Updates azure-deploy skill

[wbreza]

Summary

Split azure-deploy skill into two focused skills and standardize on azd CLI

New Skill: azure-create-app

• Handles all pre-deployment configuration: discovery, architecture planning, file generation (Dockerfiles, Bicep, azure.yaml), and validation
• Explicit MCP tool call syntax with JSON examples for mcp_azure_mcp_azd commands
• Application type detection patterns and service selection rules
• Mandatory validation step before completion

Simplified: azure-deploy

• Now focused purely on deployment execution
• 6-step flow: check azure.yaml → create environment → check subscription → check location → deploy → handle errors
• Prompts user for environment name, subscription, and location if not configured
• Uses azd config get defaults to surface existing defaults in prompts
• References azure-create-app skill when azure.yaml is missing

Reference Files Updated

• All references: Removed az CLI commands, standardized on azd for deployments
• aks.md: Changed to "Always Use azd", manual CLI marked as legacy
• functions.md: Removed all az functionapp commands, replaced with azd/Bicep patterns
• static-web-apps.md: Added dist folder requirement, replaced Quick Start with azd workflow
• app-service.md / container-apps.md: Updated prerequisites to azd-only

[Copilot]

Pull request overview

This PR restructures the Azure deployment guidance by splitting “create/configure” from “deploy”, and updates reference documentation to standardize deployment workflows around azd.

Changes:

• Introduces a new azure-create-app skill focused on discovery, architecture planning, file generation, and validation for azd projects.
• Simplifies azure-deploy skill to an azd-centric execution flow (env/subscription/location → deploy → troubleshoot).
• Updates multiple Azure service reference guides to emphasize azd workflows and de-emphasize direct az CLI usage.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
plugin/skills/azure-deploy/reference/static-web-apps.md	Updates SWA prerequisites and quick start to an azd-first workflow.
plugin/skills/azure-deploy/reference/functions.md	Reworks Functions deployment guidance to focus on azd + Bicep patterns.
plugin/skills/azure-deploy/reference/container-apps.md	Removes Azure CLI auth prereq and standardizes on azd auth checks.
plugin/skills/azure-deploy/reference/app-service.md	Shifts App Service guidance toward “Always use azd” and updates prerequisites.
plugin/skills/azure-deploy/reference/aks.md	Shifts AKS guidance toward “Always use azd”, updates prerequisites and kubectl install.
plugin/skills/azure-deploy/SKILL.md	Replaces the prior broad workflow with a 6-step azd-focused deployment flow.
plugin/skills/azure-create-app/SKILL.md	Adds a new skill for preparing an application for Azure (azure.yaml, infra/, validation).

Comments suppressed due to low confidence (3)

plugin/skills/azure-deploy/reference/functions.md:392

• $FUNCTION_APP is used as if it’s a predefined variable, but this guide no longer defines it anywhere (the previous az-based resource creation section that set it is gone). Add a short note defining what $FUNCTION_APP should be (and how to obtain it when deploying with azd), or replace it with a consistent placeholder like <function-app-name>.

```bash
# Deploy to Azure (from project root)
func azure functionapp publish $FUNCTION_APP

plugin/skills/azure-deploy/reference/functions.md:657

• These two statements conflict: if azd pipeline config “automatically creates the necessary secrets and workflow configuration”, there shouldn’t also be a manual step to “Add the output as AZURE_CREDENTIALS”. Clarify what azd pipeline config generates vs what the user must still add manually (and keep it consistent with the workflow example above).

This automatically creates the necessary secrets and workflow configuration.

Add the output as `AZURE_CREDENTIALS` secret in GitHub repository settings.

plugin/skills/azure-deploy/SKILL.md:72

• The tool name mcp_azure_mcp_subscription_list doesn’t match the Azure MCP tool naming used elsewhere in this repo (e.g., azure__subscription_list in plugin/skills/azure-mcp/SKILL.md:64,121). If this is meant to be the standard subscription listing tool, update the doc to use the correct tool name so the workflow is executable.

1. Call the `mcp_azure_mcp_subscription_list` tool to get available subscriptions:
```json
{
  "tool": "mcp_azure_mcp_subscription_list",
  "parameters": {}

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 7 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[paulyuk]

please see comments. I'm not sure this will work for services other than ACA

[Copilot]

Pull request overview

Copilot reviewed 13 out of 13 changed files in this pull request and generated 2 comments.

Comments suppressed due to low confidence (4)

plugin/skills/azure-create-app/reference/functions.md:590

• This section reintroduces an az functionapp ... command (slot swap) even though the guide positions azd as the required workflow and no longer lists Azure CLI as a prerequisite. Either mark this Azure CLI step as legacy/optional and document the Azure CLI requirement (or a Portal-based alternative), or adjust earlier wording so it’s clear when az is still needed.
  plugin/skills/azure-create-app/reference/static-web-apps.md:39
• The command curl -fsSL https://aka.ms/install-azd.sh | bash downloads and executes a remote script without any integrity verification or version pinning, which introduces a supply chain risk. If the aka.ms endpoint or its DNS/TLS channel is compromised, an attacker could execute arbitrary code in the developer or CI environment where this command is run, potentially accessing credentials or modifying build artifacts. Prefer installing azd via a package manager or a pinned, checksum-verified artifact instead of piping a mutable remote script directly into bash.
  plugin/skills/azure-create-app/reference/app-service.md:89
• The command curl -fsSL https://aka.ms/install-azd.sh | bash downloads and executes a remote script without checksum/signature verification or version pinning, which is a supply chain risk. If the aka.ms endpoint or its DNS/TLS channel is compromised, an attacker could execute arbitrary code in the environment where this command is run, including CI agents or dev machines with access to secrets. Prefer installing azd via a package manager or a pinned, integrity-checked artifact instead of piping a mutable remote script directly into bash.
  plugin/skills/azure-create-app/reference/aks.md:92
• The Linux installation command curl -fsSL https://aka.ms/install-azd.sh | bash introduces a supply chain vulnerability by executing a remote script without integrity verification or version pinning. If that URL or its hosting infrastructure were compromised, an attacker could run arbitrary code in developer or CI environments, gaining access to credentials or modifying Kubernetes-related build artifacts. Replace this pattern with an installation approach that uses a package manager or a pinned artifact with checksum/signature verification instead of piping a mutable remote script directly into bash.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.