refactor: Migrate to Azure Verified Modules with AVM pattern modules#218
Draft
jaredfholgate wants to merge 24 commits intomainfrom
Draft
refactor: Migrate to Azure Verified Modules with AVM pattern modules#218jaredfholgate wants to merge 24 commits intomainfrom
jaredfholgate wants to merge 24 commits intomainfrom
Conversation
- Cast team from The Matrix: Morpheus (Lead), Trinity (Terraform), Tank (Bicep), Switch (DevOps), Niobe (Tester) - Created comprehensive PRD at docs/PRD.md covering: - Terraform AVM migration (16 module mappings) - Bicep AVM migration (24+ module mappings) - CI/CD bootstrapping with OIDC (GitHub Actions + Azure DevOps) - Recorded 10 architectural decisions in decisions.md - Set up squad infrastructure (charters, routing, ceremonies) Requested by: Jared Holgate Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…stories Morpheus completed PRD v2.0 update incorporating AVM pattern modules as primary migration strategy. This fundamentally shifts approach from 40+ individual module replacements to single pattern module call + supplements. Key changes: - Decision 11: Adopt AVM Pattern Modules as Primary Migration Strategy (replaces 12 Terraform + 22 Bicep modules with 1 call each) - PRD updated: v1.0 → v2.0 with pattern module strategy - Timeline: ~18 weeks → ~14 weeks - Phases: 7 → 5 per workstream - Agent histories: Trinity, Tank, Switch, Niobe updated with pattern module context Merged from .squad/decisions/inbox/morpheus-prd-pattern-modules.md Orchestration log: .squad/orchestration-log/2026-03-24T15-07-morpheus.md Session log: .squad/log/2026-03-24-prd-pattern-update.md Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…RM removal) Morpheus completed two rounds of scope changes: Round 1 (15:30): Hub networking removed (deferred to ALZ IaC Accelerator); folder structure flattened to infra/. PRD v3.0 with 25+ surgical edits. Round 2 (15:33): Portal and ARM template options removed; legacy CI/CD workflows removed; scope simplified to IaC + OIDC CI/CD only. PRD v3.1 with 12 edits. Decisions added (12-15): - Decision 12: Hub Networking Deferred to ALZ IaC Accelerator - Decision 13: Folder Structure Flattened to infra/ - Decision 14: Portal & ARM Templates Out of Scope - Decision 15: CI/CD Consolidation (OIDC-Only) Team history updated: Trinity, Tank, Switch, Niobe notified of scope changes, folder structure updates, OIDC-only requirement. Orchestration logs: - .squad/orchestration-log/2026-03-24T15-30-morpheus-scope.md - .squad/orchestration-log/2026-03-24T15-33-morpheus-portal.md Session log: - .squad/log/2026-03-24-prd-scope-simplification.md Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…dation framework Parallel implementation phase completed: Trinity (Terraform): - Created infra/terraform/ with AVM pattern module v0.1.0 - Hub peering and Key Vault defaults configured - terraform validate passes cleanly Tank (Bicep): - Created infra/bicep/ with AVM pattern module v0.2.0 - Native .bicepparam format with hub integration UX improvements - FTPS disabled for security alignment - Bicep compiles cleanly against live registry Switch (DevOps): - Created bootstrap/ with GitHub Actions + Azure DevOps OIDC documentation - Documentation-only approach (no code duplication from reference repos) - Points to canonical Azure-Samples repos for implementation Niobe (QA): - Created infra/validation-plan.md with four-gate quality model - Updated .pre-commit-config.yaml for new paths - Trivy migration path defined, PSRule validated Decision records: - Decision 16: Terraform Initial Setup (module version, Key Vault defaults, hub peering) - Decision 17: Bicep Pattern Module (version pin, .bicepparam format, hub UX, FTPS) - Decision 18: Bootstrap Documentation-Only (no code duplication, single source of truth) - Decision 19: Validation Toolchain (four-gate model, Trivy + PSRule) All decisions merged into .squad/decisions.md; orchestration and session logs created. Terraform and Bicep teams can now operate in parallel for supplemental modules. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Trinity & Tank delivered parity coverage: - infra/terraform/examples/: 9 .tfvars files for all App Service deployment scenarios - infra/bicep/examples/: 9 .bicepparam files (identical scenario naming) - Updated Terraform variables.tf/main.tf for ASE/container support - Updated Bicep main.bicep with ASE/container parameters - Both toolchains validated (terraform validate, az bicep build pass) - Removed legacy terraform.tfvars.example - Cross-agent context propagated to Trinity & Tank history All 9 scenarios now have concrete, tested example configs: - Managed Instance (Windows, custom mode) - ASE v3 (Windows/Linux, app/container) - App Service Plan (Windows/Linux, app/container) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…eation Both Terraform and Bicep implementations now dynamically create resource groups via Azure Verified Module (AVM) instead of requiring pre-existing resource group IDs. Changes: - Terraform: Added AVM resource group module v0.2.2, updated 9 examples - Bicep: Added AVM resource group module v0.4.0, updated 10 bicepparam files - All configurations validated (terraform validate, az bicep build pass) Agents: Trinity (Terraform), Tank (Bicep)
…oc theme - Migrate docs from scattered markdown files to unified Hugo site in docs/ - Use hugo-geekdoc theme matching Azure/Azure-Landing-Zones pattern - Create 6 content sections: home, getting-started, terraform, bicep, bootstrap, architecture, examples - Move bootstrap CI/CD documentation into Hugo content pages - Simplify bootstrap/ READMEs to pointers to Hugo docs site - Simplify root README to minimal landing page with docs site links - Preserve architecture images in docs/static/img/ - Document Decisions 16 (Hugo adoption) and 17 (root README simplification) - Merge decision inbox files into decisions.md - Log orchestration and session records to .squad/ Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add TXT layout templates (index.txt, list.txt, single.txt) for llms.txt output - Add llms-section-tree.txt partial for LLM-friendly documentation index - Add data/menu/main.yaml and extra.yaml for header navigation (Home, GitHub, Issue links) - Add shortcodes (expand, include, csv-table) matching reference repo - Move description into [params] section of hugo.toml for template access - Remove empty .gitkeep placeholders from data/, layouts/, assets/ Fixes Hugo build warnings about missing TXT format layouts and adds proper header navigation matching Azure/Azure-Landing-Zones reference. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Docs restructured into 6-section deployment journey (~5 min read) - deploy.ps1: interactive script (4 paths x 9 hosting scenarios) - Hugo theme switched to tarball (pre-built CSS/JS) - Removed filler docs, folded TF/Bicep/Architecture into Deploy page Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The script already copies example tfvars/bicepparam files and uses string replacement to substitute user values. The TfScenarioConfig and BicepScenarioConfig hashtables duplicated what was in those example files and were never actually consumed. Removed: - \\\ (9 scenario mappings, ~55 lines) - \\\ (9 scenario mappings, ~60 lines) - Unused \\\ assignment in Invoke-LocalBicep - Unused \\\ vars in both bootstrap functions Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Remove incorrect instructions telling users to hardcode backend settings
in terraform.tf. The empty backend "azurerm" {} block is intentional —
the bootstrap-generated pipeline injects backend config at runtime via
-backend-config CLI args.
Changes:
- bootstrap/_index.md: add Backend Configuration section explaining the
pattern, link to example-module reference
- github-actions.md: replace Step 3 hardcoded backend block with
example_repo guidance and local dev instructions
- azure-devops.md: same fix as github-actions.md
- deploy/_index.md: replace hardcoded backend HCL with -backend-config
CLI args and explain pipeline auto-injection
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Added empty backend "azurerm" {} block to terraform.tf (by design)
- Fixed bootstrap docs: no hardcoded backend, CLI -backend-config at runtime
- Updated 4 doc files with correct example_repo and local dev instructions
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Remove all redundant files that were superseded by the AVM refactoring: - scenarios/ (entire folder — terraform, bicep, ARM, shared modules) - Legacy GitHub Actions workflows (.template.*, scenario1.*, platform.*) - Composite action templates (.github/actions/templates/) - Empty .gitmodules file The new implementations live in infra/ (Terraform + Bicep with AVM pattern modules), bootstrap/ (OIDC CI/CD setup), and docs/ (Hugo documentation site). Removes 201 files totaling ~38,300 lines of legacy code. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Replace 9 stale scenarios/ directory references with the single infra/terraform/ path that matches the flattened repo structure (Decision 13). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…dependabot - .gitignore: add exception for infra/terraform/examples/*.tfvars so example files are tracked despite the blanket *.tfvars rule - infra/terraform/README.md: fix variable name (resource_group_id → resource_group_name), fix GitHub Actions CI/CD link text, fix quick start example file path, correct prerequisites - README.md: update Quick Links to match actual docs sections (Deploy, ALZ Integration instead of removed Terraform/Bicep pages) - .github/dependabot.yml: replace 9 legacy scenarios/ paths with single infra/terraform entry - docs/content/deploy: fix Bicep parameter file name (main.parameters.jsonc → main.bicepparam), update Terraform variable table and Bicep parameter table to match actual code - docs/content/examples: replace fictional scenario table with actual 9 example files, fix feature flag examples to match real variables - docs/content/alz-integration: fix Terraform variable names (route_table_id → hub_firewall_private_ip), use bicepparam syntax instead of JSON for Bicep examples Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Aligned Terraform examples with ALZ platform settings from pattern module - Added PLZ prerequisite callouts across all Hugo docs pages - Updated examples README with PLZ requirement Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Added 3 missing ALZ variables: diagnostic_settings_mode, private_dns_zone_mode, route_table_resource_id - Updated all 9 example tfvars with PLZ prerequisite comments and ALZ settings - Enhanced examples README with comprehensive PLZ prerequisites section - terraform validate passes clean Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Removed locals.default_tags merge block - Set default tags in variable definition - Pass var.tags directly to modules Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Refactors the App Service Landing Zone Accelerator to use Azure Verified Modules (AVM) pattern modules for both Terraform and Bicep, replaces legacy CI/CD with OIDC bootstrap references, and restructures documentation into a Hugo static site.
What changed
Azure/avm-ptn-app-service-landing-zone/azurebr/public:avm/ptn/app-service-lza/hosting-environmentPRD
See
.squad/PRD.mdfor full product requirements document.