Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
Scaffold, build, and deploy GitHub Copilot SDK apps to Azure with optional BYOM model config
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
references/deploy-existing.md
1# Deploy Existing Copilot SDK App2Adapt a user's existing Copilot SDK app for Azure by scaffolding the template to a temp directory, then copying infra into the user's project.4> ⚠️ **Warning:** Do NOT run `azd init` inside the user's project — it overwrites existing files. Always scaffold to a temp dir.6## 1. Scaffold Template to Temp Dir8```bash10azd init --template azure-samples/copilot-sdk-service --cwd <temp-dir>11```12This gives you the working infra, scripts, and Dockerfiles without touching the user's project.14## 2. Copy Infra Into User's Project16From the temp scaffold, copy these into the user's project root:18| Source | Purpose |20|--------|---------|21| `infra/` | Bicep modules (AVM-based), main.bicep, resources.bicep |22| `scripts/get-github-token.mjs` | azd hook — gets `GITHUB_TOKEN` via `gh auth token` |23| `azure.yaml` | Deployment manifest (will need editing) |24> ⚠️ Copy `scripts/get-github-token.mjs` exactly — do NOT rewrite it.26## 3. Adapt azure.yaml28Edit the copied `azure.yaml` to point at the user's app:30- Set `services.api.project` to the user's API directory32- Set `services.api.language` to the detected language33- Set `services.api.ports` to the user's port34- Add a `web` service if the app has a frontend35- Keep the `hooks` section unchanged (preprovision + prerun call the token script)36## 4. GitHub Token Flow38The template's token flow (already in the copied files):401. **`scripts/get-github-token.mjs`** — runs `gh auth token`, verifies `copilot` scope, stores via `azd env set`422. **`azure.yaml` hooks** — `preprovision` and `prerun` call the token script433. **Bicep `@secure() param githubToken`** — azd auto-maps the env var444. **Key Vault** — stores secret; Managed Identity gets `Key Vault Secrets User` role45## 5. Dockerfile47If the user has no Dockerfile, copy the template's Dockerfile for the detected language from the temp dir and adapt entry point, build steps, and port.49## 6. BYOM Infrastructure (Azure Model)51If the user wants Azure BYOM, add to the copied Bicep:53| Resource | Purpose |55|----------|---------|56| Azure OpenAI / AI Services account | Hosts model deployments |57| Role assignment | `Cognitive Services OpenAI User` for Managed Identity |58Add env vars to Container App: `AZURE_OPENAI_ENDPOINT`, `MODEL_PROVIDER=azure`, `MODEL_NAME=<deployment>`, `AZURE_CLIENT_ID=<managed-identity-client-id>`.60> ⚠️ **Warning:** The template's `main.parameters.json` defaults to `gpt-4o` which does NOT support BYOM (encrypted content). Change the default to an o-series or gpt-5 family model.62See [Azure Model Configuration](azure-model-config.md) for provider config and auth pattern.64## 7. Errors66| Error | Fix |68|-------|-----|69| `gh` not installed | User must install GitHub CLI |70| Missing `copilot` scope | Run `gh auth refresh --scopes copilot` |71| Key Vault soft-delete conflict | Use a unique vault name or purge the old one |72| Token not injected | Verify `azure.yaml` hooks and `scripts/get-github-token.mjs` exist |73