
|
54
|
+
- name: Azure login (OIDC)
|
|
55
|
+
uses: azure/login@v3
|
|
56
|
+
with:
|
|
57
|
+
client-id: ${{ vars.AZURE_CLIENT_ID }}
|
|
58
|
+
tenant-id: ${{ vars.AZURE_TENANT_ID }}
|
|
59
|
+
subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
|
|
60
|
+
|
|
61
|
+
- name: Set up Python
|
|
62
|
+
uses: actions/setup-python@v6
|
|
63
|
+
with:
|
|
64
|
+
python-version: "3.11"
|
|
65
|
+
|
|
66
|
+
# uv is ~5-10x faster than pip on cold installs; the AgentOps stack
|
|
67
|
+
# (azure-* + opentelemetry-instrumentation-*) pulls dozens of small
|
|
68
|
+
# wheels so the speed-up is very visible in CI.
|
|
69
|
+
- name: Install uv
|
|
70
|
+
uses: astral-sh/setup-uv@v7
|
|
71
|
+
with:
|
|
72
|
+
enable-cache: false
|
|
73
|
+
|
|
74
|
+
- name: Install AgentOps Toolkit
|
|
75
|
+
run: |
|
|
76
|
+
# NOTE: pinned to GitHub main until the next package release includes this flow.
|
|
77
|
+
# Switch to `uv pip install --system "agentops-accelerator[foundry,agent]"` after release.
|
|
78
|
+
uv pip install --system "agentops-accelerator[foundry,agent] @ git+https://github.com/Azure/agentops.git@main"
|
|
79
|
+
|
|
80
|
+
__EVAL_STEPS__
|
|
81
|
+
|
|
82
|
+
- name: Generate release evidence
|
|
83
|
+
if: always()
|
|
84
|
+
env:
|
|
85
|
+
AZURE_AI_FOUNDRY_PROJECT_ENDPOINT: ${{ vars.AZURE_AI_FOUNDRY_PROJECT_ENDPOINT }}
|
|
86
|
+
AZURE_OPENAI_ENDPOINT: ${{ vars.AZURE_OPENAI_ENDPOINT }}
|
|
87
|
+
AZURE_OPENAI_DEPLOYMENT: ${{ vars.AZURE_OPENAI_DEPLOYMENT }}
|
|
88
|
+
APPLICATIONINSIGHTS_CONNECTION_STRING: ${{ secrets.APPLICATIONINSIGHTS_CONNECTION_STRING || vars.APPLICATIONINSIGHTS_CONNECTION_STRING }}
|
|
89
|
+
run: |
|
|
90
|
+
agentops doctor --workspace . --out .agentops/agent/report.md \
|
|
91
|
+
--severity-fail critical --evidence-pack
|
|
92
|
+
|
|
93
|
+
- name: Upload AgentOps results
|
|
94
|
+
if: always()
|
|
95
|
+
uses: actions/upload-artifact@v7
|
|
96
|
+
with:
|
|
97
|
+
name: agentops-prod-results
|
|
98
|
+
path: |
|
|
99
|
+
__EVAL_ARTIFACT_PATHS__
|
|
100
|
+
.agentops/agent/report.md
|
|
101
|
+
.agentops/release/latest/evidence.json
|
|
102
|
+
.agentops/release/latest/evidence.md
|
|
103
|
+
if-no-files-found: warn
|
|
104
|
+
|
|
105
|
+
- name: Step summary
|
|
106
|
+
if: always()
|
|
107
|
+
run: |
|
|
108
|
+
{
|
|
109
|
+
echo "## AgentOps Safety Eval (PROD gate)"
|
|
110
|
+
echo
|
|
111
|
+
if [ -f .agentops/results/latest/report.md ]; then
|
|
112
|
+
cat .agentops/results/latest/report.md
|
|
113
|
+
fi
|
|
114
|
+
if [ -f .agentops/release/latest/evidence.md ]; then
|
|
115
|
+
echo
|
|
116
|
+
echo "---"
|
|
117
|
+
echo
|
|
118
|
+
cat .agentops/release/latest/evidence.md
|
|
119
|
+
fi
|
|
120
|
+
} >> "$GITHUB_STEP_SUMMARY"
|
|
121
|
+
|
|
122
|
+
build:
|
|
123
|
+
name: Build
|
|
124
|
+
needs: safety-eval
|
|
125
|
+
runs-on: ubuntu-latest
|
|
126
|
+
timeout-minutes: 30
|
|
127
|
+
steps:
|
|
128
|
+
- name: Checkout
|
|
129
|
+
uses: actions/checkout@v6
|
|
130
|
+
|
|
131
|
+
- name: Azure login (OIDC)
|
|
132
|
+
uses: azure/login@v3
|
|
133
|
+
with:
|
|
134
|
+
client-id: ${{ vars.AZURE_CLIENT_ID }}
|
|
135
|
+
tenant-id: ${{ vars.AZURE_TENANT_ID }}
|
|
136
|
+
subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
|
|
137
|
+
|
|
138
|
+
# ---------------------------------------------------------------
|
|
139
|
+
# TODO: replace this placeholder with your build step.
|
|
140
|
+
# See agentops-deploy-dev.yml for example snippets.
|
|
141
|
+
# ---------------------------------------------------------------
|
|
142
|
+
- name: Build (placeholder)
|
|
143
|
+
run: |
|
|
144
|
+
echo "TODO: replace this step with your build."
|
|
145
|
+
|
|
146
|
+
deploy:
|
|
147
|
+
name: Deploy to PROD
|
|
148
|
+
needs: build
|
|
149
|
+
runs-on: ubuntu-latest
|
|
150
|
+
environment: production
|
|
151
|
+
timeout-minutes: 30
|
|
152
|
+
steps:
|
|
153
|
+
- name: Checkout
|
|
154
|
+
uses: actions/checkout@v6
|
|
155
|
+
|
|
156
|
+
- name: Azure login (OIDC)
|
|
157
|
+
uses: azure/login@v3
|
|
158
|
+
with:
|
|
159
|
+
client-id: ${{ vars.AZURE_CLIENT_ID }}
|
|
160
|
+
tenant-id: ${{ vars.AZURE_TENANT_ID }}
|
|
161
|
+
subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
|
|
162
|
+
|
|
163
|
+
# ---------------------------------------------------------------
|
|
164
|
+
# TODO: replace this placeholder with your deploy step.
|
|
165
|
+
# See agentops-deploy-dev.yml for example snippets (ACA, App
|
|
166
|
+
# Service, Foundry hosted agent, azd deploy).
|
|
167
|
+
# ---------------------------------------------------------------
|
|
168
|
+
- name: Deploy (placeholder)
|
|
169
|
+
run: |
|
|
170
|
+
echo "TODO: replace this step with your deploy."
|
|
171
|
+
echo "Target environment: production"
|