GitHub Action that allows you to create or connect to your Azure Machine Learning Workspace.
Перейти к файлу
Marvin Buss 0232b499f2 added input validation 2020-04-24 14:14:13 +02:00
.cloud/.azure added input validation 2020-04-24 14:14:13 +02:00
.github/workflows add automated version update 2020-04-21 12:25:02 +02:00
code added input validation 2020-04-24 14:14:13 +02:00
.gitignore catch exception 2020-03-12 08:30:30 +01:00
CODE_OF_CONDUCT.md Initial CODE_OF_CONDUCT.md commit 2020-03-11 16:18:42 -07:00
Dockerfile added input validation 2020-04-24 14:14:13 +02:00
LICENSE Initial LICENSE commit 2020-03-11 16:18:43 -07:00
README.md updated workflow example 2020-04-21 12:09:22 +02:00
SECURITY.md Initial SECURITY.md commit 2020-03-11 16:18:44 -07:00
action.yml snake_case 2020-03-25 23:07:48 +01:00

README.md

Integration Test Lint

Azure Machine Learning Workspace Action

Usage

The Azure Machine Learning Workspace action will allow you to create or connect to a Azure Machine Learning workspace so you can later run your Machine Learning experiments remotely, create production endpoints etc. If the workspace exists, it will connect to it, otherwise the action can create a new workspace based on the provided parameters. You will need to provide azure credentials that allow you to create and/or connect to a workspace. The action will output a config file that needs to be passed to the next AML actions if you are looking to chain more than one AML action together.

Template repositories

This action is one in a series of actions that can be used to setup an ML Ops process. Examples of these can be found at

  1. Simple example: ml-template-azure and
  2. Comprehensive example: aml-template.

Example workflow

name: My Workflow
on: [push, pull_request]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
    - name: Check Out Repository
      id: checkout_repository
      uses: actions/checkout@v2

    # AML Workspace Action
    - uses: Azure/aml-workspace@v1
      id: aml_workspace
      # required inputs as secrets
      with:
        # required
        azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
        # optional
        parameters_file: "workspace.json"

Inputs

Input Required Default Description
azure_credentials x - Output of az ad sp create-for-rbac --name <your-sp-name> --role contributor --scopes /subscriptions/<your-subscriptionId>/resourceGroups/<your-rg> --sdk-auth. This should be stored in your secrets
parameters_file "workspace.json" JSON file in the .cloud/.azure folder specifying your Azure Machine Learning Workspace details.

Azure Credentials

Install the Azure CLI on your computer or use the Cloud CLI and execute the following command to generate the required credentials:

# Replace {service-principal-name}, {subscription-id} and {resource-group} with your Azure subscription id and resource group name and any name for your service principle
az ad sp create-for-rbac --name {service-principal-name} \
                         --role contributor \
                         --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} \
                         --sdk-auth

This will generate the following JSON output:

{
  "clientId": "<GUID>",
  "clientSecret": "<GUID>",
  "subscriptionId": "<GUID>",
  "tenantId": "<GUID>",
  (...)
}

Add this JSON output as a secret with the name AZURE_CREDENTIALS in your GitHub repository.

Parameters File

The action tries to load a JSON file in the .cloud/.azure folder in your repository, which specifies details of your Azure Machine Learning Workspace. By default, the action expects a file with the name workspace.json. If your JSON file has a different name, you can specify it with this input parameter. Note that none of these values are required and in the absence, defaults will be created with the repo name.

A sample file can be found in this repository in the folder .cloud/.azure. The JSON file can include the following parameters:

Parameter Required Allowed Values Default Description
name x str <REPOSITORY_NAME> The workspace name. The name must be between 2 and 32 characters long. The first character of the name must be alphanumeric (letter or number), but the rest of the name may contain alphanumerics, hyphens, and underscores. Whitespace is not allowed.
resource_group x str <REPOSITORY_NAME> The Azure resource group that contains the workspace.
create_workspace (only for creating) bool false Indicates whether to create the workspace if it doesn't exist.
friendly_name str null A friendly name for the workspace that can be displayed in the UI.
create_resource_group bool false Indicates whether to create the resource group if it doesn't exist.
location str: supported region resource group location The location of the workspace. The parameter defaults to the resource group location.
sku str: "basic", "enterprise" "basic" The SKU name (also referred as edition).
storage_account str: Azure resource ID format null An existing storage account in the Azure resource ID format (see example JSON file in .cloud/.azure). The storage will be used by the workspace to save run outputs, code, logs etc. If None, a new storage account will be created.
key_vault str: Azure resource ID format null An existing key vault in the Azure resource ID format (see example JSON file in .cloud/.azure). The key vault will be used by the workspace to store credentials added to the workspace by the users. If None, a new key vault will be created.
app_insights str: Azure resource ID format null An existing Application Insights in the Azure resource ID format (see example JSON file in .cloud/.azure). The Application Insights will be used by the workspace to log webservices events. If None, a new Application Insights will be created.
container_registry str: Azure resource ID format null An existing container registry in the Azure resource ID format (see example JSON file in .cloud/.azure). The container registry will be used by the workspace to pull and push both experimentation and webservices images. If None, a new container registry will be created only when needed and not along with workspace creation.
cmk_key_vault str: Azure resource ID format null The key vault containing the customer managed key in the Azure resource ID format (see example JSON file in .cloud/.azure).
resource_cmk_uri str: key URI of the customer managed key null The key URI of the customer managed key to encrypt the data at rest (see example JSON file in .cloud/.azure).
hbi_workspace bool false Specifies whether the customer data is of High Business Impact(HBI), i.e., contains sensitive business information. The default value is False. When set to True, downstream services will selectively disable logging.

Please visit this website for more details.

Outputs

The action writes the workspace Azure Resource Manager (ARM) properties to a config file, which will be used by all other Azure Machine Learning GitHub Actions to interact with the workspace.

Output Path Description
GITHUB_WORKSPACE/aml_arm_config.json configurations to be passed to additional steps for using the workspace

Other Azure Machine Learning Actions

  • aml-workspace - Connects to or creates a new workspace
  • aml-compute - Connects to or creates a new compute target in Azure Machine Learning
  • aml-run - Submits a ScriptRun, an Estimator or a Pipeline to Azure Machine Learning
  • aml-registermodel - Registers a model to Azure Machine Learning
  • aml-deploy - Deploys a model and creates an endpoint for the model

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.