Repository files navigation

This repository includes a Python app that uses Azure OpenAI to generate responses to user messages.

The project includes all the infrastructure and configuration needed to provision Azure OpenAI resources and deploy the app toAzure Container Apps using theAzure Developer CLI. By default, the app will use managed identity to authenticate with Azure OpenAI.

We recommend first going through thedeploying steps before running this app locally,since the local app needs credentials for Azure OpenAI to work properly.

• Features
• Architecture diagram
• Getting started
  • GitHub Codespaces
  • VS Code Dev Containers
  • Local Environment
• Deploying
• Development server
• Guidance
  • Costs
  • Security Guidelines
• Resources

• A PythonQuart that uses theopenai package to generate responses to user messages.
• A basic HTML/JS frontend that streams responses from the backend usingJSON Lines over aReadableStream.
• Bicep files for provisioning Azure resources, including Azure OpenAI, Azure Container Apps, Azure Container Registry, Azure Log Analytics, and RBAC roles.

You have a few options for getting started with this template.The quickest way to get started is GitHub Codespaces, since it will setup all the tools for you, but you can alsoset it up locally.

You can run this template virtually by using GitHub Codespaces. The button will open a web-based VS Code instance in your browser:

1. Open the template (this may take several minutes):

   

2. Open a terminal window

3. Continue with thedeploying steps

A related option is VS Code Dev Containers, which will open the project in your local VS Code using theDev Containers extension:

1. Start Docker Desktop (install it if not already installed)

2. Open the project:

   

3. In the VS Code window that opens, once the project files show up (this may take several minutes), open a terminal window.

4. Continue with thedeploying steps

If you're not using one of the above options for opening the project, then you'll need to:

1. Make sure the following tools are installed:

   • Azure Developer CLI (azd)
   • Python 3.10+
   • Docker Desktop
   • Git

2. Download the project code:

   azd init -t openai-chat-app-quickstart

3. Open the project folder

4. Create aPython virtual environment and activate it.

5. Install required Python packages:

   pip install -r requirements-dev.txt

6. Install the app as an editable package:

   python3 -m pip install -e src

7. Continue with thedeploying steps.

Once you've opened the project inCodespaces, inDev Containers, orlocally, you can deploy it to Azure.

1. Sign up for afree Azure account and create an Azure Subscription.

2. Request access to Azure OpenAI Service by completing the form athttps://aka.ms/oai/access and awaiting approval.

3. Check that you have the necessary permissions:

   • Your Azure account must haveMicrosoft.Authorization/roleAssignments/write permissions, such asRole Based Access Control Administrator,User Access Administrator, orOwner. If you don't have subscription-level permissions, you must be grantedRBAC for an existing resource group anddeploy to that existing group.
   • Your Azure account also needsMicrosoft.Resources/deployments/write permissions on the subscription level.

1. Login to Azure:

   azd auth login

2. Provision and deploy all the resources:

   azd up

   It will prompt you to provide anazd environment name (like "chat-app"), select a subscription from your Azure account, and select alocation where OpenAI is available (like "francecentral"). Then it will provision the resources in your account and deploy the latest code. If you get an error or timeout with deployment, changing the location can help, as there may be availability constraints for the OpenAI resource.

3. Whenazd has finished deploying, you'll see an endpoint URI in the command output. Visit that URI, and you should see the chat app! 🎉

4. When you've made any changes to the app code, you can just run:

   azd deploy

This project includes a Github workflow for deploying the resources to Azureon every push to main. That workflow requires several Azure-related authentication secretsto be stored as Github action secrets. To set that up, run:

azd pipeline config

Assuming you've run the steps toopen the project and the steps inDeploying, you can now run the Quart app in your development environment:

1. Copy.env.sample.azure into.env:

   cp .env.sample .env

2. Run this command to get the value ofAZURE_OPENAI_ENDPOINT from your deployed resource group and paste it in the.env file:

   azd env get-value AZURE_OPENAI_ENDPOINT

3. Run this command to get the value ofAZURE_TENANT_ID from your deployed resource group and paste it in the.env file:

   azd env get-value AZURE_TENANT_ID

4. Run the development server:

   python -m quart --app src.quartapp run --port 50505 --reload

This will start the app on port 50505, and you can access it athttp://localhost:50505.

Pricing varies per region and usage, so it isn't possible to predict exact costs for your usage.The majority of the Azure resources used in this infrastructure are on usage-based pricing tiers.However, Azure Container Registry has a fixed cost per registry per day.

You can try theAzure pricing calculator for the resources:

• Azure OpenAI Service: S0 tier, ChatGPT model. Pricing is based on token count.Pricing
• Azure Container App: Consumption tier with 0.5 CPU, 1GiB memory/storage. Pricing is based on resource allocation, and each month allows for a certain amount of free usage.Pricing
• Azure Container Registry: Basic tier.Pricing
• Log analytics: Pay-as-you-go tier. Costs based on data ingested.Pricing

⚠️ To avoid unnecessary costs, remember to take down your app if it's no longer in use,either by deleting the resource group in the Portal or runningazd down.

This template usesManaged Identity for authenticating to the Azure OpenAI service.

Additionally, we have added aGitHub Action that scans the infrastructure-as-code files and generates a report containing any detected issues. To ensure continued best practices in your own repository, we recommend that anyone creating solutions based on our templates ensure that theGithub secret scanning setting is enabled.

You may want to consider additional security measures, such as:

• Protecting the Azure Container Apps instance with afirewall and/orVirtual Network.

• Get started with the Azure OpenAI security building block: The Microsoft Learn Quickstart article for this sample, walks through both deployment and the relevant code for authenticating with Managed Identity.
• OpenAI Chat Application with Microsoft Entra Authentication - MSAL SDK: Similar to this project, but adds user authentication with Microsoft Entra using the Microsoft Graph SDK and MSAL SDK.
• OpenAI Chat Application with Microsoft Entra Authentication - Built-in Auth: Similar to this project, but adds user authentication with Microsoft Entra using the Microsoft Graph SDK and built-in authentication feature of Azure Container Apps.
• RAG chat with Azure AI Search + Python: A more advanced chat app that uses Azure AI Search to ground responses in domain knowledge. Includes user authentication with Microsoft Entra as well as data access controls.
• Develop Python apps that use Azure AI services