Update Avm Modules In Bicep
Bump Azure Verified Module pins in Bicep to current MCR tags with lint/build validation and a clear change table.
Overview
update-avm-modules-in-bicep is an agent skill most often used in Operate (also Build, Ship) that upgrades Azure Verified Module versions in Bicep with MCR checks and lint/build validation.
Install
npx skills add https://github.com/github/awesome-copilot --skill update-avm-modules-in-bicepWhat is this skill?
- Eight-step workflow: scan file, identify avm/res paths, fetch MCR tag lists, compare semver, review breaking docs
- Explicit pause policy when updates imply incompatible parameters or breaking registry changes
- Uses search, fetch, editFiles, and runCommands tools rather than ad-hoc scripting when available
- Post-update validation via bicep lint and bicep build
- Final output limited to a summary table plus concise change summary
- 8-step scan-to-output process documented in SKILL.md
- Breaking-change pause policy for incompatible parameters
Adoption & trust: 8.4k installs on skills.sh; 34.6k GitHub stars; 1/3 security scanners passed (skills.sh audits).
What problem does it solve?
Your Bicep stacks pin stale AVM versions and you do not have time to manually check MCR tags and breaking parameter changes for every resource module.
Who is it for?
Solo builders shipping Azure workloads with AVM-based Bicep who need periodic, auditable module refreshes.
Skip if: Greenfield projects with no existing Bicep AVM references or teams forbidding agent-driven IaC edits without human review on every hunk.
When should I use this skill?
Update Azure Verified Modules (AVM) to latest versions in a specified Bicep file `${file}`.
What do I get? / Deliverables
Your Bicep file reflects current AVM semver pins with documented deltas, passing lint/build—or you get a paused approval list when breaking changes block automatic edits.
- Updated Bicep module version pins
- Summary table of AVM version changes
- Lint/build validation results or blocker notes for breaking updates
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Keeping AVM versions current is ongoing IaC hygiene that matters after first deploy and during active build cycles. infra is the canonical shelf for Bicep module version maintenance on Azure landing zones and app stacks.
Where it fits
Refresh storage and key-vault AVM pins before renewing a production deployment pipeline.
Align new feature branches with latest AVM networking modules before wiring app integration Bicep.
Validate module updates still build cleanly immediately ahead of a scheduled Azure release.
How it compares
Focused AVM version bump workflow—not a full Azure architecture generator or Terraform module updater.
Common Questions / FAQ
Who is update-avm-modules-in-bicep for?
Solo and indie Azure users maintaining Bicep files that reference Azure Verified Modules from the public registry.
When should I use update-avm-modules-in-bicep?
Use it during Operate infra upkeep before a deploy window, during Build when refreshing IaC templates, or in Ship when validating infra changes—whenever `${file}` AVM pins may be behind MCR latest.
Is update-avm-modules-in-bicep safe to install?
Treat it as infrastructure-changing automation: review the Security Audits panel on this page and require human approval when the skill pauses for breaking AVM parameter changes.
SKILL.md
READMESKILL.md - Update Avm Modules In Bicep
# Update Azure Verified Modules in Bicep Files Update Bicep file `${file}` to use latest Azure Verified Module (AVM) versions. Limit progress updates to non-breaking changes. Don't output information other than the final output table and summary. ## Process 1. **Scan**: Extract AVM modules and current versions from `${file}` 1. **Identify**: List all unique AVM modules used by matching `avm/res/{service}/{resource}` using `#search` tool 1. **Check**: Use `#fetch` tool to get latest version of each AVM module from MCR: `https://mcr.microsoft.com/v2/bicep/avm/res/{service}/{resource}/tags/list` 1. **Compare**: Parse semantic versions to identify AVM modules needing update 1. **Review**: For breaking changes, use `#fetch` tool to get docs from: `https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/{service}/{resource}` 1. **Update**: Apply version updates and parameter changes using `#editFiles` tool 1. **Validate**: Run `bicep lint` and `bicep build` using `#runCommands` tool to ensure compliance. 1. **Output**: Summarize changes in a table format with summary of updates below. ## Tool Usage Always use tools `#search`, `#searchResults`,`#fetch`, `#editFiles`, `#runCommands`, `#todos` if available. Avoid writing code to perform tasks. ## Breaking Change Policy ⚠️ **PAUSE for approval** if updates involve: - Incompatible parameter changes - Security/compliance modifications - Behavioral changes ## Output Format Only display results in table with icons: ```markdown | Module | Current | Latest | Status | Action | Docs | |--------|---------|--------|--------|--------|------| | avm/res/compute/vm | 0.1.0 | 0.2.0 | 🔄 | Updated | [📖](link) | | avm/res/storage/account | 0.3.0 | 0.3.0 | ✅ | Current | [📖](link) | ### Summary of Updates Describe updates made, any manual reviews needed or issues encountered. ``` ## Icons - 🔄 Updated - ✅ Current - ⚠️ Manual review required - ❌ Failed - 📖 Documentation ## Requirements - Use MCR tags API only for version discovery - Parse JSON tags array and sort by semantic versioning - Maintain Bicep file validity and linting compliance