Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
Build custom Copilot extensions and AI agents using the Azure-hosted GitHub Copilot SDK
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
references/deploy-existing.md
1# Deploy Existing Copilot SDK App2Adapt a user's existing Copilot SDK app for Azure by scaffolding the template to a temp directory, then copying infra into the user's project.4> ⚠️ **Warning:** Do NOT run `azd init` inside the user's project — it overwrites existing files. Always scaffold to a temp dir.6## 1. Scaffold Template to Temp Dir8```bash10azd init --template azure-samples/copilot-sdk-service --cwd <temp-dir>11```12This gives you the working infra, scripts, and Dockerfiles without touching the user's project.14## 2. Copy Infra Into User's Project16From the temp scaffold, copy these into the user's project root:18| Source | Purpose |20|--------|---------|21| `infra/` | Bicep modules (AVM-based), main.bicep, resources.bicep |22| `scripts/get-github-token.mjs` | azd hook — gets `GITHUB_TOKEN` via `gh auth token` |23| `azure.yaml` | Deployment manifest (will need editing) |24> ⚠️ Copy `scripts/get-github-token.mjs` exactly — do NOT rewrite it.26## 3. Adapt azure.yaml28Edit the copied `azure.yaml` to point at the user's app:30- Set `services.api.project` to the user's API directory32- Set `services.api.language` to the detected language33- Set `services.api.ports` to the user's port34- Add a `web` service if the app has a frontend35- Keep the `hooks` section unchanged (preprovision + prerun call the token script)36## 4. GitHub Token Flow38The template's token flow (already in the copied files):401. **`scripts/get-github-token.mjs`** — runs `gh auth token`, verifies `copilot` scope, stores via `azd env set`422. **`azure.yaml` hooks** — `preprovision` and `prerun` call the token script433. **Bicep `@secure() param githubToken`** — azd auto-maps the env var444. **Key Vault** — stores secret; Managed Identity gets `Key Vault Secrets User` role45## 5. Dockerfile47If the user has no Dockerfile, copy the template's Dockerfile for the detected language from the temp dir and adapt entry point, build steps, and port.49## 6. BYOM Infrastructure (Azure Model)51If the user wants Azure BYOM, add to the copied Bicep:53| Resource | Purpose |55|----------|---------|56| Azure OpenAI / AI Services account | Hosts model deployments |57| Role assignment | `Cognitive Services OpenAI User` for Managed Identity |58Add env vars to Container App: `AZURE_OPENAI_ENDPOINT`, `MODEL_PROVIDER=azure`, `MODEL_NAME=<deployment>`, `AZURE_CLIENT_ID=<managed-identity-client-id>`.60> ⚠️ **Warning:** The template's `main.parameters.json` defaults to `gpt-4o` which does NOT support BYOM (encrypted content). Change the default to an o-series or gpt-5 family model.62See [Azure Model Configuration](azure-model-config.md) for provider config and auth pattern.64## 7. Errors66| Error | Fix |68|-------|-----|69| `gh` not installed | User must install GitHub CLI |70| Missing `copilot` scope | Run `gh auth refresh --scopes copilot` |71| Key Vault soft-delete conflict | Use a unique vault name or purge the old one |72| Token not injected | Verify `azure.yaml` hooks and `scripts/get-github-token.mjs` exist |73