Skip to content

Feature/retrieval chain workflows #126

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
giuliastf wants to merge 22 commits into from
Closed

Feature/retrieval chain workflows #126

giuliastf wants to merge 22 commits into from

Conversation

@giuliastf
Copy link
Collaborator

@giuliastf giuliastf commented Jul 15, 2025
edited by github-actions bot
Loading

Development Package

  • Add this package as a dependency in your pyproject.toml:
[project]
dependencies = [
  # Exact version:
  "uipath-langchain==0.0.116.dev1001260265",

  # Any version from PR
  "uipath-langchain>=0.0.116.dev1001260000,<0.0.116.dev1001270000"
]

[[tool.uv.index]]
name = "testpypi"
url = "https://test.pypi.org/simple/"
publish-url = "https://test.pypi.org/legacy/"
explicit = true

[tool.uv.sources]
uipath-langchain = { index = "testpypi" }

github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 15, 2025
View reviewed changes
.github/workflows/test-retrieval-chain.yml
Comment on lines +21 to +52
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Build and run retrieval chain
run: |
cd samples/retrieval-chain

# Build the image
docker build -t retrieval-chain \
--build-arg CLIENT_ID="${{ secrets.UIPATH_CLIENT_ID }}" \
--build-arg CLIENT_SECRET="${{ secrets.UIPATH_CLIENT_SECRET }}" \
--build-arg BASE_URL="${{ secrets.UIPATH_BASE_URL }}" \
.

# Run with parameters
docker run --rm \
-e CLIENT_ID="${{ secrets.UIPATH_CLIENT_ID }}" \
-e CLIENT_SECRET="${{ secrets.UIPATH_CLIENT_SECRET }}" \
-e BASE_URL="${{ secrets.UIPATH_BASE_URL }}" \
retrieval-chain \
/app/startup.sh --index_name "${{ github.event.inputs.index_name }}" --query "${{ github.event.inputs.query }}" --k ${{ github.event.inputs.k }}

- name: Show completion
run: |
echo "✅ Retrieval chain completed successfully!"
echo "📊 Parameters used:"
echo " - Index: ${{ github.event.inputs.index_name }}"
echo " - Query: ${{ github.event.inputs.query }}"
echo " - Results: ${{ github.event.inputs.k }}"

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium test

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 6 months ago

To fix the issue, we will add a permissions block at the root of the workflow file. This block will specify the minimal permissions required for the workflow to function correctly. Based on the workflow's operations, it only needs read access to the repository contents. Therefore, we will set contents: read in the permissions block.

The permissions block will be added directly under the name field in the workflow file to apply to all jobs in the workflow.

Suggested changeset 1
.github/workflows/test-retrieval-chain.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/test-retrieval-chain.yml b/.github/workflows/test-retrieval-chain.yml
--- a/.github/workflows/test-retrieval-chain.yml
+++ b/.github/workflows/test-retrieval-chain.yml
@@ -1,2 +1,4 @@
 name: Test Retrieval Chain
+permissions:
+  contents: read
 
EOF
@@ -1,2 +1,4 @@
name: Test Retrieval Chain
permissions:
contents: read

Copilot is powered by AI and may make mistakes. Always verify output.
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 15, 2025
View reviewed changes
.github/workflows/retrieval-chain.yml
# run: cd samples/retrieval-chain

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Integration testing' step
Uses Step
Loading
uses 'docker/setup-buildx-action' with ref 'v3', not a pinned commit hash
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 15, 2025
View reviewed changes
.github/workflows/retrieval-chain.yml
Comment on lines 13 to 49
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Build Docker image
run: |
docker build -t retrieval-chain:test \
--build-arg CLIENT_ID="${{ secrets.UIPATH_CLIENT_ID }}" \
--build-arg CLIENT_SECRET="${{ secrets.UIPATH_CLIENT_SECRET }}" \
--build-arg BASE_URL="${{ secrets.UIPATH_BASE_URL }}" \
.
working-directory: ./samples/retrieval-chain

- name: Test retrieval chain with default parameters
run: |
cd samples/retrieval-chain
docker run --rm \
-e CLIENT_ID="${{ secrets.UIPATH_CLIENT_ID }}" \
-e CLIENT_SECRET="${{ secrets.UIPATH_CLIENT_SECRET }}" \
-e BASE_URL="${{ secrets.UIPATH_BASE_URL }}" \
retrieval-chain:test

- name: Test retrieval chain with custom parameters
if: github.event_name == 'workflow_dispatch'
run: |
cd samples/retrieval-chain
docker run --rm \
-e CLIENT_ID="${{ secrets.UIPATH_CLIENT_ID }}" \
-e CLIENT_SECRET="${{ secrets.UIPATH_CLIENT_SECRET }}" \
-e BASE_URL="${{ secrets.UIPATH_BASE_URL }}" \
retrieval-chain:test \
/app/startup.sh --index_name "${{ github.event.inputs.index_name }}" --query "${{ github.event.inputs.query }}" --k ${{ github.event.inputs.k }}

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 6 months ago

To fix the issue, we need to add a permissions block to the workflow. This block should specify the minimal permissions required for the workflow to function correctly. Since the workflow does not modify the repository, contents: read is sufficient. This ensures the GITHUB_TOKEN has only read access to the repository contents.

The permissions block can be added at the root level of the workflow to apply to all jobs, or it can be added to the specific job (test-retrieval-chain). In this case, adding it at the root level is more concise and ensures consistency across all jobs.

Suggested changeset 1
.github/workflows/retrieval-chain.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/retrieval-chain.yml b/.github/workflows/retrieval-chain.yml
--- a/.github/workflows/retrieval-chain.yml
+++ b/.github/workflows/retrieval-chain.yml
@@ -8,2 +8,5 @@
 
+permissions:
+  contents: read
+
 jobs:
EOF
@@ -8,2 +8,5 @@

permissions:
contents: read

jobs:
Copilot is powered by AI and may make mistakes. Always verify output.
@giuliastf giuliastf closed this Jul 16, 2025
@cristipufu cristipufu deleted the feature/retrieval-chain-workflows branch November 30, 2025 11:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@giuliastf