[cherry-pick] Add Hybrid (Container Apps) deployment script generation for ADO (#9158)#9225
Merged
Merged
Conversation
* Add Hybrid (Container Apps) deployment script generation for ADO pipelines - Add DeploymentTargetStep: prompts Standard vs Hybrid target selection - Add ConnectedEnvironmentStep: lists connected environments from subscription - Fix subscription ordering bug: SubscriptionAndResourceGroupStep now runs before ConnectedEnvironmentStep via DeploymentTargetStep.getSubWizard() - Generate Hybrid ARM template (containerApp + logicApp + SMB storage) - Generate CI/CD pipeline YAML with variable files for Hybrid deployments - Transform managed connection templates: replace Microsoft.Web/Sites identity refs with AAD parameters for Container Apps compatibility - Add workflowparameters/ folder for Build task compatibility - Use -fs suffix for storage share names (32-char limit) - Add DeploymentTargetType enum and validation constants * Address PR review: security, location filter, case-insensitive matching, comment cleanup - Remove secret placeholders (sqlConnectionString, fileSharePassword, aadClientSecret) from generated ARM parameters file - secrets must be supplied via ADO pipeline secret variables only - Filter connected environments by selected resource group location to avoid cross-region mismatches - Use case-insensitive matching for Microsoft.Web/Sites in access policy identity fixup (handles both Sites and sites casing from API responses) - Clean up NOTE(anandgmenon) comment prefixes across all files * Fix nested ARM template scope and ADO YAML variable syntax - Add expressionEvaluationOptions.scope: outer to nested storage deployment so inner resources can reference outer template parameters/variables - Replace escaped \ with proper in generated ADO pipeline YAML so Azure DevOps variable substitution works correctly * test(vscode): add unit tests for Hybrid deployment script wizard steps and helpers --------- Co-authored-by: Anand G Menon <anandgmenon@microsoft.com>
anandgmenon
changed the title
anandgmenon
requested review from
andrew-eldridge and
lambrianmsft
and removed request for
andrew-eldridge
anandgmenon
changed the title
Contributor
🤖 AI PR Validation ReportPR Review ResultsThank you for your submission! Here's detailed feedback on your PR title and body compliance:✅ PR Title
✅ Commit Type
✅ Risk Level
✅ What & Why
✅ Impact of Change
✅ Test Plan
|
| Section | Status | Recommendation |
|---|---|---|
| Title | ✅ | No change needed |
| Commit Type | ✅ | feature is correctly selected |
| Risk Level | ✅ | Medium matches the PR scope |
| What & Why | ✅ | Clear and sufficient |
| Impact of Change | ✅ | Optional minor trimming only |
| Test Plan | ✅ | Unit/E2E testing is backed by the diff |
| Contributors | Add contributors if applicable | |
| Screenshots/Videos | Replace TODO with screenshots or remove if not needed |
This PR passes. The advised risk level is not higher than the submitter's estimate; medium is appropriate for the change size and user impact.
Note: Since this is a cherry-pick PR and the body is already strong, only the optional metadata fields need attention.
Last updated: Fri, 29 May 2026 04:51:36 GMT
github-actions
Bot
added
needs-pr-update
pr-validated
and removed
needs-pr-update
labels
lambrianmsft
approved these changes
May 29, 2026
Contributor
📊 Coverage CheckThe following changed files need attention:
Please add tests for the uncovered files before merging. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Commit Type
Risk Level
What & Why
Adds support for generating Azure DevOps CI/CD artifacts for Hybrid Logic Apps (Container Apps) in addition to Standard (App Service). The VS Code "Generate Deployment Scripts" wizard now prompts users to choose a deployment target (Standard vs Hybrid), and generates the correct ARM templates, pipeline YAML, and connection transforms for each.
Why: Customers deploying Logic Apps to Container Apps (Hybrid) need different infrastructure (Microsoft.App/containerApps instead of Microsoft.Web/sites) and different connection authentication (AAD OAuth instead of managed identity). This enables generating correct deployment artifacts directly from the VS Code wizard.
Impact of Change
DeploymentTargetTypetolibs/vscode-extension. New wizard step classes (DeploymentTargetStep,ConnectedEnvironmentStep) and helper utilities (transformConnectionTemplatesForHybrid,fixAccessPolicyIdentityForHybrid). Consumers of the libs package may need to accommodate the new enum/type.deploymentTarget,lastStepvalues for Hybrid steps). Generated pipeline templates reference new ADO tasks (AzureLogicAppsHybridBuild@0,AzureLogicAppsHybridRelease@0,AzureLogicAppsHybridConnectionsDeployment@0). Secrets (SQL connection string, SMB password, AAD client secret) must be supplied via ADO pipeline secret variables only -- they are excluded from generated parameter files.Test Plan
Contributors
Screenshots/Videos
TODO