Skip to content

Feature/retrieval chain workflows#126

Closed
giuliastf wants to merge 22 commits intomainfrom
feature/retrieval-chain-workflows
Closed

Feature/retrieval chain workflows#126
giuliastf wants to merge 22 commits intomainfrom
feature/retrieval-chain-workflows

Conversation

@giuliastf
Copy link
Copy Markdown
Collaborator

@giuliastf giuliastf commented Jul 15, 2025
edited by github-actions Bot
Loading

Development Package

  • Add this package as a dependency in your pyproject.toml:
[project]
dependencies = [
  # Exact version:
  "uipath-langchain==0.0.116.dev1001260265",

  # Any version from PR
  "uipath-langchain>=0.0.116.dev1001260000,<0.0.116.dev1001270000"
]

[[tool.uv.index]]
name = "testpypi"
url = "https://test.pypi.org/simple/"
publish-url = "https://test.pypi.org/legacy/"
explicit = true

[tool.uv.sources]
uipath-langchain = { index = "testpypi" }

github-advanced-security[bot]
github-advanced-security AI found potential problems Jul 15, 2025
View reviewed changes
Comment thread .github/workflows/retrieval-chain.yml Fixed
Comment thread .github/workflows/retrieval-chain.yml Fixed
Comment thread .github/workflows/retrieval-chain.yml Fixed
Comment thread .github/workflows/retrieval-chain.yml Fixed
Comment thread .github/workflows/retrieval-chain.yml Fixed
Comment thread .github/workflows/retrieval-chain.yml Fixed
Comment thread .github/workflows/test-retrieval-chain.yml
Comment on lines +21 to +52
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Build and run retrieval chain
run: |
cd samples/retrieval-chain

# Build the image
docker build -t retrieval-chain \
--build-arg CLIENT_ID="${{ secrets.UIPATH_CLIENT_ID }}" \
--build-arg CLIENT_SECRET="${{ secrets.UIPATH_CLIENT_SECRET }}" \
--build-arg BASE_URL="${{ secrets.UIPATH_BASE_URL }}" \
.

# Run with parameters
docker run --rm \
-e CLIENT_ID="${{ secrets.UIPATH_CLIENT_ID }}" \
-e CLIENT_SECRET="${{ secrets.UIPATH_CLIENT_SECRET }}" \
-e BASE_URL="${{ secrets.UIPATH_BASE_URL }}" \
retrieval-chain \
/app/startup.sh --index_name "${{ github.event.inputs.index_name }}" --query "${{ github.event.inputs.query }}" --k ${{ github.event.inputs.k }}

- name: Show completion
run: |
echo "✅ Retrieval chain completed successfully!"
echo "📊 Parameters used:"
echo " - Index: ${{ github.event.inputs.index_name }}"
echo " - Query: ${{ github.event.inputs.query }}"
echo " - Results: ${{ github.event.inputs.k }}"

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium test

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 10 months ago

To fix the issue, we will add a permissions block at the root of the workflow file. This block will specify the minimal permissions required for the workflow to function correctly. Based on the workflow's operations, it only needs read access to the repository contents. Therefore, we will set contents: read in the permissions block.

The permissions block will be added directly under the name field in the workflow file to apply to all jobs in the workflow.

Suggested changeset 1
.github/workflows/test-retrieval-chain.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/test-retrieval-chain.yml b/.github/workflows/test-retrieval-chain.yml
--- a/.github/workflows/test-retrieval-chain.yml
+++ b/.github/workflows/test-retrieval-chain.yml
@@ -1,2 +1,4 @@
 name: Test Retrieval Chain
+permissions:
+  contents: read
 
EOF
@@ -1,2 +1,4 @@
name: Test Retrieval Chain
permissions:
contents: read

Copilot is powered by AI and may make mistakes. Always verify output.
github-advanced-security[bot]
github-advanced-security AI found potential problems Jul 15, 2025
View reviewed changes
Comment thread .github/workflows/retrieval-chain.yml Fixed
Comment thread .github/workflows/retrieval-chain.yml
# run: cd samples/retrieval-chain

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Integration testing' step
Uses Step
Loading
uses 'docker/setup-buildx-action' with ref 'v3', not a pinned commit hash
github-advanced-security[bot]
github-advanced-security AI found potential problems Jul 15, 2025
View reviewed changes
Comment thread .github/workflows/retrieval-chain.yml
Comment on lines +13 to +49
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Build Docker image
run: |
docker build -t retrieval-chain:test \
--build-arg CLIENT_ID="${{ secrets.UIPATH_CLIENT_ID }}" \
--build-arg CLIENT_SECRET="${{ secrets.UIPATH_CLIENT_SECRET }}" \
--build-arg BASE_URL="${{ secrets.UIPATH_BASE_URL }}" \
.
working-directory: ./samples/retrieval-chain

- name: Test retrieval chain with default parameters
run: |
cd samples/retrieval-chain
docker run --rm \
-e CLIENT_ID="${{ secrets.UIPATH_CLIENT_ID }}" \
-e CLIENT_SECRET="${{ secrets.UIPATH_CLIENT_SECRET }}" \
-e BASE_URL="${{ secrets.UIPATH_BASE_URL }}" \
retrieval-chain:test

- name: Test retrieval chain with custom parameters
if: github.event_name == 'workflow_dispatch'
run: |
cd samples/retrieval-chain
docker run --rm \
-e CLIENT_ID="${{ secrets.UIPATH_CLIENT_ID }}" \
-e CLIENT_SECRET="${{ secrets.UIPATH_CLIENT_SECRET }}" \
-e BASE_URL="${{ secrets.UIPATH_BASE_URL }}" \
retrieval-chain:test \
/app/startup.sh --index_name "${{ github.event.inputs.index_name }}" --query "${{ github.event.inputs.query }}" --k ${{ github.event.inputs.k }}

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 10 months ago

To fix the issue, we need to add a permissions block to the workflow. This block should specify the minimal permissions required for the workflow to function correctly. Since the workflow does not modify the repository, contents: read is sufficient. This ensures the GITHUB_TOKEN has only read access to the repository contents.

The permissions block can be added at the root level of the workflow to apply to all jobs, or it can be added to the specific job (test-retrieval-chain). In this case, adding it at the root level is more concise and ensures consistency across all jobs.

Suggested changeset 1
.github/workflows/retrieval-chain.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/retrieval-chain.yml b/.github/workflows/retrieval-chain.yml
--- a/.github/workflows/retrieval-chain.yml
+++ b/.github/workflows/retrieval-chain.yml
@@ -8,2 +8,5 @@
 
+permissions:
+  contents: read
+
 jobs:
EOF
@@ -8,2 +8,5 @@

permissions:
contents: read

jobs:
Copilot is powered by AI and may make mistakes. Always verify output.
@giuliastf giuliastf closed this Jul 16, 2025
@cristipufu cristipufu deleted the feature/retrieval-chain-workflows branch November 30, 2025 11:50
mjnovice pushed a commit that referenced this pull request Mar 31, 2026
@AAgnihotry
chore: bump uipath version to 2.5.19 (#126)
30ead29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@giuliastf @github-advanced-security