feat: Implement ACR deployment and update infrastructure scripts#888
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR refactors the deployment flow so Azure Container Registry (ACR) is provisioned by the Bicep deployment (rather than requiring a pre-existing registry), and shifts image build/push + sample data loading into explicit post-provision scripts.
Changes:
- Added a new
infra/modules/container-registry.bicepmodule and integrated it intoinfra/main.bicep, removing theacrName/imageTagparameters and wiring ACR outputs through the deployment. - Updated the initial App Service / ACI images to a public placeholder image and configured managed-identity-based ACR auth so the services can later be switched to private images.
- Updated
azure.yamlpostprovision messaging and added new post-provision helper scripts to (1) build/push images to ACR and (2) load sample data.
Reviewed changes
Copilot reviewed 10 out of 11 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| infra/scripts/process_sample_data.sh | New POSIX helper to install post-deploy deps and run scripts/post_deploy.py. |
| infra/scripts/process_sample_data.ps1 | New PowerShell equivalent of the sample-data loader helper. |
| infra/scripts/build_and_deploy_images.sh | New POSIX helper to ACR-build images and update App Service / recreate ACI. |
| infra/scripts/build_and_deploy_images.ps1 | New PowerShell equivalent of the image build/deploy helper. |
| infra/modules/container-registry.bicep | New module to provision ACR + RBAC and optional private networking. |
| infra/modules/container-instance.bicep | Adds optional acrLoginServer to preconfigure ACI managed-identity ACR auth. |
| infra/main.waf.parameters.json | Removes acrName/imageTag parameters from WAF parameter file. |
| infra/main.parameters.json | Removes acrName/imageTag parameters from default parameter file. |
| infra/main.json | Regenerated ARM template reflecting the new ACR module and placeholder images. |
| infra/main.bicep | Integrates new ACR module, removes old ACR/imageTag params, updates app resources and outputs. |
| azure.yaml | Updates postprovision output to instruct running the new scripts in order. |
Comments suppressed due to low confidence (1)
infra/main.bicep:143
- This PR removes the
acrName/imageTagparameters frominfra/main.bicep, but other repo entrypoints still pass/use these values and will break after this change (e.g.azure_custom.yamlpre/postprovision logic andaz deployment group create --parameters imageTag=latest, plusscripts/deploy.sh/.ps1anddocs/CustomizingAzdParameters.mdreferencing an existing ACR + image tag). These should be updated (or clearly deprecated) to align with the new ACR-provisioning flow described in the PR.
@description('Optional. Enable private networking for applicable resources (WAF-aligned).')
param enablePrivateNetworking bool = false
@description('Optional. Enable/Disable usage telemetry for module.')
param enableTelemetry bool = true
@description('Optional. Created by user name.')
param createdBy string = contains(deployer(), 'userPrincipalName')? split(deployer().userPrincipalName, '@')[0]: deployer().objectId
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Avijit-Microsoft
approved these changes
Jul 3, 2026
Roopan-Microsoft
approved these changes
Jul 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose
This pull request introduces a major refactor to the Azure infrastructure deployment process, specifically around provisioning and managing the Azure Container Registry (ACR). The main changes include moving ACR provisioning into the Bicep deployment (instead of requiring a pre-existing registry), updating deployment scripts and outputs accordingly, and improving the post-provision instructions. Application images are now built and pushed to the newly provisioned ACR after the initial deployment, with placeholder images used until that step is completed.
Key changes include:
Container Registry Provisioning and Management
modules/container-registry.bicepmodule to provision the Azure Container Registry as part of the deployment, including role assignments for pull and push access, private networking, and outputting relevant ACR details.main.bicep, removing the need for theacrNameandimageTagparameters, and updating all references to use outputs from the provisioned registry. [1] [2] [3] [4]privatelink.azurecr.iofor private ACR endpoints.Deployment Workflow and Scripts
azure.yamlto direct users to build and push application images after deployment, and then load sample data, instead of running these steps automatically.Resource Configuration Updates
Parameter and Template Cleanup
acrName,imageTag) from parameter files and main Bicep template. [1] [2] [3]These changes streamline the deployment process, improve security and automation, and make it easier to manage and update application images in a consistent way.
Does this introduce a breaking change?
Golden Path Validation
Deployment Validation