Integration test failure: azure-deploy – vanilla Container Apps Node.js Bicep AcrPull same-file [Assertion mismatch]

[github-actions]

Prompt

Create a simple containerized Node.js hello world app and deploy to Azure Container Apps using my current subscription in swedencentral region.

Follow-up: Go with recommended options and proceed with Azure deployment.

Summary

Run: Integration Tests - all #203
Test: azure-deploy_ - Integration Tests › vanilla-azure-container-apps-deploy › creates simple containerized Node.js app
Result: Fail
Duration: 3m 46s (assertion mismatch — AcrPull role assignment in same Bicep file as Container App)

Root Cause Category

Assertion mismatch — AcrPull role assignment placed in container-app.bicep instead of a separate module file, violating the required two-phase deployment pattern

Diagnosis

What was expected

The test verifies the two-phase Container Apps deployment pattern. Phase 2 requires the AcrPull role assignment (role definition ID 7f951dda-4ed3-4680-a7ca-43fe172d538d) to be defined in a separate module file from the Container App resource (Microsoft.App/containerApps):

expect(arePatternsInSeparateFiles(
  workspacePath!,
  /Microsoft\.App\/containerApps/i,
  /7f951dda-4ed3-4680-a7ca-43fe172d538d/i,
  bicepPattern
)).toEqual({ isSeparate: true });
```

### What actually happened
The agent generated Bicep infrastructure where both the `Microsoft.App/containerApps` resource and the AcrPull role assignment (`7f951dda-4ed3-4680-a7ca-43fe172d538d`) were placed in the same `container-app.bicep` file. The received value was:
```
{ isSeparate: false, reason: "same-file", filePaths: ["/tmp/.../infra/core/host/container-app.bicep"] }

Additionally, the azure-deploy skill was never invoked — the workflow terminated after validation (azd provision --preview) without proceeding to actual deployment execution. The SKILL-REPORT notes this is a consistent pattern in vanilla Container Apps tests.

Root cause

1. AcrPull role in same file: The azure-prepare skill's Bicep template for Container Apps places the Microsoft.Authorization/roleAssignments (AcrPull) resource in the same module as the Container App, rather than in a dedicated acr-pull-role.bicep module. The two-phase pattern requires a separate module to handle the circular dependency (Container App needs the image from ACR, but AcrPull needs the Container App's managed identity).
2. azure-deploy not invoked: The test uses shouldEarlyTerminate: shouldEarlyTerminateForAzdProvision, meaning it terminates after azd provision --preview succeeds. The SKILL-REPORT confirms neither test in this suite invoked azure-deploy, though the test still fails due to the file structure assertion.

Suggested fix

• Update the azure-prepare skill's Bicep template for Container Apps to place the AcrPull roleAssignment resource in a separate module (e.g., acr-pull-role.bicep) and reference it as a module in main.bicep
• This is the same pattern documented in the Container Apps Bicep guidance under plugin/skills/azure-prepare/references/services/container-apps/bicep.md
• Ensure the generated main.bicep follows the two-phase pattern: Phase 1 module (ACR + Container App with placeholder image + SystemAssigned identity) + Phase 2 module (AcrPull role assignment)

azure-deploy Skill Invocation

Skill	Invoked
azure-prepare	✅ Yes
azure-validate	✅ Yes
azure-deploy	❌ No (workflow terminated at provision preview)
Full chain (P→V→D)	❌ No

In azure-deploy integration tests, the full skill chain is azure-prepare → azure-validate → azure-deploy.

Skill Report Context

From the vanilla-container-apps SKILL-REPORT (test run 2026-05-01):

• Skill Invocation Success Rate: N/A
• Overall Test Pass Rate (agent assessment): 100% (2/2) — agent considered file generation successful
• Average Confidence: 80% (reduced due to missing azure-deploy invocation)
• Simple Node.js test confidence: 85%
• Key warning: "azure-deploy skill was not invoked despite the user explicitly requesting deployment"
• "The handoff from azure-validate to azure-deploy never occurred"
• Test terminated after azd provision --preview succeeded without proceeding to deployment execution

Environment

• Runner OS: ubuntu-latest
• Node.js: v22.x
• Skill Under Test: azure-deploy
• Region: swedencentral
• IaC: Bicep
• Run URL: https://github.com/microsoft/GitHub-Copilot-for-Azure/actions/runs/25208332123
• Commit: c56b46d
• Test file: tests/azure-deploy/integration.test.ts:424

Generated by Analyze Test Run · ● 2.8M · ◷