Azure Deployment Preflight
Run Azure and azd preflight checks, collect all auth and config failures, and output a remediation report before deploy.
Overview
Azure Deployment Preflight is an agent skill most often used in Ship (also Validate scope, Operate infra) that runs pre-deploy Azure and azd checks and produces a full remediation report without stopping at the first fai
Install
npx skills add https://github.com/github/awesome-copilot --skill azure-deployment-preflightWhat is this skill?
- Continue-on-failure validation so every issue appears in one final report
- Azure CLI and Azure Developer CLI authentication error detection with remediation links
- Structured markdown report entries with severity, source, and Microsoft doc URLs
- Token-expired and not-logged-in handling without aborting unrelated checks
- Preflight workflow suitable for agent-driven deploy pipelines
Adoption & trust: 9.3k installs on skills.sh; 34.6k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are about to deploy to Azure but do not know if CLI auth, azd session, or environment config will fail mid-pipeline on the first error only.
Who is it for?
Solo builders using Azure CLI or azd who want exhaustive preflight validation reports before launch.
Skip if: Projects not targeting Azure or teams that want a hard stop on the first CLI error without a full issue inventory.
When should I use this skill?
Before Azure or azd deployment when you need exhaustive validation and a single remediation report.
What do I get? / Deliverables
You receive a consolidated preflight report listing every detected issue with severity and remediation, then fix blockers and re-run deploy.
- Markdown preflight report with severity-tagged findings
- Per-issue remediation steps linking to Microsoft documentation
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Canonical shelf is Ship launch because the skill’s purpose is pre-deployment validation immediately before or during release to Azure. Launch subphase captures go-live readiness: Azure CLI/azd login state and validation gates that block a safe deploy.
Where it fits
Confirm az and azd login works and document blockers before committing to an Azure-hosted architecture.
Run full preflight immediately before production deploy and fix every listed authentication error.
Re-run preflight after refresh token expiry to restore CLI access without missing secondary config issues.
How it compares
Checker skill for human-readable preflight reports—not a hosted CI service or Terraform plan substitute.
Common Questions / FAQ
Who is azure-deployment-preflight for?
Indie developers and agent users shipping apps with Azure CLI or Azure Developer CLI who need structured validation before deploy.
When should I use azure-deployment-preflight?
In Ship launch prep before azd up or ARM deploy; also in Validate when scoping Azure feasibility and in Operate when re-validating infra after token expiry.
Is azure-deployment-preflight safe to install?
Review the Security Audits panel on this Prism page; the skill guides running az and azd commands that touch your Azure subscription when executed.
SKILL.md
READMESKILL.md - Azure Deployment Preflight
# Error Handling Guide This reference documents common errors during preflight validation and how to handle them. ## Core Principle **Continue on failure.** Capture all issues in the final report rather than stopping at the first error. This gives users a complete picture of what needs to be fixed. --- ## Authentication Errors ### Not Logged In (Azure CLI) **Detection:** ``` ERROR: Please run 'az login' to setup account. ERROR: AADSTS700082: The refresh token has expired ``` **Exit Codes:** Non-zero **Handling:** 1. Note the error in the report 2. Include remediation steps 3. Skip remaining Azure CLI commands 4. Continue with other validation steps if possible **Report Entry:** ```markdown #### ❌ Azure CLI Authentication Required - **Severity:** Error - **Source:** az cli - **Message:** Not logged in to Azure CLI - **Remediation:** Run `az login` to authenticate, then re-run preflight validation - **Documentation:** https://learn.microsoft.com/en-us/cli/azure/authenticate-azure-cli ``` ### Not Logged In (azd) **Detection:** ``` ERROR: not logged in, run `azd auth login` to login ``` **Handling:** 1. Note the error in the report 2. Skip azd commands 3. Suggest `azd auth login` **Report Entry:** ```markdown #### ❌ Azure Developer CLI Authentication Required - **Severity:** Error - **Source:** azd - **Message:** Not logged in to Azure Developer CLI - **Remediation:** Run `azd auth login` to authenticate, then re-run preflight validation ``` ### Token Expired **Detection:** ``` AADSTS700024: Client assertion is not within its valid time range AADSTS50173: The provided grant has expired ``` **Handling:** 1. Note the error 2. Suggest re-authentication 3. Skip Azure operations --- ## Permission Errors ### Insufficient RBAC Permissions **Detection:** ``` AuthorizationFailed: The client '...' with object id '...' does not have authorization to perform action '...' over scope '...' ``` **Handling:** 1. **First attempt:** Retry with `--validation-level ProviderNoRbac` 2. Note the permission limitation in the report 3. If ProviderNoRbac also fails, report the specific missing permission **Report Entry:** ```markdown #### ⚠️ Limited Permission Validation - **Severity:** Warning - **Source:** what-if - **Message:** Full RBAC validation failed; using read-only validation - **Detail:** Missing permission: `Microsoft.Resources/deployments/write` on scope `/subscriptions/xxx` - **Recommendation:** Request Contributor role on the target resource group, or verify deployment permissions with your administrator ``` ### Resource Group Not Found **Detection:** ``` ResourceGroupNotFound: Resource group 'xxx' could not be found. ``` **Handling:** 1. Note in report 2. Suggest creating the resource group 3. Skip what-if for this scope **Report Entry:** ```markdown #### ❌ Resource Group Does Not Exist - **Severity:** Error - **Source:** what-if - **Message:** Resource group 'my-rg' does not exist - **Remediation:** Create the resource group before deployment: ```bash az group create --name my-rg --location eastus ``` ``` ### Subscription Access Denied **Detection:** ``` SubscriptionNotFound: The subscription 'xxx' could not be found. InvalidSubscriptionId: Subscription '...' is not valid ``` **Handling:** 1. Note in report 2. Suggest checking subscription ID 3. List available subscriptions --- ## Bicep Syntax Errors ### Compilation Errors **Detection:** ``` /path/main.bicep(22,51) : Error BCP064: Found unexpected tokens /path/main.bicep(10,5) : Error BCP018: Expected the "=" character at this location ``` **Handling:** 1. Parse error output for line/column numbers 2. Include all errors in report (don't stop at first) 3. Continue to what-if (may provide additional context) **Report Entry:** ```markdown #### ❌ Bicep Syntax Error - **Severity:** Error - **Source:** bicep build - **Location:** `main.bicep:22:51` - **Code:** BCP064 - **Message:** Found unexpected tokens in interpolated expression - **Remediation: