npm - @polymorphism-tech/morph-spec - Versions diffs - 3.0.0 → 3.1.0 - Mend

@polymorphism-tech/morph-spec 3.0.0 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (240) hide show

package/{content → stacks/blazor-azure}/.morph/templates/infra/azure-pipelines-deploy.yml RENAMED Viewed

@@ -1,480 +1,480 @@
-# ============================================================================
-# Azure DevOps Pipeline - MORPH-SPEC Deploy
-# ============================================================================
-# Generated by MORPH-SPEC Azure Deploy Specialist
-#
-# This pipeline provides:
-# - Multi-stage deployment (Build -> Dev -> Staging -> Prod)
-# - Automatic deployment to dev on develop branch
-# - Manual approval for staging and prod
-# - Rollback support via MORPH-SPEC CLI
-# - Cost validation before deployment
-#
-# Prerequisites:
-# 1. Service connection 'azure-service-connection' with subscription access
-# 2. Service connection 'acr-service-connection' for Container Registry
-# 3. Variable group 'deploy-secrets-{env}' for each environment
-# 4. Environment 'dev', 'staging', 'prod' configured in Azure DevOps
-# ============================================================================
-trigger:
-  branches:
-    include:
-      - main
-      - develop
-  paths:
-    exclude:
-      - '*.md'
-      - 'docs/**'
-      - '.morph/**'
-pr:
-  branches:
-    include:
-      - main
-      - develop
-variables:
-  # Project Configuration
-  - name: projectName
-    value: '{{PROJECT_NAME}}'
-  - name: acrName
-    value: '{{ACR_NAME}}'
-  - name: dockerfilePath
-    value: './Dockerfile'
-  - name: resourceGroupPrefix
-    value: 'rg-{{PROJECT_NAME}}'
-  # Azure Configuration
-  - name: azureSubscription
-    value: 'azure-service-connection'
-  - name: acrServiceConnection
-    value: 'acr-service-connection'
-  - name: azureLocation
-    value: 'brazilsouth'
-  # Build Configuration
-  - name: imageTag
-    value: '$(Build.BuildId)'
-  - name: imageRepository
-    value: '$(projectName)'
-# ============================================================================
-# STAGES
-# ============================================================================
-stages:
-  # --------------------------------------------------------------------------
-  # Stage: Build
-  # --------------------------------------------------------------------------
-  - stage: Build
-    displayName: 'Build and Push Docker Image'
-    jobs:
-      - job: BuildAndPush
-        displayName: 'Build Docker Image'
-        pool:
-          vmImage: 'ubuntu-latest'
-        steps:
-          # Checkout code
-          - checkout: self
-            fetchDepth: 1
-          # Install Node.js for MORPH-SPEC CLI
-          - task: NodeTool@0
-            displayName: 'Install Node.js'
-            inputs:
-              versionSpec: '20.x'
-          # Install MORPH-SPEC CLI
-          - script: npm install -g @polymorphism-tech/morph-spec
-            displayName: 'Install MORPH-SPEC CLI'
-          # Validate Bicep costs
-          - script: |
-              if [ -f "infra/main.bicep" ]; then
-                npx morph-spec cost infra/main.bicep --strict
-              else
-                echo "No Bicep files found, skipping cost validation"
-              fi
-            displayName: 'Validate Infrastructure Costs'
-            continueOnError: false
-          # Build and push Docker image
-          - task: Docker@2
-            displayName: 'Build and Push Image'
-            inputs:
-              containerRegistry: '$(acrServiceConnection)'
-              repository: '$(imageRepository)'
-              command: 'buildAndPush'
-              Dockerfile: '$(dockerfilePath)'
-              tags: |
-                $(imageTag)
-                latest
-          # Save image tag as artifact
-          - script: |
-              echo "$(imageTag)" > $(Build.ArtifactStagingDirectory)/imagetag.txt
-            displayName: 'Save Image Tag'
-          - task: PublishBuildArtifacts@1
-            displayName: 'Publish Artifacts'
-            inputs:
-              pathToPublish: '$(Build.ArtifactStagingDirectory)'
-              artifactName: 'build-artifacts'
-  # --------------------------------------------------------------------------
-  # Stage: Deploy to Dev
-  # --------------------------------------------------------------------------
-  - stage: DeployDev
-    displayName: 'Deploy to Development'
-    dependsOn: Build
-    condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/develop'))
-    variables:
-      - group: 'deploy-secrets-dev'
-      - name: environment
-        value: 'dev'
-    jobs:
-      - deployment: DeployToDev
-        displayName: 'Deploy to Dev Environment'
-        pool:
-          vmImage: 'ubuntu-latest'
-        environment: 'dev'
-        strategy:
-          runOnce:
-            deploy:
-              steps:
-                - download: current
-                  artifact: 'build-artifacts'
-                - task: AzureCLI@2
-                  displayName: 'Deploy Infrastructure'
-                  inputs:
-                    azureSubscription: '$(azureSubscription)'
-                    scriptType: 'bash'
-                    scriptLocation: 'inlineScript'
-                    inlineScript: |
-                      # Create resource group if not exists
-                      az group create \
-                        --name $(resourceGroupPrefix)-$(environment) \
-                        --location $(azureLocation) \
-                        --tags environment=$(environment) project=$(projectName)
-                      # Deploy Bicep (if exists)
-                      if [ -f "infra/main.bicep" ]; then
-                        az deployment group create \
-                          --resource-group $(resourceGroupPrefix)-$(environment) \
-                          --template-file infra/main.bicep \
-                          --parameters @infra/parameters.$(environment).json \
-                          --name "deploy-$(Build.BuildId)"
-                      fi
-                - task: AzureCLI@2
-                  displayName: 'Deploy Application'
-                  inputs:
-                    azureSubscription: '$(azureSubscription)'
-                    scriptType: 'bash'
-                    scriptLocation: 'inlineScript'
-                    inlineScript: |
-                      IMAGE_TAG=$(cat $(Pipeline.Workspace)/build-artifacts/imagetag.txt)
-                      # Get ACR credentials
-                      ACR_PASSWORD=$(az acr credential show \
-                        --name $(acrName) \
-                        --query "passwords[0].value" -o tsv)
-                      # Update Container App
-                      az containerapp update \
-                        --name $(projectName)-$(environment)-app \
-                        --resource-group $(resourceGroupPrefix)-$(environment) \
-                        --image $(acrName).azurecr.io/$(imageRepository):$IMAGE_TAG \
-                        --set-env-vars \
-                          "ConnectionStrings__DefaultConnection=$(SqlConnectionString)" \
-                          "ASPNETCORE_ENVIRONMENT=Development"
-                      # Enable sticky sessions for Blazor Server
-                      az containerapp ingress sticky-sessions set \
-                        --name $(projectName)-$(environment)-app \
-                        --resource-group $(resourceGroupPrefix)-$(environment) \
-                        --affinity sticky
-                - task: AzureCLI@2
-                  displayName: 'Verify Deployment'
-                  inputs:
-                    azureSubscription: '$(azureSubscription)'
-                    scriptType: 'bash'
-                    scriptLocation: 'inlineScript'
-                    inlineScript: |
-                      # Wait for healthy state
-                      for i in {1..30}; do
-                        HEALTH=$(az containerapp revision list \
-                          --name $(projectName)-$(environment)-app \
-                          --resource-group $(resourceGroupPrefix)-$(environment) \
-                          --query "[0].properties.healthState" -o tsv)
-                        if [ "$HEALTH" == "Healthy" ]; then
-                          echo "Deployment verified: Healthy"
-                          exit 0
-                        fi
-                        echo "Waiting for healthy state... ($i/30)"
-                        sleep 10
-                      done
-                      echo "Deployment verification timeout"
-                      exit 1
-  # --------------------------------------------------------------------------
-  # Stage: Deploy to Staging
-  # --------------------------------------------------------------------------
-  - stage: DeployStaging
-    displayName: 'Deploy to Staging'
-    dependsOn: Build
-    condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
-    variables:
-      - group: 'deploy-secrets-staging'
-      - name: environment
-        value: 'staging'
-    jobs:
-      - deployment: DeployToStaging
-        displayName: 'Deploy to Staging Environment'
-        pool:
-          vmImage: 'ubuntu-latest'
-        environment: 'staging'
-        strategy:
-          runOnce:
-            deploy:
-              steps:
-                - download: current
-                  artifact: 'build-artifacts'
-                - task: AzureCLI@2
-                  displayName: 'Deploy Infrastructure'
-                  inputs:
-                    azureSubscription: '$(azureSubscription)'
-                    scriptType: 'bash'
-                    scriptLocation: 'inlineScript'
-                    inlineScript: |
-                      az group create \
-                        --name $(resourceGroupPrefix)-$(environment) \
-                        --location $(azureLocation) \
-                        --tags environment=$(environment) project=$(projectName)
-                      if [ -f "infra/main.bicep" ]; then
-                        az deployment group create \
-                          --resource-group $(resourceGroupPrefix)-$(environment) \
-                          --template-file infra/main.bicep \
-                          --parameters @infra/parameters.$(environment).json \
-                          --name "deploy-$(Build.BuildId)"
-                      fi
-                - task: AzureCLI@2
-                  displayName: 'Deploy Application'
-                  inputs:
-                    azureSubscription: '$(azureSubscription)'
-                    scriptType: 'bash'
-                    scriptLocation: 'inlineScript'
-                    inlineScript: |
-                      IMAGE_TAG=$(cat $(Pipeline.Workspace)/build-artifacts/imagetag.txt)
-                      ACR_PASSWORD=$(az acr credential show \
-                        --name $(acrName) \
-                        --query "passwords[0].value" -o tsv)
-                      az containerapp update \
-                        --name $(projectName)-$(environment)-app \
-                        --resource-group $(resourceGroupPrefix)-$(environment) \
-                        --image $(acrName).azurecr.io/$(imageRepository):$IMAGE_TAG \
-                        --set-env-vars \
-                          "ConnectionStrings__DefaultConnection=$(SqlConnectionString)" \
-                          "ASPNETCORE_ENVIRONMENT=Staging"
-                      az containerapp ingress sticky-sessions set \
-                        --name $(projectName)-$(environment)-app \
-                        --resource-group $(resourceGroupPrefix)-$(environment) \
-                        --affinity sticky
-                - task: AzureCLI@2
-                  displayName: 'Verify Deployment'
-                  inputs:
-                    azureSubscription: '$(azureSubscription)'
-                    scriptType: 'bash'
-                    scriptLocation: 'inlineScript'
-                    inlineScript: |
-                      for i in {1..30}; do
-                        HEALTH=$(az containerapp revision list \
-                          --name $(projectName)-$(environment)-app \
-                          --resource-group $(resourceGroupPrefix)-$(environment) \
-                          --query "[0].properties.healthState" -o tsv)
-                        if [ "$HEALTH" == "Healthy" ]; then
-                          echo "Deployment verified: Healthy"
-                          exit 0
-                        fi
-                        echo "Waiting for healthy state... ($i/30)"
-                        sleep 10
-                      done
-                      echo "Deployment verification timeout"
-                      exit 1
-  # --------------------------------------------------------------------------
-  # Stage: Deploy to Production
-  # --------------------------------------------------------------------------
-  - stage: DeployProd
-    displayName: 'Deploy to Production'
-    dependsOn: DeployStaging
-    condition: succeeded()
-    variables:
-      - group: 'deploy-secrets-prod'
-      - name: environment
-        value: 'prod'
-    jobs:
-      - deployment: DeployToProd
-        displayName: 'Deploy to Production Environment'
-        pool:
-          vmImage: 'ubuntu-latest'
-        environment: 'prod'
-        strategy:
-          runOnce:
-            deploy:
-              steps:
-                - download: current
-                  artifact: 'build-artifacts'
-                # Save previous revision for rollback
-                - task: AzureCLI@2
-                  displayName: 'Save Previous Revision'
-                  inputs:
-                    azureSubscription: '$(azureSubscription)'
-                    scriptType: 'bash'
-                    scriptLocation: 'inlineScript'
-                    inlineScript: |
-                      PREVIOUS_REVISION=$(az containerapp revision list \
-                        --name $(projectName)-$(environment)-app \
-                        --resource-group $(resourceGroupPrefix)-$(environment) \
-                        --query "[0].name" -o tsv 2>/dev/null || echo "none")
-                      echo "##vso[task.setvariable variable=previousRevision]$PREVIOUS_REVISION"
-                      echo "Previous revision: $PREVIOUS_REVISION"
-                - task: AzureCLI@2
-                  displayName: 'Deploy Infrastructure'
-                  inputs:
-                    azureSubscription: '$(azureSubscription)'
-                    scriptType: 'bash'
-                    scriptLocation: 'inlineScript'
-                    inlineScript: |
-                      az group create \
-                        --name $(resourceGroupPrefix)-$(environment) \
-                        --location $(azureLocation) \
-                        --tags environment=$(environment) project=$(projectName)
-                      if [ -f "infra/main.bicep" ]; then
-                        az deployment group create \
-                          --resource-group $(resourceGroupPrefix)-$(environment) \
-                          --template-file infra/main.bicep \
-                          --parameters @infra/parameters.$(environment).json \
-                          --name "deploy-$(Build.BuildId)"
-                      fi
-                - task: AzureCLI@2
-                  displayName: 'Deploy Application'
-                  inputs:
-                    azureSubscription: '$(azureSubscription)'
-                    scriptType: 'bash'
-                    scriptLocation: 'inlineScript'
-                    inlineScript: |
-                      IMAGE_TAG=$(cat $(Pipeline.Workspace)/build-artifacts/imagetag.txt)
-                      ACR_PASSWORD=$(az acr credential show \
-                        --name $(acrName) \
-                        --query "passwords[0].value" -o tsv)
-                      az containerapp update \
-                        --name $(projectName)-$(environment)-app \
-                        --resource-group $(resourceGroupPrefix)-$(environment) \
-                        --image $(acrName).azurecr.io/$(imageRepository):$IMAGE_TAG \
-                        --set-env-vars \
-                          "ConnectionStrings__DefaultConnection=$(SqlConnectionString)" \
-                          "ASPNETCORE_ENVIRONMENT=Production"
-                      az containerapp ingress sticky-sessions set \
-                        --name $(projectName)-$(environment)-app \
-                        --resource-group $(resourceGroupPrefix)-$(environment) \
-                        --affinity sticky
-                - task: AzureCLI@2
-                  displayName: 'Verify Deployment'
-                  inputs:
-                    azureSubscription: '$(azureSubscription)'
-                    scriptType: 'bash'
-                    scriptLocation: 'inlineScript'
-                    inlineScript: |
-                      for i in {1..30}; do
-                        HEALTH=$(az containerapp revision list \
-                          --name $(projectName)-$(environment)-app \
-                          --resource-group $(resourceGroupPrefix)-$(environment) \
-                          --query "[0].properties.healthState" -o tsv)
-                        if [ "$HEALTH" == "Healthy" ]; then
-                          echo "Deployment verified: Healthy"
-                          # Get app URL
-                          APP_URL=$(az containerapp show \
-                            --name $(projectName)-$(environment)-app \
-                            --resource-group $(resourceGroupPrefix)-$(environment) \
-                            --query "properties.configuration.ingress.fqdn" -o tsv)
-                          echo "Application URL: https://$APP_URL"
-                          exit 0
-                        fi
-                        echo "Waiting for healthy state... ($i/30)"
-                        sleep 10
-                      done
-                      # Rollback on failure
-                      echo "Deployment failed! Initiating rollback..."
-                      if [ "$(previousRevision)" != "none" ]; then
-                        az containerapp revision activate \
-                          --name $(projectName)-$(environment)-app \
-                          --resource-group $(resourceGroupPrefix)-$(environment) \
-                          --revision $(previousRevision)
-                        echo "Rolled back to $(previousRevision)"
-                      fi
-                      exit 1
-# ============================================================================
-# USAGE INSTRUCTIONS
-# ============================================================================
-#
-# 1. Replace placeholders:
-#    - {{PROJECT_NAME}}: Your project name (e.g., "myapp")
-#    - {{ACR_NAME}}: Your Azure Container Registry name
-#
-# 2. Create Service Connections in Azure DevOps:
-#    - azure-service-connection: Azure Resource Manager connection
-#    - acr-service-connection: Docker Registry connection to ACR
-#
-# 3. Create Variable Groups:
-#    - deploy-secrets-dev: Variables for dev environment
-#    - deploy-secrets-staging: Variables for staging environment
-#    - deploy-secrets-prod: Variables for production environment
-#
-#    Required variables in each group:
-#    - SqlConnectionString: Full SQL connection string
-#    - (Add other secrets as needed)
-#
-# 4. Create Environments in Azure DevOps:
-#    - dev: No approvals (auto-deploy on develop branch)
-#    - staging: Optional approval
-#    - prod: Required approval
-#
-# 5. Ensure Bicep templates exist:
-#    - infra/main.bicep
-#    - infra/parameters.dev.json
-#    - infra/parameters.staging.json
-#    - infra/parameters.prod.json
-#
-# ============================================================================
+# ============================================================================
+# Azure DevOps Pipeline - MORPH-SPEC Deploy
+# ============================================================================
+# Generated by MORPH-SPEC Azure Deploy Specialist
+#
+# This pipeline provides:
+# - Multi-stage deployment (Build -> Dev -> Staging -> Prod)
+# - Automatic deployment to dev on develop branch
+# - Manual approval for staging and prod
+# - Rollback support via MORPH-SPEC CLI
+# - Cost validation before deployment
+#
+# Prerequisites:
+# 1. Service connection 'azure-service-connection' with subscription access
+# 2. Service connection 'acr-service-connection' for Container Registry
+# 3. Variable group 'deploy-secrets-{env}' for each environment
+# 4. Environment 'dev', 'staging', 'prod' configured in Azure DevOps
+# ============================================================================
+trigger:
+  branches:
+    include:
+      - main
+      - develop
+  paths:
+    exclude:
+      - '*.md'
+      - 'docs/**'
+      - '.morph/**'
+pr:
+  branches:
+    include:
+      - main
+      - develop
+variables:
+  # Project Configuration
+  - name: projectName
+    value: '{{PROJECT_NAME}}'
+  - name: acrName
+    value: '{{ACR_NAME}}'
+  - name: dockerfilePath
+    value: './Dockerfile'
+  - name: resourceGroupPrefix
+    value: 'rg-{{PROJECT_NAME}}'
+  # Azure Configuration
+  - name: azureSubscription
+    value: 'azure-service-connection'
+  - name: acrServiceConnection
+    value: 'acr-service-connection'
+  - name: azureLocation
+    value: 'brazilsouth'
+  # Build Configuration
+  - name: imageTag
+    value: '$(Build.BuildId)'
+  - name: imageRepository
+    value: '$(projectName)'
+# ============================================================================
+# STAGES
+# ============================================================================
+stages:
+  # --------------------------------------------------------------------------
+  # Stage: Build
+  # --------------------------------------------------------------------------
+  - stage: Build
+    displayName: 'Build and Push Docker Image'
+    jobs:
+      - job: BuildAndPush
+        displayName: 'Build Docker Image'
+        pool:
+          vmImage: 'ubuntu-latest'
+        steps:
+          # Checkout code
+          - checkout: self
+            fetchDepth: 1
+          # Install Node.js for MORPH-SPEC CLI
+          - task: NodeTool@0
+            displayName: 'Install Node.js'
+            inputs:
+              versionSpec: '20.x'
+          # Install MORPH-SPEC CLI
+          - script: npm install -g @polymorphism-tech/morph-spec
+            displayName: 'Install MORPH-SPEC CLI'
+          # Validate Bicep costs
+          - script: |
+              if [ -f "infra/main.bicep" ]; then
+                npx morph-spec cost infra/main.bicep --strict
+              else
+                echo "No Bicep files found, skipping cost validation"
+              fi
+            displayName: 'Validate Infrastructure Costs'
+            continueOnError: false
+          # Build and push Docker image
+          - task: Docker@2
+            displayName: 'Build and Push Image'
+            inputs:
+              containerRegistry: '$(acrServiceConnection)'
+              repository: '$(imageRepository)'
+              command: 'buildAndPush'
+              Dockerfile: '$(dockerfilePath)'
+              tags: |
+                $(imageTag)
+                latest
+          # Save image tag as artifact
+          - script: |
+              echo "$(imageTag)" > $(Build.ArtifactStagingDirectory)/imagetag.txt
+            displayName: 'Save Image Tag'
+          - task: PublishBuildArtifacts@1
+            displayName: 'Publish Artifacts'
+            inputs:
+              pathToPublish: '$(Build.ArtifactStagingDirectory)'
+              artifactName: 'build-artifacts'
+  # --------------------------------------------------------------------------
+  # Stage: Deploy to Dev
+  # --------------------------------------------------------------------------
+  - stage: DeployDev
+    displayName: 'Deploy to Development'
+    dependsOn: Build
+    condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/develop'))
+    variables:
+      - group: 'deploy-secrets-dev'
+      - name: environment
+        value: 'dev'
+    jobs:
+      - deployment: DeployToDev
+        displayName: 'Deploy to Dev Environment'
+        pool:
+          vmImage: 'ubuntu-latest'
+        environment: 'dev'
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - download: current
+                  artifact: 'build-artifacts'
+                - task: AzureCLI@2
+                  displayName: 'Deploy Infrastructure'
+                  inputs:
+                    azureSubscription: '$(azureSubscription)'
+                    scriptType: 'bash'
+                    scriptLocation: 'inlineScript'
+                    inlineScript: |
+                      # Create resource group if not exists
+                      az group create \
+                        --name $(resourceGroupPrefix)-$(environment) \
+                        --location $(azureLocation) \
+                        --tags environment=$(environment) project=$(projectName)
+                      # Deploy Bicep (if exists)
+                      if [ -f "infra/main.bicep" ]; then
+                        az deployment group create \
+                          --resource-group $(resourceGroupPrefix)-$(environment) \
+                          --template-file infra/main.bicep \
+                          --parameters @infra/parameters.$(environment).json \
+                          --name "deploy-$(Build.BuildId)"
+                      fi
+                - task: AzureCLI@2
+                  displayName: 'Deploy Application'
+                  inputs:
+                    azureSubscription: '$(azureSubscription)'
+                    scriptType: 'bash'
+                    scriptLocation: 'inlineScript'
+                    inlineScript: |
+                      IMAGE_TAG=$(cat $(Pipeline.Workspace)/build-artifacts/imagetag.txt)
+                      # Get ACR credentials
+                      ACR_PASSWORD=$(az acr credential show \
+                        --name $(acrName) \
+                        --query "passwords[0].value" -o tsv)
+                      # Update Container App
+                      az containerapp update \
+                        --name $(projectName)-$(environment)-app \
+                        --resource-group $(resourceGroupPrefix)-$(environment) \
+                        --image $(acrName).azurecr.io/$(imageRepository):$IMAGE_TAG \
+                        --set-env-vars \
+                          "ConnectionStrings__DefaultConnection=$(SqlConnectionString)" \
+                          "ASPNETCORE_ENVIRONMENT=Development"
+                      # Enable sticky sessions for Blazor Server
+                      az containerapp ingress sticky-sessions set \
+                        --name $(projectName)-$(environment)-app \
+                        --resource-group $(resourceGroupPrefix)-$(environment) \
+                        --affinity sticky
+                - task: AzureCLI@2
+                  displayName: 'Verify Deployment'
+                  inputs:
+                    azureSubscription: '$(azureSubscription)'
+                    scriptType: 'bash'
+                    scriptLocation: 'inlineScript'
+                    inlineScript: |
+                      # Wait for healthy state
+                      for i in {1..30}; do
+                        HEALTH=$(az containerapp revision list \
+                          --name $(projectName)-$(environment)-app \
+                          --resource-group $(resourceGroupPrefix)-$(environment) \
+                          --query "[0].properties.healthState" -o tsv)
+                        if [ "$HEALTH" == "Healthy" ]; then
+                          echo "Deployment verified: Healthy"
+                          exit 0
+                        fi
+                        echo "Waiting for healthy state... ($i/30)"
+                        sleep 10
+                      done
+                      echo "Deployment verification timeout"
+                      exit 1
+  # --------------------------------------------------------------------------
+  # Stage: Deploy to Staging
+  # --------------------------------------------------------------------------
+  - stage: DeployStaging
+    displayName: 'Deploy to Staging'
+    dependsOn: Build
+    condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
+    variables:
+      - group: 'deploy-secrets-staging'
+      - name: environment
+        value: 'staging'
+    jobs:
+      - deployment: DeployToStaging
+        displayName: 'Deploy to Staging Environment'
+        pool:
+          vmImage: 'ubuntu-latest'
+        environment: 'staging'
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - download: current
+                  artifact: 'build-artifacts'
+                - task: AzureCLI@2
+                  displayName: 'Deploy Infrastructure'
+                  inputs:
+                    azureSubscription: '$(azureSubscription)'
+                    scriptType: 'bash'
+                    scriptLocation: 'inlineScript'
+                    inlineScript: |
+                      az group create \
+                        --name $(resourceGroupPrefix)-$(environment) \
+                        --location $(azureLocation) \
+                        --tags environment=$(environment) project=$(projectName)
+                      if [ -f "infra/main.bicep" ]; then
+                        az deployment group create \
+                          --resource-group $(resourceGroupPrefix)-$(environment) \
+                          --template-file infra/main.bicep \
+                          --parameters @infra/parameters.$(environment).json \
+                          --name "deploy-$(Build.BuildId)"
+                      fi
+                - task: AzureCLI@2
+                  displayName: 'Deploy Application'
+                  inputs:
+                    azureSubscription: '$(azureSubscription)'
+                    scriptType: 'bash'
+                    scriptLocation: 'inlineScript'
+                    inlineScript: |
+                      IMAGE_TAG=$(cat $(Pipeline.Workspace)/build-artifacts/imagetag.txt)
+                      ACR_PASSWORD=$(az acr credential show \
+                        --name $(acrName) \
+                        --query "passwords[0].value" -o tsv)
+                      az containerapp update \
+                        --name $(projectName)-$(environment)-app \
+                        --resource-group $(resourceGroupPrefix)-$(environment) \
+                        --image $(acrName).azurecr.io/$(imageRepository):$IMAGE_TAG \
+                        --set-env-vars \
+                          "ConnectionStrings__DefaultConnection=$(SqlConnectionString)" \
+                          "ASPNETCORE_ENVIRONMENT=Staging"
+                      az containerapp ingress sticky-sessions set \
+                        --name $(projectName)-$(environment)-app \
+                        --resource-group $(resourceGroupPrefix)-$(environment) \
+                        --affinity sticky
+                - task: AzureCLI@2
+                  displayName: 'Verify Deployment'
+                  inputs:
+                    azureSubscription: '$(azureSubscription)'
+                    scriptType: 'bash'
+                    scriptLocation: 'inlineScript'
+                    inlineScript: |
+                      for i in {1..30}; do
+                        HEALTH=$(az containerapp revision list \
+                          --name $(projectName)-$(environment)-app \
+                          --resource-group $(resourceGroupPrefix)-$(environment) \
+                          --query "[0].properties.healthState" -o tsv)
+                        if [ "$HEALTH" == "Healthy" ]; then
+                          echo "Deployment verified: Healthy"
+                          exit 0
+                        fi
+                        echo "Waiting for healthy state... ($i/30)"
+                        sleep 10
+                      done
+                      echo "Deployment verification timeout"
+                      exit 1
+  # --------------------------------------------------------------------------
+  # Stage: Deploy to Production
+  # --------------------------------------------------------------------------
+  - stage: DeployProd
+    displayName: 'Deploy to Production'
+    dependsOn: DeployStaging
+    condition: succeeded()
+    variables:
+      - group: 'deploy-secrets-prod'
+      - name: environment
+        value: 'prod'
+    jobs:
+      - deployment: DeployToProd
+        displayName: 'Deploy to Production Environment'
+        pool:
+          vmImage: 'ubuntu-latest'
+        environment: 'prod'
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - download: current
+                  artifact: 'build-artifacts'
+                # Save previous revision for rollback
+                - task: AzureCLI@2
+                  displayName: 'Save Previous Revision'
+                  inputs:
+                    azureSubscription: '$(azureSubscription)'
+                    scriptType: 'bash'
+                    scriptLocation: 'inlineScript'
+                    inlineScript: |
+                      PREVIOUS_REVISION=$(az containerapp revision list \
+                        --name $(projectName)-$(environment)-app \
+                        --resource-group $(resourceGroupPrefix)-$(environment) \
+                        --query "[0].name" -o tsv 2>/dev/null || echo "none")
+                      echo "##vso[task.setvariable variable=previousRevision]$PREVIOUS_REVISION"
+                      echo "Previous revision: $PREVIOUS_REVISION"
+                - task: AzureCLI@2
+                  displayName: 'Deploy Infrastructure'
+                  inputs:
+                    azureSubscription: '$(azureSubscription)'
+                    scriptType: 'bash'
+                    scriptLocation: 'inlineScript'
+                    inlineScript: |
+                      az group create \
+                        --name $(resourceGroupPrefix)-$(environment) \
+                        --location $(azureLocation) \
+                        --tags environment=$(environment) project=$(projectName)
+                      if [ -f "infra/main.bicep" ]; then
+                        az deployment group create \
+                          --resource-group $(resourceGroupPrefix)-$(environment) \
+                          --template-file infra/main.bicep \
+                          --parameters @infra/parameters.$(environment).json \
+                          --name "deploy-$(Build.BuildId)"
+                      fi
+                - task: AzureCLI@2
+                  displayName: 'Deploy Application'
+                  inputs:
+                    azureSubscription: '$(azureSubscription)'
+                    scriptType: 'bash'
+                    scriptLocation: 'inlineScript'
+                    inlineScript: |
+                      IMAGE_TAG=$(cat $(Pipeline.Workspace)/build-artifacts/imagetag.txt)
+                      ACR_PASSWORD=$(az acr credential show \
+                        --name $(acrName) \
+                        --query "passwords[0].value" -o tsv)
+                      az containerapp update \
+                        --name $(projectName)-$(environment)-app \
+                        --resource-group $(resourceGroupPrefix)-$(environment) \
+                        --image $(acrName).azurecr.io/$(imageRepository):$IMAGE_TAG \
+                        --set-env-vars \
+                          "ConnectionStrings__DefaultConnection=$(SqlConnectionString)" \
+                          "ASPNETCORE_ENVIRONMENT=Production"
+                      az containerapp ingress sticky-sessions set \
+                        --name $(projectName)-$(environment)-app \
+                        --resource-group $(resourceGroupPrefix)-$(environment) \
+                        --affinity sticky
+                - task: AzureCLI@2
+                  displayName: 'Verify Deployment'
+                  inputs:
+                    azureSubscription: '$(azureSubscription)'
+                    scriptType: 'bash'
+                    scriptLocation: 'inlineScript'
+                    inlineScript: |
+                      for i in {1..30}; do
+                        HEALTH=$(az containerapp revision list \
+                          --name $(projectName)-$(environment)-app \
+                          --resource-group $(resourceGroupPrefix)-$(environment) \
+                          --query "[0].properties.healthState" -o tsv)
+                        if [ "$HEALTH" == "Healthy" ]; then
+                          echo "Deployment verified: Healthy"
+                          # Get app URL
+                          APP_URL=$(az containerapp show \
+                            --name $(projectName)-$(environment)-app \
+                            --resource-group $(resourceGroupPrefix)-$(environment) \
+                            --query "properties.configuration.ingress.fqdn" -o tsv)
+                          echo "Application URL: https://$APP_URL"
+                          exit 0
+                        fi
+                        echo "Waiting for healthy state... ($i/30)"
+                        sleep 10
+                      done
+                      # Rollback on failure
+                      echo "Deployment failed! Initiating rollback..."
+                      if [ "$(previousRevision)" != "none" ]; then
+                        az containerapp revision activate \
+                          --name $(projectName)-$(environment)-app \
+                          --resource-group $(resourceGroupPrefix)-$(environment) \
+                          --revision $(previousRevision)
+                        echo "Rolled back to $(previousRevision)"
+                      fi
+                      exit 1
+# ============================================================================
+# USAGE INSTRUCTIONS
+# ============================================================================
+#
+# 1. Replace placeholders:
+#    - {{PROJECT_NAME}}: Your project name (e.g., "myapp")
+#    - {{ACR_NAME}}: Your Azure Container Registry name
+#
+# 2. Create Service Connections in Azure DevOps:
+#    - azure-service-connection: Azure Resource Manager connection
+#    - acr-service-connection: Docker Registry connection to ACR
+#
+# 3. Create Variable Groups:
+#    - deploy-secrets-dev: Variables for dev environment
+#    - deploy-secrets-staging: Variables for staging environment
+#    - deploy-secrets-prod: Variables for production environment
+#
+#    Required variables in each group:
+#    - SqlConnectionString: Full SQL connection string
+#    - (Add other secrets as needed)
+#
+# 4. Create Environments in Azure DevOps:
+#    - dev: No approvals (auto-deploy on develop branch)
+#    - staging: Optional approval
+#    - prod: Required approval
+#
+# 5. Ensure Bicep templates exist:
+#    - infra/main.bicep
+#    - infra/parameters.dev.json
+#    - infra/parameters.staging.json
+#    - infra/parameters.prod.json
+#
+# ============================================================================