feat: use Azure Deployment Stacks for idempotent destroy (#30)#1
Open
arnaudlh wants to merge 1 commit into
Open
feat: use Azure Deployment Stacks for idempotent destroy (#30)#1arnaudlh wants to merge 1 commit into
arnaudlh wants to merge 1 commit into
Conversation
Replace plain subscription deployments (az deployment sub create) and RG-based destroy (az group delete) with Azure Deployment Stacks across all workflows and agent docs. Why: Plain sub-deployments + RG-delete leave orphans when a template spans multiple RGs or creates sub-scope resources (role/policy assignments, cross-scope role grants, remote-side refs). Stacks track every managed resource across every scope as a single lifecycle unit, so destroy is one idempotent call regardless of how templates evolve. See Azure#30. Workflow changes: - git-ape-deploy: az stack sub validate/create with --action-on-unmanage deleteAll --deny-settings-mode none. Captures stackId and managedResources[] into state.json (schema v1.0). - git-ape-destroy: az stack sub show (inventory) + az stack sub delete --action-on-unmanage deleteAll --bypass-stack-out-of-sync-error. Removed old Build-destroy-plan / sub-resource-sweep / RG-delete steps. Missing-stack path now records already-destroyed (idempotent). - git-ape-plan: az stack sub validate for validation; keep az deployment sub what-if (stacks do not support what-if yet). Docs: - copilot-instructions.md: updated deploy/destroy descriptions and inline bash example to stacks commands. - azure-resource-deployer.agent.md: deploy and rollback patterns use az stack sub create/delete. - azure-template-generator.agent.md: CLI and PowerShell examples use deployment stacks. - git-ape.agent.md: Stage 3 description references stacks. - DEPLOYMENT_STATE.md: documents state.json schema v1.0 with stackId and managedResources[] fields.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replace plain subscription deployments (az deployment sub create) and RG-based destroy (az group delete) with Azure Deployment Stacks across all workflows and agent docs.
Why:
Plain sub-deployments + RG-delete leave orphans when a template spans
multiple RGs or creates sub-scope resources (role/policy assignments,
cross-scope role grants, remote-side refs). Stacks track every managed
resource across every scope as a single lifecycle unit, so destroy is
one idempotent call regardless of how templates evolve. See Azure#30.
Workflow changes:
Docs: