Codespace fictional space fishstick xrr94j4x46xw3vj4w#553
Open
developerparvezmosharaf wants to merge 62 commits into
Open
Conversation
Copy the sync-sample-catalog pipeline from microsoft-foundry-for-vscode so the foundry-toolkit repo can publish samples/hosted-agent/sample-catalog.json from upstream microsoft-foundry/foundry-samples. - .github/workflows/sync-sample-catalog.yml: workflow_dispatch-triggered job that runs the generator and opens a draft PR with the regenerated catalog. - .github/scripts/generate_sample_catalog.mjs: walks the upstream tree, derives displayName/protocol/requiresModel from each agent.yaml + manifest, applies sample-overrides.json, and LLM-generates descriptions. - samples/hosted-agent/sample-overrides.json: PM-managed per-path framework/requiresModel overrides. The workflow has only a workflow_dispatch trigger and requires repo secrets (SYNC_APP_ID, SYNC_APP_PRIVATE_KEY, AZURE_OPENAI_ENDPOINT, AZURE_OPENAI_API_KEY, AZURE_OPENAI_DEPLOYMENT) to run; secrets are intentionally not configured yet, so the workflow stays dormant until they are added.
Org-level GitHub App creation requires admin permission this repo's maintainer does not have. Since foundry-toolkit has no PR checks today, the anti-recursion limitation of GITHUB_TOKEN (auto-PRs don't trigger downstream workflows) is acceptable. Drop the create-github-app-token step and the SYNC_APP_ID / SYNC_APP_PRIVATE_KEY secret requirements; comment in the workflow records the trade-off so a future switch back to a GitHub App is obvious.
workflow_dispatch requires the workflow file to exist on the default branch before dispatch is allowed (404 otherwise). Temporarily add a push trigger scoped to this feature branch and a hardcoded DEFAULT_COMMIT_SHA fallback so committing alone runs the pipeline end-to-end. To be reverted before merge.
Org policy blocks GITHUB_TOKEN from creating PRs (see https://github.com/microsoft/foundry-toolkit/actions/runs/26492230324). Switch back to the App-token approach: a personal GitHub App was created and installed on this repo, with App ID + private key stored in SYNC_APP_ID / SYNC_APP_PRIVATE_KEY secrets. This reverts the GITHUB_TOKEN simplification commit; the temporary push trigger + DEFAULT_COMMIT_SHA are still in place for one more smoke test before final cleanup.
…g-yimin/sync-catalog-bootstrap-20260527
This reverts commit 6225353.
All write operations (branch push, PR create) go through the GitHub App token, so the default GITHUB_TOKEN only needs read access for actions/checkout. Addresses PR microsoft#398 review feedback.
Upstream microsoft-foundry/foundry-samples recently added samples/python/hosted-agents/bring-your-own/invocations_ws/{hello-world,livekit-server}. The catalog generator's loose path scan picked them up, but they shouldn't appear in the picker yet (LiveKit voice prototype, not the standard invocations protocol).
Introduce a small BLOCKED_PATH_SEGMENTS deny-list and drop any template whose path contains a blocked segment. Minimal-surface change vs. a whitelist rewrite: existing csharp flat layouts and the voicelive sample stay surfaced; only invocations_ws is filtered out.
Next `Sync Sample Catalog` run will produce a follow-up PR that removes the two invocations_ws entries from sample-catalog.json.
Upstream microsoft-foundry/foundry-samples added samples/python/hosted-agents/langgraph/{invocations,responses}/* (7 templates today). The catalog generator hard-codes the framework whitelist, so the langgraph subtree was being silently skipped.
- Append 'langgraph' to FRAMEWORKS so the scan picks up the new prefix.
- Append 'langgraph': 'LangGraph' (CamelCase per upstream branding) to DIMENSION_DEFAULTS.framework.options as the last option, keeping the existing copilot-sdk / agent-framework / bring-your-own order intact.
Next `Sync Sample Catalog` run will produce a follow-up PR that adds the langgraph templates and the new framework option to sample-catalog.json.
Make the workflow_dispatch `commit_sha` input optional. When the user leaves it blank, a new `Resolve commit SHA` step queries the GitHub API for the current tip of `microsoft-foundry/foundry-samples@main` and pins the catalog generation to that SHA. - `commit_sha`: required=false, default empty. - New step uses `gh api` (default GITHUB_TOKEN, contents:read is enough for a public repo) and validates the result looks like a SHA before using it. - The pinned SHA + its source (user input vs. resolved-from-main) is echoed to the step summary so reviewers can see what the run targeted. - `Generate sample catalog` now reads from `steps.resolve-sha.outputs.sha` instead of `inputs.commit_sha` directly.
Add CODEOWNERS so every PR targeting template/stable is gated on at least one approval from Yimin-Jin or huimiu (combined with the branch's require_code_owner_reviews protection rule, enabled separately).
Make the workflow_dispatch `commit_sha` input optional. When the user leaves it blank, a new `Resolve commit SHA` step queries the GitHub API for the current tip of `microsoft-foundry/foundry-samples@main` and pins the catalog generation to that SHA. - `commit_sha`: required=false, default empty. - New step uses `gh api` (default GITHUB_TOKEN, contents:read is enough for a public repo) and validates the result looks like a SHA before using it. - The pinned SHA + its source (user input vs. resolved-from-main) is echoed to the step summary so reviewers can see what the run targeted. - `Generate sample catalog` now reads from `steps.resolve-sha.outputs.sha` instead of `inputs.commit_sha` directly.
Switch sample discovery from a fail-open blacklist (BLOCKED_PATH_SEGMENTS) to a fail-closed category allow-list (ALLOWED_CATEGORY_SEGMENTS = responses, invocations, voicelive). Flat templates directly under a framework (csharp agent-framework layout) are always kept; nested templates must live under an allow-listed category, so new upstream groupings like a2a and invocations_ws stay out of the picker until explicitly opted in. Validated against foundry-samples@main: 76 templates kept; a2a and invocations_ws excluded; 4 voicelive and 17 flat csharp agent-framework templates retained.
Replace the hard-coded LANGUAGES/FRAMEWORKS allowlists and the responses/invocations protocol allowlist with dynamic discovery from the samples git tree, filtered through empty-by-default BLOCKED_LANGUAGES/BLOCKED_FRAMEWORKS/BLOCKED_PROTOCOLS blacklists. New upstream languages, frameworks, and protocols are now picked up automatically; the blacklists remain an explicit opt-out. Security validation (isSafePathSegment, commit-SHA regex, hidden-dir blocking) is unchanged.
Replace ALLOWED_CATEGORY_SEGMENTS (fail-closed allow-list) with an empty BLOCKED_CATEGORY_SEGMENTS (fail-open blacklist) so category filtering matches the language/framework/protocol blacklist model. Every discovered category now surfaces by default; add a segment to the blacklist to drop it.
…replace allowlists with empty blacklists
…icts) Resolve conflicts by keeping dev's all-blacklist generate_sample_catalog.mjs (a strict superset of stable's category allow-list) and taking stable's newer sample-catalog.json (regenerated by CI). CODEOWNERS and the identical workflow from stable are preserved.
…replace allowlists with empty blacklists
…bSocket)' displayName
…tions-ws-displayname feat(sample-catalog): map invocations_ws protocol to 'Invocations (WebSocket)'
… restructure Upstream foundry-samples moved hosted-agent templates from an agent.yaml + agent.manifest.yaml layout to an azd azure.yaml service manifest (old getting-started samples relocated to samples-classic/). The generator still looked for agent.yaml, so scanTemplates found 0 templates and the sync PR wiped the entire catalog. - Discover templates by azure.yaml instead of agent.yaml - Parse protocol from the service protocols[] list (unchanged - protocol: field) - Detect requiresModel via AZURE_AI_MODEL_DEPLOYMENT_NAME env var OR an ai-project deployments: block (the azure.yaml successor to the manifest kind: model resource) - Remove now-dead agent.manifest.yaml fetch/parse Verified locally against foundry-samples@9c4e42a: 91 templates found, catalog identical to the previous sync (paths/protocols/requiresModel stable).
… restructure Port the generator fix to template/stable (parity with template/dev). Upstream foundry-samples moved hosted-agent templates from an agent.yaml + agent.manifest.yaml layout to an azd azure.yaml service manifest (old getting-started samples relocated to samples-classic/). The stable generator still looked for agent.yaml, so the next sync would find 0 templates and wipe the catalog. - Discover templates by azure.yaml instead of agent.yaml - Parse protocol from the service protocols[] list (unchanged - protocol: field) - Detect requiresModel via AZURE_AI_MODEL_DEPLOYMENT_NAME env var OR an ai-project deployments: block - Remove now-dead agent.manifest.yaml fetch/parse - Also brings the invocations_ws -> 'Invocations (WebSocket)' displayName mapping so the generator matches template/dev exactly Verified against foundry-samples@9c4e42a: 91 templates found; catalog stable (paths/protocols/requiresModel unchanged).
… restructure (stable)
|
@developerparvezmosharaf please read the following Contributor License Agreement(CLA). If you agree with the CLA, please reply with the following information.
Contributor License AgreementContribution License AgreementThis Contribution License Agreement (“Agreement”) is agreed to by the party signing below (“You”),
|
developerparvezmosharaf
left a comment
Author
There was a problem hiding this comment.
Review Complete
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.