llmsecops-research/.github/workflows/archived/llmsecops-cicd.llm.yml

name: '[Deprecated] LLM Prompt Testing (LLM, no RAG)'
on:
  workflow_dispatch:
jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 60  # Add overall job timeout
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      
      - name: 'set up git LFS'
        run: git lfs install
        
      - name: 'set up Python'
        uses: actions/setup-python@v3
        with:
          python-version: '3.12'
          
      - name: 'set up Python dependencies'
        run: |
          pip install -r ${{ github.workspace }}/requirements.txt
          
      - name: Cache pip dependencies
        uses: actions/cache@v3
        with:
          path: ~/.cache/pip
          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
          restore-keys: |
            ${{ runner.os }}-pip-lightboker-llmsecopsresearch
            
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
          # Install diagnostic tools
          pip install psutil
          
      - name: 'set up Microsoft Phi-3 Mini 4k LLM from HuggingFace'
        run: |
          pip install huggingface-hub[cli]
          huggingface-cli download microsoft/Phi-3-mini-4k-instruct-onnx --include cpu_and_mobile/cpu-int4-rtn-block-32-acc-level-4/* --local-dir ${{ github.workspace }}/src/llm
          
      - name: 'set up garak'
        run: |
          pip install garak
      
      # Split into separate scripts for cleaner workflow
      - name: 'Prepare test environment'
        run: |
          mkdir -p logs
          chmod +x ${{ github.workspace }}/.github/scripts/*.sh
          
      - name: 'Start API server'
        run: ${{ github.workspace }}/.github/scripts/start_api.sh
        env:
          WORKSPACE: ${{ github.workspace }}
          
      - name: 'Run health check'
        run: ${{ github.workspace }}/.github/scripts/health_check.sh
        
      - name: 'Run test API request'
        run: ${{ github.workspace }}/.github/scripts/test_api.sh
        
      - name: 'Start system monitoring'
        run: ${{ github.workspace }}/.github/scripts/start_monitoring.sh &
        env:
          MONITOR_PID_FILE: ${{ github.workspace }}/monitor_pid.txt
          
      - name: 'Run garak vulnerability scan'
        continue-on-error: true  # Allow job to continue even if this step fails
        timeout-minutes: 45  # Add step timeout
        run: ${{ github.workspace }}/.github/scripts/run_garak.sh
        env:
          WORKSPACE: ${{ github.workspace }}
          GITHUB_ENV: $GITHUB_ENV
          
      # Add error analysis step
      - name: 'Analyze errors and create report'
        if: always()  # Run this step even if previous steps failed
        run: |
          echo "### Garak Execution Summary" > $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          
          if [ -f "logs/exit_code_analysis.log" ]; then
            echo "#### Exit Code Analysis" >> $GITHUB_STEP_SUMMARY
            echo '```' >> $GITHUB_STEP_SUMMARY
            cat logs/exit_code_analysis.log >> $GITHUB_STEP_SUMMARY
            echo '```' >> $GITHUB_STEP_SUMMARY
            echo "" >> $GITHUB_STEP_SUMMARY
          fi
          
          if [ -f "logs/error_analysis.log" ]; then
            echo "#### Error Patterns Found" >> $GITHUB_STEP_SUMMARY
            echo '```' >> $GITHUB_STEP_SUMMARY
            cat logs/error_analysis.log >> $GITHUB_STEP_SUMMARY
            echo '```' >> $GITHUB_STEP_SUMMARY
            echo "" >> $GITHUB_STEP_SUMMARY
          fi
          
          echo "#### System Resources" >> $GITHUB_STEP_SUMMARY
          echo '```' >> $GITHUB_STEP_SUMMARY
          if [ -f "logs/system_before_garak.log" ]; then
            echo "BEFORE GARAK:" >> $GITHUB_STEP_SUMMARY
            cat logs/system_before_garak.log >> $GITHUB_STEP_SUMMARY
            echo "" >> $GITHUB_STEP_SUMMARY
          fi
          
          if [ -f "logs/system_after_garak.log" ]; then
            echo "AFTER GARAK:" >> $GITHUB_STEP_SUMMARY
            cat logs/system_after_garak.log >> $GITHUB_STEP_SUMMARY
          fi
          echo '```' >> $GITHUB_STEP_SUMMARY
          
      - name: 'Stop monitoring and API processes'
        if: always()  # Run this step even if previous steps failed
        run: ${{ github.workspace }}/.github/scripts/cleanup.sh
        env:
          MONITOR_PID_FILE: ${{ github.workspace }}/monitor_pid.txt
          API_PID_FILE: ${{ github.workspace }}/api_pid.txt
          
      - name: Upload logs
        if: always()  # Upload logs even if previous steps failed
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
        with:
          name: 'execution_logs'
          path: logs/
          
      - name: Upload garak report
        if: always()  # Upload report even if previous steps failed
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
        with:
          name: 'garak_report'
          path: |
            /home/runner/.local/share/garak/garak_runs/
            logs/garak_reports/