Restore azuredeploy.json for key-vault-certificate-create via upstream-branch canary#14764
Merged
alex-frankel merged 2 commits intoMay 13, 2026
Conversation
Collaborator
|
@msmbaldwin - check this PR for updates that may be needed to documentation that references this sample. [This is an automated message. You are receiving it because you are listed as the docOwner in metadata.json.] |
Collaborator
|
@msmbaldwin - check this PR for updates that may be needed to documentation that references this sample. [This is an automated message. You are receiving it because you are listed as the docOwner in metadata.json.] |
Contributor
Author
|
/validate |
🤖 Quickstart Sample SummarySample Summary
Resources Deployed
Security Findings
No other security-sensitive patterns, such as hardcoded secrets, were detected in the template. Key Parameters
Notes for Reviewers
Files Touched
Generated by the quickstart summarizer agent (v2 — agentic + MSDO security) · triggered by /validate |
alex-frankel
added a commit
that referenced
this pull request
May 13, 2026
The auto-gen pipeline failed to commit this file on merge of #14764 because of a head-SHA lookup mismatch in commit-generated-on-merge (filed separately). Restoring from the verified-correct artifact produced by run 25822348426 (templateHash 11850030662128066774 matches msmbaldwin's deployment).
This was referenced May 13, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
This PR has two purposes:
azuredeploy.jsonforkey-vault-certificate-create. It was inadvertently deleted in PR Enable purge protection on key-vault-certificate-create vault #14762 — a verification experiment I'd asked @msmbaldwin to run for the new auto-gen pipeline. The merge of Enable purge protection on key-vault-certificate-create vault #14762 didn't triggercommit-generated-on-mergebecause his branch was on a fork (msmbaldwin/azure-quickstart-templates), and that job is gated onhead.repo.full_name == github.repository. My oversight, not his.commit-generated-on-mergepath now that @ouldsid's commit-generated-on-merge writes azuredeploy.json to repo root, not the sample folder (path-stripping in upload-artifact@v4) #14754 fix (ca5c529) has landed. This PR is from a branch inAzure/azure-quickstart-templatesitself, so the on-merge auto-commit job will fire.What's in this PR
main.bicep: trailing newline only (no semantic change). Byte-identical compiled JSON verified locally against bicep v0.42.1 — both producetemplateHash 11850030662128066774, matching the ADX-logged hash from @msmbaldwin's deployment (correlationId 05435e1e-63f6-4269-98b1-42955d84a56a,kvcrt-deploy-29b9ab41, eastus2, succeeded). The trailing newline exists to makeselected-pipeline's preflight classify the PR as deploy-affecting.metadata.jsonwas already updated on master with thetestResultstamp — no change needed in this PR.Expected behavior
validate-samples.ymlpasses structural checks./validate.selected-pipelinecompilesmain.bicep→azuredeploy.json(file is absent from PR diff because it's absent from master), computestemplateHash 11850030662128066774, queries ADX, asserts match.azuredeploy.jsonunder the correct repo-relative path in the artifact zip — verified against PR Enable purge protection on key-vault-certificate-create vault #14762's run 25820961383 artifact, which had the right structure.commit-generated-on-mergedownloads the artifact and pushesazuredeploy.jsontoquickstarts/microsoft.keyvault/key-vault-certificate-create/— completing the end-to-end verification of commit-generated-on-merge writes azuredeploy.json to repo root, not the sample folder (path-stripping in upload-artifact@v4) #14754 that PR Enable purge protection on key-vault-certificate-create vault #14762 couldn't (fork branch).Related
cc @ouldsid @msmbaldwin