Artifact Generation
Generate infrastructure and configuration files based on selected recipe.
β CRITICAL: Check for .NET Aspire Projects FIRST
MANDATORY: Before generating any files, detect .NET Aspire projects:
# Method 1: Find AppHost project files
find . -name "*.AppHost.csproj" -o -name "*AppHost.csproj"
# Method 2: Search for Aspire packages
grep -r "Aspire\.Hosting\|Aspire\.AppHost\.Sdk" . --include="*.csproj"If Aspire is detected:
- β STOP - Do NOT manually create
azure.yaml - β STOP - Do NOT manually create
infra/files - β
USE -
azd init --from-code -e <env-name>instead - π READ - aspire.md and recipes/azd/aspire.md for complete guidance
Why this is critical:
- Aspire AppHost auto-generates infrastructure from code
- Manual
azure.yamlwithoutservicessection causes "infra\main.bicep not found" error azd init --from-codecorrectly detects AppHost and generates proper configuration
β οΈ Manually creating azure.yaml for Aspire projects is the most common deployment failure. Always use
azd init --from-code.
Check for Other Special Patterns
After verifying the project is NOT Aspire, check for these patterns:
| Pattern | Detection | Action |
|---|---|---|
| Complex existing codebase | Multiple services, existing structure | Consider azd init --from-code |
| Existing azure.yaml | File already present | MODIFY mode - update existing config |
CRITICAL: After running
azd init --from-code, you MUST immediately set the user-confirmed subscription withazd env set AZURE_SUBSCRIPTION_ID <id>. Do NOT skip this step. See aspire.md Step 3 for the complete sequence.
CRITICAL: Research Must Be Complete
DO NOT generate any files without first completing the Research Components step.
The research step loads service-specific references and invokes related skills to gather best practices. Apply all research findings to generated artifacts.
Research Checklist
- β Completed Research Components step
- β
Loaded all relevant
services/*.mdreferences - β Invoked related skills for specialized guidance
- β
Documented findings in
.azure/deployment-plan.md
Generation Order
| Order | Artifact | Notes |
|---|---|---|
| 1 | Application config (azure.yaml) | AZD onlyβdefines services and hosting |
| 2 | Application code scaffolding | Entry points, health endpoints, config |
| 3 | Dockerfiles | If containerized |
| 4 | Infrastructure (Bicep/Terraform) | IaC templates in ./infra/ |
| 5 | CI/CD pipelines | If requested |
Recipe-Specific Generation
Load the appropriate recipe for detailed generation steps:
| Recipe | Guide |
|---|---|
| AZD | AZD Recipe |
| AZCLI | AZCLI Recipe |
| Bicep | Bicep Recipe |
| Terraform | Terraform Recipe |
Common Standards
File Structure
project-root/
βββ .azure/
β βββ deployment-plan.md
βββ infra/
β βββ main.bicep (or main.tf)
β βββ modules/
βββ src/
β βββ <component>/
β βββ Dockerfile
βββ azure.yaml (AZD only)Directory Creation
β οΈ Warning: The
createtool fails withParent directory does not existwhen intermediate directories are missing. Always create the full directory tree before writing files.
Before creating nested files (e.g., src/frontend/src/App.jsx), create all parent directories first:
mkdir -p src/frontend/src src/api- Use absolute paths in
mkdir -pwhen the working directory may differ from the project root - Create directories for all components in a single command before writing any files
- Do not rely on the
createtool to create parent directories β it will not
Security Requirements
- No hardcoded secrets
- Use Key Vault for sensitive values
- Managed Identity for service auth
- HTTPS only, TLS 1.2+
- SQL Server Bicep MUST use Entra-only auth β omit
administratorLoginandadministratorLoginPasswordentirely, including from conditional/ternary branches (see services/sql-database/bicep.md). These property names must not appear anywhere in a generated.bicepfile. - SQL + Managed Identity: MUST add postprovision hook β ARM role assignments only grant control-plane access; you MUST also generate
scripts/grant-sql-access.sh+.ps1and add apostprovisionhook inazure.yamlto run T-SQL grants. See services/sql-database/bicep.md. - App Service Bicep: MUST include
azd-service-nametag β Every App ServiceMicrosoft.Web/sitesresource MUST havetags: union(tags, { 'azd-service-name': serviceName }). Without this tag,azd deploycannot locate the resource. See services/app-service/bicep.md.
Runtime Configuration
Apply language-specific production settings for containerized apps:
| Runtime | Reference |
|---|---|
| Node.js/Express | runtimes/nodejs.md |
After Generation
- Update
.azure/deployment-plan.mdwith generated file list - Run validation checks
- Proceed to azure-validate skill