[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-a358663c-fd41-41ee-bd9a-384da76fbf4f":3,"$f1n_KGnkqzPdLCu36DIajoHZ0f42V0QHPwtFHXvCC1ws":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"a358663c-fd41-41ee-bd9a-384da76fbf4f","azd-deployment","部署容器化的前端和后端应用程序到Azure容器应用,使用远程构建、托管标识和幂等基础设施。","cat_coding_devops","mod_coding","sickn33,coding","---\nname: azd-deployment\ndescription: \"Deploy containerized frontend + backend applications to Azure Container Apps with remote builds, managed identity, and idempotent infrastructure.\"\nrisk: critical\nsource: community\ndate_added: \"2026-02-27\"\n---\n\n# Azure Developer CLI (azd) Container Apps Deployment\n\nDeploy containerized frontend + backend applications to Azure Container Apps with remote builds, managed identity, and idempotent infrastructure.\n\n## Quick Start\n\n```bash\n# Initialize and deploy\nazd auth login\nazd init # Creates azure.yaml and .azure\u002F folder\nazd env new \u003Cenv-name> # Create environment (dev, staging, prod)\nazd up # Provision infra + build + deploy\n```\n\n## Core File Structure\n\n```\nproject\u002F\n├── azure.yaml # azd service definitions + hooks\n├── infra\u002F\n│ ├── main.bicep # Root infrastructure module\n│ ├── main.parameters.json # Parameter injection from env vars\n│ └── modules\u002F\n│ ├── container-apps-environment.bicep\n│ └── container-app.bicep\n├── .azure\u002F\n│ ├── config.json # Default environment pointer\n│ └── \u003Cenv-name>\u002F\n│ ├── .env # Environment-specific values (azd-managed)\n│ └── config.json # Environment metadata\n└── src\u002F\n ├── frontend\u002FDockerfile\n └── backend\u002FDockerfile\n```\n\n## azure.yaml Configuration\n\n### Minimal Configuration\n\n```yaml\nname: azd-deployment\nservices:\n backend:\n project: .\u002Fsrc\u002Fbackend\n language: python\n host: containerapp\n docker:\n path: .\u002FDockerfile\n remoteBuild: true\n```\n\n### Full Configuration with Hooks\n\n```yaml\nname: azd-deployment\nmetadata:\n template: my-project@1.0.0\n\ninfra:\n provider: bicep\n path: .\u002Finfra\n\nazure:\n location: eastus2\n\nservices:\n frontend:\n project: .\u002Fsrc\u002Ffrontend\n language: ts\n host: containerapp\n docker:\n path: .\u002FDockerfile\n context: .\n remoteBuild: true\n\n backend:\n project: .\u002Fsrc\u002Fbackend\n language: python\n host: containerapp\n docker:\n path: .\u002FDockerfile\n context: .\n remoteBuild: true\n\nhooks:\n preprovision:\n shell: sh\n run: |\n echo \"Before provisioning...\"\n \n postprovision:\n shell: sh\n run: |\n echo \"After provisioning - set up RBAC, etc.\"\n \n postdeploy:\n shell: sh\n run: |\n echo \"Frontend: ${SERVICE_FRONTEND_URI}\"\n echo \"Backend: ${SERVICE_BACKEND_URI}\"\n```\n\n### Key azure.yaml Options\n\n| Option | Description |\n|--------|-------------|\n| `remoteBuild: true` | Build images in Azure Container Registry (recommended) |\n| `context: .` | Docker build context relative to project path |\n| `host: containerapp` | Deploy to Azure Container Apps |\n| `infra.provider: bicep` | Use Bicep for infrastructure |\n\n## Environment Variables Flow\n\n### Three-Level Configuration\n\n1. **Local `.env`** - For local development only\n2. **`.azure\u002F\u003Cenv>\u002F.env`** - azd-managed, auto-populated from Bicep outputs\n3. **`main.parameters.json`** - Maps env vars to Bicep parameters\n\n### Parameter Injection Pattern\n\n```json\n\u002F\u002F infra\u002Fmain.parameters.json\n{\n \"parameters\": {\n \"environmentName\": { \"value\": \"${AZURE_ENV_NAME}\" },\n \"location\": { \"value\": \"${AZURE_LOCATION=eastus2}\" },\n \"azureOpenAiEndpoint\": { \"value\": \"${AZURE_OPENAI_ENDPOINT}\" }\n }\n}\n```\n\nSyntax: `${VAR_NAME}` or `${VAR_NAME=default_value}`\n\n### Setting Environment Variables\n\n```bash\n# Set for current environment\nazd env set AZURE_OPENAI_ENDPOINT \"https:\u002F\u002Fmy-openai.openai.azure.com\"\nazd env set AZURE_SEARCH_ENDPOINT \"https:\u002F\u002Fmy-search.search.windows.net\"\n\n# Set during init\nazd env new prod\nazd env set AZURE_OPENAI_ENDPOINT \"...\" \n```\n\n### Bicep Output → Environment Variable\n\n```bicep\n\u002F\u002F In main.bicep - outputs auto-populate .azure\u002F\u003Cenv>\u002F.env\noutput SERVICE_FRONTEND_URI string = frontend.outputs.uri\noutput SERVICE_BACKEND_URI string = backend.outputs.uri\noutput BACKEND_PRINCIPAL_ID string = backend.outputs.principalId\n```\n\n## Idempotent Deployments\n\n### Why azd up is Idempotent\n\n1. **Bicep is declarative** - Resources reconcile to desired state\n2. **Remote builds tag uniquely** - Image tags include deployment timestamp\n3. **ACR reuses layers** - Only changed layers upload\n\n### Preserving Manual Changes\n\nCustom domains added via Portal can be lost on redeploy. Preserve with hooks:\n\n```yaml\nhooks:\n preprovision:\n shell: sh\n run: |\n # Save custom domains before provision\n if az containerapp show --name \"$FRONTEND_NAME\" -g \"$RG\" &>\u002Fdev\u002Fnull; then\n az containerapp show --name \"$FRONTEND_NAME\" -g \"$RG\" \\\n --query \"properties.configuration.ingress.customDomains\" \\\n -o json > \u002Ftmp\u002Fdomains.json\n fi\n\n postprovision:\n shell: sh\n run: |\n # Verify\u002Frestore custom domains\n if [ -f \u002Ftmp\u002Fdomains.json ]; then\n echo \"Saved domains: $(cat \u002Ftmp\u002Fdomains.json)\"\n fi\n```\n\n### Handling Existing Resources\n\n```bicep\n\u002F\u002F Reference existing ACR (don't recreate)\nresource containerRegistry 'Microsoft.ContainerRegistry\u002Fregistries@2023-07-01' existing = {\n name: containerRegistryName\n}\n\n\u002F\u002F Set customDomains to null to preserve Portal-added domains\ncustomDomains: empty(customDomainsParam) ? null : customDomainsParam\n```\n\n## Container App Service Discovery\n\nInternal HTTP routing between Container Apps in same environment:\n\n```bicep\n\u002F\u002F Backend reference in frontend env vars\nenv: [\n {\n name: 'BACKEND_URL'\n value: 'http:\u002F\u002Fca-backend-${resourceToken}' \u002F\u002F Internal DNS\n }\n]\n```\n\nFrontend nginx proxies to internal URL:\n```nginx\nlocation \u002Fapi {\n proxy_pass $BACKEND_URL;\n}\n```\n\n## Managed Identity & RBAC\n\n### Enable System-Assigned Identity\n\n```bicep\nresource containerApp 'Microsoft.App\u002FcontainerApps@2024-03-01' = {\n identity: {\n type: 'SystemAssigned'\n }\n}\n\noutput principalId string = containerApp.identity.principalId\n```\n\n### Post-Provision RBAC Assignment\n\n```yaml\nhooks:\n postprovision:\n shell: sh\n run: |\n PRINCIPAL_ID=\"${BACKEND_PRINCIPAL_ID}\"\n \n # Azure OpenAI access\n az role assignment create \\\n --assignee-object-id \"$PRINCIPAL_ID\" \\\n --assignee-principal-type ServicePrincipal \\\n --role \"Cognitive Services OpenAI User\" \\\n --scope \"$OPENAI_RESOURCE_ID\" 2>\u002Fdev\u002Fnull || true\n \n # Azure AI Search access\n az role assignment create \\\n --assignee-object-id \"$PRINCIPAL_ID\" \\\n --role \"Search Index Data Reader\" \\\n --scope \"$SEARCH_RESOURCE_ID\" 2>\u002Fdev\u002Fnull || true\n```\n\n## Common Commands\n\n```bash\n# Environment management\nazd env list # List environments\nazd env select \u003Cname> # Switch environment\nazd env get-values # Show all env vars\nazd env set KEY value # Set variable\n\n# Deployment\nazd up # Full provision + deploy\nazd provision # Infrastructure only\nazd deploy # Code deployment only\nazd deploy --service backend # Deploy single service\n\n# Debugging\nazd show # Show project status\naz containerapp logs show -n \u003Capp> -g \u003Crg> --follow # Stream logs\n```\n\n## Reference Files\n\n- **Bicep patterns**: See references\u002Fbicep-patterns.md for Container Apps modules\n- **Troubleshooting**: See references\u002Ftroubleshooting.md for common issues\n- **azure.yaml schema**: See references\u002Fazure-yaml-schema.md for full options\n\n## Critical Reminders\n\n1. **Always use `remoteBuild: true`** - Local builds fail on M1\u002FARM Macs deploying to AMD64\n2. **Bicep outputs auto-populate .azure\u002F\u003Cenv>\u002F.env** - Don't manually edit\n3. **Use `azd env set` for secrets** - Not main.parameters.json defaults\n4. **Service tags (`azd-service-name`)** - Required for azd to find Container Apps\n5. **`|| true` in hooks** - Prevent RBAC \"already exists\" errors from failing deploy\n\n## When to Use\nThis skill is applicable to execute the workflow or actions described in the overview.\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,169,977,"2026-05-16 13:04:59",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查,提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"DevOps","devops","mdi-cog-outline","CI\u002FCD、容器化、部署运维",3,162,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"3f9f0f0a-595b-457d-87ae-7c9d3b377e96","1.0.0","azd-deployment.zip",3192,"uploads\u002Fskills\u002Fa358663c-fd41-41ee-bd9a-384da76fbf4f\u002Fazd-deployment.zip","c51695925d61f3e36e00aa0c03b479a96b49dfa4a06ae7c028fdcc1a3d204781","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":8343}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]