chore(infra) migrate to Deployment Stacks; fix web test FQDN; add enforcement#216
Merged
Conversation
…orcement Deployment Stacks (CLAUDE.md invariant #16 + PR self-audit item #11): - infra/scripts/Deploy-SharedResources.ps1: replace `az deployment sub create` and `az deployment sub what-if` with `az stack sub create` (stable stack name `pinwiz-shared-{env}`, not timestamped; --action-on-unmanage deleteResources so resources removed from Bicep are deleted on next deploy; --deny-settings-mode none; outputs read from `az stack sub show`). Requires az >= 2.61. - CLAUDE.md: locked invariant #16 — Deployment Stacks only; PR self-audit item #11 — grep `infra/scripts/` for `az deployment` as a 🔴 check. Web test FQDN fix (previously caused BadRequest: Value cannot be null): - infra/modules/shared.bicep: wizardFqdn var now constructs the ACA FQDN as `${wizardContainerAppName}.${acaEnvironment!.properties.defaultDomain}` rather than reading `wizardApp!.properties.configuration.ingress.fqdn`. Reading a runtime property from a conditionally-deployed resource at ARM evaluation time was unreliable when both resources deploy in the same pass. The constructed form is identical (ACA always uses {appName}.{env.defaultDomain}) and resolves cleanly from the stable environment resource.
Minimum allowed line rate is |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Deployment Stacks migration — plain
az deployment sub createsilently orphans any resource removed from Bicep; Deployment Stacks (az stack sub create) delete orphans automatically on the next deploy.Deploy-SharedResources.ps1: replacedaz deployment sub create/az deployment sub what-ifwithaz stack sub create. Stack name is stable (pinwiz-shared-dev, not timestamped) — Azure updates the existing stack on each run. Settings:--action-on-unmanage deleteResources(orphan deletion),--deny-settings-mode none(portal edits permitted). Outputs read fromaz stack sub show. Requires az >= 2.61; script validates this and fails fast with an upgrade message.CLAUDE.md: locked invariant chore(deps): Bump Microsoft.Playwright from 1.12.0 to 1.59.0 #16 — Deployment Stacks only; PR self-audit item chore(deps): Bump Microsoft.Extensions.Configuration.Binder and Microsoft.Extensions.Hosting #11 — grepinfra/scripts/for bareaz deploymentcommands (any hit is 🔴).Web test FQDN fix — previous deploy (#215) failed with
BadRequest: Value cannot be null. Parameter name: formatbecausewizardApp!.properties.configuration.ingress.fqdnis a runtime property that ARM couldn't resolve when both the web test and the container app were being evaluated in the same deployment pass.infra/modules/shared.bicep:wizardFqdnvar now constructs the FQDN as${wizardContainerAppName}.${acaEnvironment!.properties.defaultDomain}. The ACA environment'sdefaultDomainis set at creation time and is stable; the formula{appName}.{env.defaultDomain}is identical to what ACA assigns forconfiguration.ingress.fqdn.Pre-push audit
Jim Keeley <94459922+jkeeley2073@users.noreply.github.com>✅az bicep build— clean ✅dotnet build— zero warnings ✅grep "az deployment sub create\|az deployment group create" infra/scripts/— only doc comment hits, no live commands ✅🤖 Generated with Claude Code