// Orchestrates complete Azure AI Foundry deployment to Azure DevOps. Coordinates repository-setup, service-connection-setup, environment-setup, pipeline-setup, and deployment-validation skills. Use when deploying the complete Azure AI Foundry starter template end-to-end.
Creates Azure DevOps CI/CD pipelines from the template YAML files. This skill creates pipelines for agent creation, testing, and deployment automation using the ready-to-use pipeline definitions.
Cleans up Azure DevOps resources (repositories, service connections, variable groups, pipelines) and resets configuration files. Use when you need to remove Azure DevOps artifacts after testing or to prepare for a fresh deployment of the Azure AI Foundry Starter template.
Safely deletes all Azure resources created by the Azure AI Foundry starter template including resource groups, AI Services, AI Foundry Projects, Service Principal, federated credentials, and RBAC assignments. Use when tearing down environments or starting fresh.
Validates the complete Azure AI Foundry deployment by checking repositories, service connections, variable groups, environments, pipelines, and optionally running the first agent deployment. This skill provides comprehensive verification of the deployment setup.
Creates Azure DevOps variable groups and environments for dev, test, and production. This skill configures environment-specific variables and approval gates required for CI/CD pipelines.
Manages federated credentials for Azure DevOps service connections using Workload Identity Federation. Retrieves actual issuer/subject from service connections and creates/updates federated credentials on Service Principals.
| name | starter-execution |
| description | Orchestrates complete Azure AI Foundry deployment to Azure DevOps. Coordinates repository-setup, service-connection-setup, environment-setup, pipeline-setup, and deployment-validation skills. Use when deploying the complete Azure AI Foundry starter template end-to-end. |
| license | Apache-2.0 |
Orchestrates the complete deployment of the Azure AI Foundry starter template to Azure DevOps by coordinating five specialized skills.
End-to-end orchestration skill that coordinates five specialized skills to deploy the Azure AI Foundry starter template from template-app/ to Azure DevOps.
Before using this orchestrator:
azure-ai-foundry-app with template application code{projectName}-{env}-vars with environment-specific configuration (projectName from config)This orchestrator executes five specialized skills in sequence:
# Complete deployment (all phases)
cd .github/skills/starter-execution
# Follow Phase 1-6 commands below
# Or execute individual skills as needed
cd .github/skills/repository-setup
# See individual skill documentation
Execute these six phases in sequence for successful deployment:
# Load configuration
. ./.github/skills/configuration-management/config-functions.ps1
$config = Get-StarterConfig
# Extract values
$org = $config.azureDevOps.organizationUrl
$project = $config.azureDevOps.projectName
# Login to Azure
az login
# Set subscription
az account set --subscription $config.azure.subscriptionId
# Get bearer token (valid for ~1 hour)
$env:ADO_TOKEN = az account get-access-token --resource 499b84ac-1321-427f-aa17-267ca6975798 --query "accessToken" -o tsv
$env:AZURE_DEVOPS_EXT_PAT = $env:ADO_TOKEN
# Configure Azure DevOps CLI
az devops configure --defaults organization=$org project=$project
Write-Host "✅ Authentication complete"
Skill: repository-setup
Purpose: Create Azure DevOps repository and push template application code
Key Actions:
azure-ai-foundry-apptemplate-app/.env file from sample.envDirect Usage:
cd .github/skills/repository-setup
# Follow skill documentation for detailed steps
Quick Validation:
az repos show --repository "azure-ai-foundry-app" -o table
Troubleshooting: See repository-setup/SKILL.md
Skill: service-connection-setup
Purpose: Create service connections with Workload Identity Federation (passwordless, no secrets!)
Key Actions:
azure-foundry-dev, azure-foundry-test, azure-foundry-prodCritical: Federated credential issuer/subject format must match Azure DevOps exactly!
Direct Usage:
cd .github/skills/service-connection-setup
# Follow skill documentation for detailed steps
Quick Validation:
az devops service-endpoint list -o table
az ad app federated-credential list --id $config.servicePrincipal.appId -o table
Troubleshooting: See service-connection-setup/SKILL.md
Skill: environment-setup
Purpose: Create variable groups and environments for all deployment stages
Key Actions:
{projectName}-dev-vars, {projectName}-test-vars, {projectName}-prod-vars (using config.naming.projectName)dev, test, productionCritical: Variable group names must match pipeline YAML exactly!
Direct Usage:
cd .github/skills/environment-setup
# Follow skill documentation for detailed steps
Quick Validation:
az pipelines variable-group list -o table
az pipelines environment list -o table
Troubleshooting: See environment-setup/SKILL.md
Skill: pipeline-setup
Purpose: Create CI/CD pipelines from template YAML files
Key Actions:
REPLACE_WITH_YOUR_PROJECTNAME with config.naming.projectNameAzure AI Foundry - Create AgentAzure AI Foundry - Agent EvaluationAzure AI Foundry - Red Team--skip-first-run flagCritical: Automated script updates YAML files to match variable group names created in Phase 4!
Direct Usage:
cd .github/skills/pipeline-setup
./scripts/create-pipelines.ps1 -UseConfig
**Quick Validation**:
```powershell
az pipelines list -o table
Troubleshooting: See pipeline-setup/SKILL.md
Skill: deployment-validation
Purpose: Validate complete deployment and readiness for pipeline execution
Key Actions:
Direct Usage:
cd .github/skills/deployment-validation
# Follow skill documentation for detailed steps
Quick Validation:
# Comprehensive validation
az repos list -o table
az devops service-endpoint list -o table
az pipelines variable-group list -o table
az pipelines environment list -o table
az pipelines list -o table
First Pipeline Run:
# Run Create Agent pipeline
$pipelineId = az pipelines list --query "[?name=='Azure AI Foundry - Create Agent'].id" -o tsv
az pipelines run --id $pipelineId
# Monitor at: $config.azureDevOps.organizationUrl/$config.azureDevOps.projectName/_build
Troubleshooting: See deployment-validation/SKILL.md
This orchestrator delegates to five specialized skills:
Location: ../repository-setup
Purpose: Create Azure DevOps repository and push template application code
When to Use: Initial deployment or repository recreation
Location: ../service-connection-setup
Purpose: Configure service connections with Workload Identity Federation
When to Use: Initial deployment, fix federated credentials, add new environments
Location: ../environment-setup
Purpose: Create variable groups and environments
When to Use: Initial deployment, update variables, add new environments
Location: ../pipeline-setup
Purpose: Create CI/CD pipelines from YAML templates
When to Use: Initial deployment, add new pipelines, fix pipeline configuration
Location: ../deployment-validation
Purpose: Validate complete deployment readiness
When to Use: After each phase, troubleshooting, pre-deployment verification
For detailed troubleshooting, refer to the specific skill documentation:
Symptom: AADSTS70021: No matching federated identity record found
Cause: Federated credential issuer/subject mismatch
Solution: See service-connection-setup troubleshooting
Symptom: The pipeline is not valid. Could not find service connection
Cause: Service connection not authorized for pipeline use
Solution: See service-connection-setup troubleshooting
Symptom: Variable group name contains invalid characters
Cause: Invalid characters in variable group name
Solution: See environment-setup troubleshooting
Symptom: 401 Unauthorized errors
Cause: Bearer token expired (valid for ~1 hour)
Solution:
$env:ADO_TOKEN = az account get-access-token --resource 499b84ac-1321-427f-aa17-267ca6975798 --query "accessToken" -o tsv
$env:AZURE_DEVOPS_EXT_PAT = $env:ADO_TOKEN
Complete Troubleshooting Guide: docs/troubleshooting.md
--skip-first-run when creating pipelines for control