feat(sre-agent): add deployable Azure template#2169
Open
MSBrett wants to merge 11 commits into
Open
Conversation
microsoft-github-policy-service
Bot
added
the
Needs: Review 👀
added 8 commits
June 3, 2026 09:32
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a new deployable FinOps Toolkit SRE Agent template under src/templates/sre-agent/, including subscription-scoped Bicep entry points, supporting infra modules, post-provision “apply extras” automation, and Microsoft Learn documentation + deploy-to-Azure artifacts. This PR also updates the toolkit build pipeline to package the new template and generate the portal recipe zip.
Changes:
- Introduces subscription-scoped Bicep entry points and infra modules (monitoring, agent resource, RBAC, optional ADX principal assignment, and deployment-script-based “apply extras”).
- Adds deployment automation (CLI wrapper scripts, prerequisites check, GitHub Actions example) and packaging/build integration for the template.
- Adds Learn docs + deploy artifacts (Create UI Definition copies, TOC updates, redirection, and changelog entry).
Reviewed changes
Copilot reviewed 36 out of 43 changed files in this pull request and generated 15 comments.
Show a summary per file
| File | Description |
|---|---|
| src/templates/sre-agent/package-manifest.json | Declares which generated artifacts ship for portal deployment packaging. |
| src/templates/sre-agent/main.bicep | Portal-focused subscription-scoped entry point wiring infra + extras. |
| src/templates/sre-agent/infra/scripts/Apply-SreAgentExtras.ps1 | Deployment-script logic to apply connectors/tools/skills/agents/scheduled tasks from the packaged recipe. |
| src/templates/sre-agent/infra/resources.bicep | Resource-group scoped orchestration module for monitoring + agent deployment. |
| src/templates/sre-agent/infra/modules/sre-agent.bicep | Defines Microsoft.App/agents resource and deployer RBAC on the agent. |
| src/templates/sre-agent/infra/modules/resource-group-rbac.bicep | Assigns RG-scoped roles to the agent managed identity based on access level. |
| src/templates/sre-agent/infra/modules/monitoring.bicep | Deploys Log Analytics and workspace-based Application Insights. |
| src/templates/sre-agent/infra/modules/kusto-all-databases-viewer-rbac.bicep | Optional ADX AllDatabasesViewer principal assignment. |
| src/templates/sre-agent/infra/modules/apply-extras.bicep | Creates UAMI + deploymentScripts resource to run Apply-SreAgentExtras.ps1. |
| src/templates/sre-agent/infra/main.bicep | CLI-focused subscription-scoped infra entry point (RG + resources + RBAC + optional ADX RBAC). |
| src/templates/sre-agent/examples/ci-cd/github-actions-deploy.yml | Example GitHub Actions workflow to run the deployment wrapper. |
| src/templates/sre-agent/createUiDefinition.json | Azure portal UI definition for Deploy-to-Azure experience. |
| src/templates/sre-agent/bin/telemetry.sh | Adds a helper for best-effort usage telemetry (currently standalone). |
| src/templates/sre-agent/bin/post-provision.sh | Compatibility wrapper forwarding to the new apply-extras flow. |
| src/templates/sre-agent/bin/deploy.sh | CLI deployment wrapper (parameter validation, deterministic deploy naming, infra deploy, then apply extras). |
| src/templates/sre-agent/bin/check-prerequisites.sh | Preflight checks for required local tools (az/jq/python/PyYAML/etc.). |
| src/templates/sre-agent/.build.config | Registers the template’s custom build step for packaging. |
| src/scripts/Build-Toolkit.ps1 | Adjusts template copy behavior during build (affects which files ship). |
| src/scripts/Build-SreAgentTemplate.ps1 | New build step to generate and zip the portal recipe extras package. |
| docs/deploy/sre-agent/latest/createUiDefinition.json | Published deploy artifact copy for “latest” portal flow. |
| docs/deploy/sre-agent/14.0/createUiDefinition.json | Published deploy artifact copy for versioned portal flow. |
| docs-mslearn/toolkit/sre-agent/troubleshooting.md | Learn troubleshooting guide for SRE Agent deployments and runtime issues. |
| docs-mslearn/toolkit/sre-agent/tools.md | Learn reference catalog of shipped tools (Kusto + Python). |
| docs-mslearn/toolkit/sre-agent/template.md | Learn template reference (parameters/outputs/scripts/modules). |
| docs-mslearn/toolkit/sre-agent/security.md | Learn security/permissions guidance for the deployment. |
| docs-mslearn/toolkit/sre-agent/scheduled-tasks.md | Learn overview of scheduled tasks and their behavior. |
| docs-mslearn/toolkit/sre-agent/python-tools.md | Learn reference for the shipped Python tools. |
| docs-mslearn/toolkit/sre-agent/overview.md | Learn overview page for the SRE Agent template and architecture. |
| docs-mslearn/toolkit/sre-agent/knowledge.md | Learn guidance for knowledge/memory usage with the agent. |
| docs-mslearn/toolkit/sre-agent/get-started.md | Learn quickstart for what to do post-deployment. |
| docs-mslearn/toolkit/sre-agent/deploy.md | Learn deployment tutorial (portal + CLI) and validation steps. |
| docs-mslearn/toolkit/sre-agent/agents.md | Learn explanation of specialist agents/skills and handoff model. |
| docs-mslearn/toolkit/hubs/configure-sre.md | Learn doc integrating SRE Agent deployment guidance into hubs documentation. |
| docs-mslearn/toolkit/changelog.md | Changelog updates to include SRE Agent documentation/template additions. |
| docs-mslearn/TOC.yml | Adds SRE Agent section to the Learn TOC; renames “Workload” → “Usage” optimization entries. |
| docs-mslearn/.openpublishing.redirection.finops.json | Adds a redirection entry related to the SRE Agent docs pathing. |
- infra/main.bicep: union agent RG with targetResourceGroups so the agent RG is never omitted from targetRgIds (matches the portal entry point). - Build-Toolkit.ps1: restore Get-ChildItem -Force so dotfiles such as .upstream-pin, .gitignore, and .gitattributes are copied into the release output; restore the .DS_Store cleanup pass. - scheduled-tasks.md: change agent owner column to finops-practitioner for all 11 tasks that delegate to specialists in the prompt, matching the shipped YAML manifests; add a clarifying note about delegation. - tools.md, kusto-tools.md: replace ../../../src/... relative links with https://github.com/microsoft/finops-toolkit/tree/main/src/... so the links resolve on learn.microsoft.com. - docs-mslearn (14 files): bump ms.date to 06/04/2026 per AGENTS.md guidance for the update-mslearn-dates CI workflow. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replaces part of #2111.
Scope:
Review notes:
features/sre-agent-recipe.memory://projects/finops-toolkit/pr-2111-split-plan.Verification:
git diff --check features/sre-agent-recipe..features/sre-agent-deploy