Restore post-PR-#463 sample delta (manual cherry-pick from private)#765
Merged
Conversation
Cherry-picks the customer-facing changes from private commits 7215e58..0e67b24 that have not yet flowed to public via the normal sync pipeline. The scheduled sync has been paused while we fix an architectural bug in the protected-paths guard (PR foundry-samples-pr#463) that surfaced tonight. See foundry-samples-pr#484 for the full diagnosis. Without this manual restoration, the following customer-facing changes from the private repo would not appear on public until the guard is fixed and sync resumes: - PR foundry-samples-pr#470 — Voice Live testing: update to use latest SDK (samples/python/hosted-agents/.../voicelive) - PR foundry-samples-pr#465 — fix: add outbound PE rule for AI Services account (managed VNet) (infrastructure-setup-bicep tf-18) - PR foundry-samples-pr#474 — fix(tf-18): add AI Services account outbound PE rule for managed VNet (infrastructure-setup-terraform tf-18) - PR foundry-samples-pr#250 — Hosted Agents validation pipeline parts that intersect samples/ (the rest is .azure-pipelines/, which is excluded from sync). This PR is scoped to the SIX files in the private 7215e58..0e67b24 delta that fall in the sync include-set (i.e., outside the sync exclude_pathspecs in .github/sync-config.json). All other changes in that range are excluded from sync (.github/, docs/, public-overlay/, .azure-pipelines/) and are not relevant to public. Spot-checks against the historical block-list show none of these files are validation-blocked. Authorship of the original changes is preserved in the PR body. The commit author is the operator performing the manual cherry-pick. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
|
👋 Thanks for your contribution, @brandom-msft! This repository is read-only. If you are contributing on behalf of Microsoft, please submit your PR to the private staging repository instead: See CONTRIBUTING.md for full instructions. |
5 tasks
brandom-msft
added a commit
that referenced
this pull request
Jun 10, 2026
* Restore samples wiped by 2026-06-08 sync incident (#765 follow-up) This PR restores 283 customer-facing sample files that were wiped from public main by the orphan-wipe sync incident on 2026-06-08. PR #765 only restored the 6 files that landed on private between 7215e58 and 0e67b24; it did not address the broader pre-existing wipe. Affected sample directories (82 total) include: - ALL quickstarts: Python, TypeScript, C#, Java (samples/{lang}/quickstart/{agent-service,chat-with-agent,create-agent,responses}) - ALL csharp/foundry-local samples (audio, embeddings, web-server, model-mgmt, tutorials, etc.) - csharp/foundry-workstream-manager-autopilot-agent - python/foundry-local entire tree - python/foundry-models/model-router - python/hosted-agents/agent-framework/a2a/01-delegation/{caller,executor} - python/hosted-agents/agent-framework/responses/10-downstream-azure - python/hosted-agents/bring-your-own/invocations/event-grid-trigger Also updates 4 stale files to match current private HEAD: - infrastructure/infrastructure-setup-bicep/10-private-network-basic/main.bicep - samples/csharp/foundry-local/Directory.Packages.props - samples/python/hosted-agents/agent-framework/responses/04-foundry-toolbox/README.md - samples/python/hosted-agents/agent-framework/responses/04-foundry-toolbox/agent.manifest.yaml NOT modified: private-endpoint-and-dns.bicep (template 19) -- public has PR #762's DNS fix that's being backported to private via a separate PR. After merge, public main becomes tree-equivalent to private HEAD over the sync include-set, unblocking marks reseed and sync resume. Refs: ADO Task 5347122 (cron re-enable), Bug 5347121 (guard fix, fixed in microsoft-foundry/foundry-samples-pr#493). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Automatic fixes --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: foundry-samples automation <foundry-samples@noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Manual cherry-pick of the 6 customer-facing files from private commits
7215e588..0e67b24dthat have not flowed to public via the normal sync pipeline. Sync was paused tonight pending a fix for an architectural bug in the protected-paths guard from PR microsoft-foundry/foundry-samples-pr#463; see microsoft-foundry/foundry-samples-pr#484 for the full diagnosis.What's included
samples/python/hosted-agents/bring-your-own/voicelive/client/voicelive_client.py,samples/python/hosted-agents/bring-your-own/voicelive/hello-world-invocations-voicelive/README.mdinfrastructure/infrastructure-setup-bicep/18-managed-virtual-network/modules-network-secured/managed-network.bicepinfrastructure/infrastructure-setup-terraform/18-managed-virtual-network/{ai-foundry,aisearch,cosmos}.tf.azure-pipelines/, which is sync-excluded — no rows here)Diff stat: 6 files changed, 70 insertions(+), 15 deletions(-).
What's excluded (and why)
The private delta also includes changes to
.github/,docs/,public-overlay/, and.azure-pipelines/. These paths are sync-excluded by.github/sync-config.jsonon the private repo and do not belong on public:.github/andpublic-overlay/.seed_blocked_pathsworkflow_dispatch input) — entirely under.github/anddocs/.Why a manual PR
Investigation tonight revealed that
git fast-export, when given both--import-marksand pathspec filters, forces--full-treemode. The sync branch tip's tree is therefore built fromMrecords covering only the include-set; files under.github/are absent from the sync-branch-tip tree even when they're on public main. The protected-paths guard from PR microsoft-foundry/foundry-samples-pr#463 reads sync-branch-tip blobs for protected workflows and hard-fails when they're absent — so once workflow files exist on public main, every sync trips the guard.Three runs failed tonight with this signature:
This PR bypasses the sync pipeline entirely so customer-facing changes don't wait on the guard fix.
Verification
git diff 7215e588..0e67b24dover the 6 include-set paths to clean public main (550a914) — patch applied with no conflicts.git diff --statmatches private's reported delta.Follow-ups
git merge-tree --write-treesimulation against current public main; check protected paths on the result tree instead of the sync-branch-tip tree. Add integration tests covering the real fast-export/fast-import + pathspec + marks combination.Authorship note
The author of each upstream PR is preserved in the table above. The commit author on this PR is the operator performing the manual cherry-pick (no upstream attribution rewrite possible since this is a single squashed delta).
Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com