// Safely deletes all Azure resources created by the Azure AI Foundry starter template including resource groups, AI Services, AI Foundry Projects, Service Principal, federated credentials, and RBAC assignments. Use when tearing down environments or starting fresh.
Creates Azure DevOps CI/CD pipelines from the template YAML files. This skill creates pipelines for agent creation, testing, and deployment automation using the ready-to-use pipeline definitions.
Orchestrates complete Azure AI Foundry deployment to Azure DevOps. Coordinates repository-setup, service-connection-setup, environment-setup, pipeline-setup, and deployment-validation skills. Use when deploying the complete Azure AI Foundry starter template end-to-end.
Cleans up Azure DevOps resources (repositories, service connections, variable groups, pipelines) and resets configuration files. Use when you need to remove Azure DevOps artifacts after testing or to prepare for a fresh deployment of the Azure AI Foundry Starter template.
Validates the complete Azure AI Foundry deployment by checking repositories, service connections, variable groups, environments, pipelines, and optionally running the first agent deployment. This skill provides comprehensive verification of the deployment setup.
Creates Azure DevOps variable groups and environments for dev, test, and production. This skill configures environment-specific variables and approval gates required for CI/CD pipelines.
Manages federated credentials for Azure DevOps service connections using Workload Identity Federation. Retrieves actual issuer/subject from service connections and creates/updates federated credentials on Service Principals.
| name | cleanup-resources |
| description | Safely deletes all Azure resources created by the Azure AI Foundry starter template including resource groups, AI Services, AI Foundry Projects, Service Principal, federated credentials, and RBAC assignments. Use when tearing down environments or starting fresh. |
| license | Apache-2.0 |
This skill safely deletes all Azure resources created by the Azure AI Foundry starter template.
A comprehensive cleanup skill that removes all Azure infrastructure created during deployment:
⚠️ Warning: This action is IRREVERSIBLE. All data, configurations, and deployments will be permanently lost.
Use this skill when you need to:
cd .github/skills/cleanup-resources/scripts
.\cleanup-resources.ps1 -DryRun
Output: Lists all resources that would be deleted without actually deleting them.
.\cleanup-resources.ps1
Process:
DELETE (uppercase) to proceed.\cleanup-resources.ps1 -Force
⚠️ Caution: Immediately deletes resources without confirmation prompt.
.\cleanup-resources.ps1 -ConfigPath "C:\path\to\custom-config.json"
-DryRun-Force-ConfigPath.\starter-config.jsonBased on your starter-config.json:
Resource groups follow the naming pattern: rg-{projectName}-{env} where {projectName} is derived from config.naming.projectName.
rg-{projectName}-dev
├── AI Foundry Project (aif-project-dev)
├── AI Services (aif-foundry-dev)
├── Deployments
└── All other resources
rg-{projectName}-test
└── (similar structure)
rg-{projectName}-prod
└── (similar structure)
Example: If config.naming.projectName = "ai-foundry-starter", resource groups will be named:
rg-ai-foundry-starter-devrg-ai-foundry-starter-testrg-ai-foundry-starter-prodNote: Deleting resource groups automatically deletes all contained resources.
| Resource Type | Count | Examples |
|---|---|---|
| Resource Groups | 3 | dev, test, prod |
| AI Foundry Projects | 3 | One per environment |
| AI Services | 3 | One per environment |
| Service Principal | 1 | With 3 federated credentials |
| Role Assignments | 6+ | Contributor + Cognitive Services User per RG |
# Load configuration
$config = Get-Content .\starter-config.json | ConvertFrom-Json
# Set Azure subscription context
az account set --subscription $config.azure.subscriptionId
# Derive resource group prefix from project name
$projectName = $config.naming.projectName
$rgPrefix = "rg-$projectName"
# Find all resource groups matching pattern
az group list --query "[?starts_with(name, '$rgPrefix')]"
# Check Service Principal
az ad sp show --id $config.servicePrincipal.appId
# List federated credentials
az ad app federated-credential list --id $config.servicePrincipal.appId
Shows detailed list of:
# Delete resource groups (async, background operation)
az group delete --name $rgName --yes --no-wait
# Delete Service Principal (synchronous)
az ad sp delete --id $spAppId
# First, preview what will be deleted
cd .github/skills/cleanup-resources/scripts
.\cleanup-resources.ps1 -DryRun
# Review the output, then proceed with deletion
.\cleanup-resources.ps1
# Type "DELETE" when prompted
# For automated scripts (CI/CD teardown)
.\cleanup-resources.ps1 -Force
# Use custom config file
.\cleanup-resources.ps1 -ConfigPath "..\..\..\..\config\prod-config.json" -DryRun
# 1. Load configuration to verify
$config = Get-Content .\starter-config.json | ConvertFrom-Json
Write-Host "Subscription: $($config.azure.subscriptionName)"
Write-Host "Resource Group Base: rg-$($config.naming.projectName)"
# 2. Preview deletion
.\cleanup-resources.ps1 -DryRun
# 3. Proceed with deletion
.\cleanup-resources.ps1
# 4. Monitor progress in Azure Portal
# https://portal.azure.com/#view/HubsExtension/BrowseResourceGroups
# 5. Verify deletion complete
# Use resource group prefix from your configuration
$config = Get-Content .\starter-config.json | ConvertFrom-Json
$rgPrefix = "rg-$($config.naming.projectName)"
az group list --query "[?starts_with(name, '$rgPrefix')]" -o table
az ad sp show --id $config.servicePrincipal.appId 2>$null
# Verify resource groups are deleted
$config = Get-Content .\starter-config.json | ConvertFrom-Json
$rgPrefix = "rg-$($config.naming.projectName)"
az group list --query "[?starts_with(name, '$rgPrefix')]" -o table
# Should return empty or show "Deleting" state
# Verify Service Principal is deleted
az ad sp show --id $config.servicePrincipal.appId 2>$null
# Should return error: "Resource not found"
# List all resources in subscription
az resource list --subscription $config.azure.subscriptionId -o table
# Filter for AI Foundry related resources
az resource list --query "[?contains(name, 'foundry') || contains(name, 'aif-')]" -o table
The script provides guidance for manual Azure DevOps cleanup:
az repos delete --id "azure-ai-foundry-app" --yes
$devConn = az devops service-endpoint list --query "[?name=='azure-foundry-dev'].id" -o tsv
az devops service-endpoint delete --id $devConn --yes
# Repeat for test and prod
# Use your projectName from config.naming.projectName
$devVars = az pipelines variable-group list --query "[?name=='$projectName-dev-vars'].id" -o tsv
az pipelines variable-group delete --id $devVars --yes
# Repeat for test and prod
az pipelines environment delete --name "dev" --yes
az pipelines environment delete --name "test" --yes
az pipelines environment delete --name "production" --yes
# List pipelines
az pipelines list --query "[].{Name:name, Id:id}" -o table
# Delete each pipeline
az pipelines delete --id <pipeline-id> --yes
Solution: Ensure you have Contributor or Owner role on the resource group:
az role assignment list --scope "/subscriptions/$subscriptionId/resourceGroups/$rgName"
Solution: Requires Application Administrator role in Azure AD:
# Check your Azure AD roles
az rest --method GET --url "https://graph.microsoft.com/v1.0/me/memberOf"
# Have admin grant Application Administrator role
Symptom: Resource group shows "Deleting" for extended period
Solution:
# Check deletion status
az group show --name $rgName --query "properties.provisioningState" -o tsv
# If stuck, try canceling and re-deleting
# (Note: May not always work)
# Check for resource locks
az lock list --resource-group $rgName -o table
Solution:
# Verify file exists
Test-Path .\starter-config.json
# Specify full path
.\cleanup-resources.ps1 -ConfigPath "C:\Repos\ado\azure-ai-foundry-starter\starter-config.json"
Solution:
# Find remaining resources
az resource list --query "[?contains(name, 'foundry') || contains(name, 'aif-')]" -o table
# Delete individually
az resource delete --ids <resource-id>
starter-config.json for recordsstarter-config.json securely before deletionCleanup → Recreate Workflow:
# 1. Clean up all resources
cd .github/skills/cleanup-resources/scripts
.\cleanup-resources.ps1
# 2. Verify deletion (uses your configured project name)
$config = Get-Content .\starter-config.json | ConvertFrom-Json
$rgPrefix = "rg-$($config.naming.projectName)"
az group list --query "[?starts_with(name, '$rgPrefix')]" -o table
# 3. Recreate from scratch
cd ../../resource-creation
.\create-resources.ps1 -UseConfig -CreateAll
The cleanup script includes multiple safety features:
-DryRun) - See what will be deleted without changes═══════════════════════════════════════════════════════════════
WARNING: RESOURCE DELETION
═══════════════════════════════════════════════════════════════
The following resources will be PERMANENTLY DELETED:
📦 Resource Groups:
❌ rg-{projectName}-dev (eastus)
Contains 3 resources:
- aif-foundry-dev (accounts)
- aif-project-dev (workspaces)
- storage-dev (storageAccounts)
❌ rg-{projectName}-test (eastus)
❌ rg-{projectName}-prod (eastus)
👤 Service Principal:
❌ sp-aif-demo-cicd (App ID: f1ef8b31-...)
Contains 3 federated credentials:
- azure-foundry-dev
- azure-foundry-test
- azure-foundry-prod
Has 6 role assignments
═══════════════════════════════════════════════════════════════
⚠️ This action is IRREVERSIBLE!
All data, configurations, and deployments will be permanently lost.
Type 'DELETE' (in uppercase) to confirm deletion: