Appearance
Infrastructure Provisioning Pipeline
The provision-infra.stage.yml stage template applies Bicep infrastructure changes without rebuilding or redeploying container images. It is used when scaling rules, VNet configuration, Key Vault RBAC, or other infrastructure settings change independently of application code.
When to Use This Pipeline
| Change Type | Enable provisionInfrastructure? |
|---|---|
| VNet subnet CIDR change | Yes |
| Redis SKU upgrade | Yes |
| Add new Key Vault secret slot | Yes |
| NSG rule modification | Yes |
| ACR SKU upgrade | Yes |
| Add a new container app (new service) | Yes (then also run full deploy) |
| Application code change only | No — run without infra provisioning |
| Combined infra + code change | Yes — enable provisionInfrastructure: true |
Pipeline Location
The infrastructure provisioning stage is a reusable template invoked by the full deployment pipelines:
Devops/azure/templates/stages/provision-infra.stage.ymlIt is also used directly by pipelines/container-backend/infrastructure-pipeline.yml when provisionInfrastructure: true is passed as a parameter.
Stage Parameters
yaml
parameters:
- name: environment
displayName: Target Environment
type: string
default: dev
values:
- dev
- stage
- preprod
- uat
- production
- name: whatIfOnly
displayName: What-If Preview Only (no actual deploy)
type: boolean
default: false
- name: skipApproval
displayName: Skip Manual Approval Gate
type: boolean
default: falseControlled via Pipeline Parameter
Infrastructure provisioning is controlled by the provisionInfrastructure parameter on the pipeline entry point (e.g., infrastructure-pipeline.yml). Set it to true to include the provision-infra.stage.yml in the pipeline run.
Pipeline Stages
Build-BicepParams.ps1 Deep Dive
See Bicep Modules for full script details. In brief:
- Reads
Devops/azure/config/container-backend/services-config.json - Extracts environment-specific scaling, SKU, and networking config
- Generates
infra.bicepparamwith all parameters formain.bicep - The generated file is published as a pipeline artifact for use in later stages
Environment Selection Matrix
The following service connections and resource scopes are used per environment:
environment param | ADO Service Connection | Subscription Scope |
|---|---|---|
dev | fontEndPrincipalConnection | Microtec ERP Dev subscription |
stage | fontEndPrincipalConnection | Microtec ERP Non-Prod subscription |
preprod | fontEndPrincipalConnection | Microtec ERP Non-Prod subscription |
uat | fontEndPrincipalConnection | Microtec ERP Non-Prod subscription |
production | fontEndPrincipalConnection | Microtec ERP Prod subscription |
Troubleshooting
| Symptom | Likely Cause | Resolution |
|---|---|---|
| What-if shows unexpected deletions | Bicep mode is Complete instead of Incremental | Verify --mode Incremental in deploy command; Complete mode deletes unlisted resources |
Deployment fails: ResourceGroupNotFound | First-time deployment — RG doesn't exist yet | Run resource-groups.bicep module first; or run the full deploy pipeline with provisionInfrastructure: true |
| Parameters file not generated | services-config.json parse error | Check JSON validity; run Build-BicepParams.ps1 locally and inspect output |
whatIfOnly default not preventing deploy | Pipeline variable overriding parameter | Check variable groups for whatIfOnly override |
Related Documentation
- Bicep Modules — Module structure and
main.bicep - Scripts Catalog —
Build-BicepParams.ps1and related scripts - Approval Gates — Who approves infra changes per environment
- Orchestrators — Full deployment orchestrators (infra + app code)