← marketplace
devopsplatformsha:632b4699a2ccfbe5manual
azure-deploy
Use when shipping infrastructure or app code to Azure: picking between Bicep, Terraform, ARM, and azd, then wiring a deployment pipeline that is repeatable, auditable, and reversible.
source: https://github.com/microsoft/azure-skills/tree/main/skills/azure-deploy ↗microsoft/azure-skills· ★ 1.1k
Install confidence
curl --create-dirs -fsSL https://skillmake.xyz/i/azure-deploy -o ~/.claude/skills/azure-deploy/SKILL.md
Pinned content
sha:632b4699a2ccfbe5
Generated with
manual
Source
github.com
The file served at /api/marketplace/azure-deploy-632b4699/raw matches this hash. Inspect before install, then copy the command.
3,134 chars · ~784 tokens
--- name: azure-deploy description: "Use when shipping infrastructure or app code to Azure: picking between Bicep, Terraform, ARM, and azd, then wiring a deployment pipeline that is repeatable, auditable, and reversible." source: https://github.com/microsoft/azure-skills/tree/main/skills/azure-deploy generated: 2026-05-25T02:43:53.794Z category: platform audience: devops --- ## When to use - Starting a new Azure project and choosing the deployment toolchain instead of cobbling one together over time - Migrating a click-ops resource group into version-controlled infrastructure-as-code without breaking the running app - Building a deployment pipeline in GitHub Actions or Azure DevOps that authenticates via OIDC instead of long-lived service principals - Rolling back a bad deployment and understanding which knob actually reverts what ## Key concepts ### Toolchain selection azd is the per-app starter, Bicep is the Azure-native DSL, Terraform is multi-cloud with state to manage, ARM templates are the JSON underlying everything. Pick one main path and stick with it. ### Deployment scope Azure deployments target subscription, resource group, management group, or tenant scopes. Wrong scope is the most common reason a template authoring perfectly fails to deploy. ### OIDC federation GitHub Actions and Azure DevOps can federate to Azure with a workload identity, so pipelines authenticate without a stored secret. ### What-if and preview az deployment ... what-if and terraform plan surface the diff before apply. Treat unexpected lines as bugs, not noise. ### Rollback strategy Incremental deployments do not delete unmanaged resources, and ARM has no real rollback. Recovery comes from re-applying the previous template version, not pressing 'undo'. ## API reference ``` npx skills add microsoft/azure-skills --skill azure-deploy ``` Install the Azure deploy skill bundle. ``` npx skills add microsoft/azure-skills --skill azure-deploy ``` ``` az deployment group what-if / az deployment group create ``` Preview and apply a resource-group-scoped deployment from a Bicep file. ``` az deployment group what-if -g rg -f main.bicep -p env=prod az deployment group create -g rg -f main.bicep -p env=prod --confirm-with-what-if ``` ## Gotchas - Resource provider registration is per-subscription; a fresh subscription will reject deployments until each provider is registered - Complete deployment mode deletes anything in the resource group not in the template; default to incremental unless you really want that - Bicep modules cache by version, so updating a registry module without bumping the version can silently keep old behavior - OIDC tokens require the federated credential subject to exactly match the workflow ref; mismatch fails with an unclear 'AADSTS70021' error - Pipeline 'success' does not mean the app is healthy; chain a smoke test job that hits the deployed endpoint before marking the rollout green --- Generated by SkillMake from https://github.com/microsoft/azure-skills/tree/main/skills/azure-deploy on 2026-05-25T02:43:53.794Z. Verify against source before relying on details.
File: ~/.claude/skills/azure-deploy/SKILL.md