Add cloud-agnostic CI/CD pipeline deployment guide for Aspire applications

[Copilot]

• Create new CI/CD deployment guide (deployment/cicd.mdx)
• Update .NET version references to 10.x
• Add new "CI/CD pipelines" entry to deployment sidebar with translations
• Rewrote guide to be cloud-agnostic
• Add LearnMore link to /fundamentals/app-lifecycle/#step-3-build-app-create--push-image-to-ghcr
• Replace dotnet tool install -g aspire.cli with canonical install script
• Wrap the three CI/CD workflow phases (Build & publish → Push → Deploy) in a <Steps> component
• Apply editorial suggestions: intro summary, Steps wording, Docker Hub intro sentence, "Protect" phrasing, Other registries as bullet list, workflow description, terminal output sentence, timeouts list punctuation

Page preview

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Discord Feedback] Deployment & CI/CD documentation gaps</issue_title>
<issue_description>## Summary

Based on analysis of 20,415 Discord messages + 147 #help threads (April 2025 - February 2026).

Question counts:

Topic	Questions
Azure DevOps/Pipelines	87
azd integration	75
ACA/Container Apps	70
Kubernetes	54
aspire deploy	44
Container Registry	42
GitHub Actions	22

---

Docs That Exist

Slug	Title	Coverage
deploy-using-the-aspire-cli	Deploy using the Aspire CLI	✅ Basic ACA deployment
building-custom-deployment-pipelines	Building custom deployment pipelines	✅ Image building, progress reporting
publishing-and-deployment	Publishing and deployment	✅ Overview
deployment-manifest-format	Deployment manifest format	✅ Manifest structure
kubernetes-integration	Kubernetes integration	⚠️ Hosting only, not publishing

---

Gaps in Existing Docs

1. aspire deploy - Missing Topics (44 questions)

Customer Quotes:

"how does aspire deploy handle WaitFor? for example, if i set a database migration service to run before an api and frontend, how is this handled when deploying to i.e. azure?"

"did aspire deploy not get resource specific deploys like azd?"

Missing from deploy-using-the-aspire-cli:

• WaitFor behavior during deployment (vs local dev)
• Selective/resource-specific deployment
• aspire deploy vs azd comparison table
• Parameters file format and examples (partially mentioned but unclear per user feedback)
• Handling dev-only resources during deploy

---

2. CI/CD Integration - No Dedicated Docs (109 questions)

Verified: grep -i "github action\|azure devops\|ci\|cd\|pipeline" aspire-docs-list.txt returns no dedicated CI/CD guide.

Customer Quotes:

"Trying to work my way through some issues using the aspire cli in my Azure DevOps pipeline."

"Tests pass locally but fail in Azure DevOps because Cosmos uses principalType 'User' but CI uses Service Principal"

From #help threads:

• Tests run indefinitely in GitHub Actions
• CLI output formatting issues in Jenkins

Action Items:

• Azure DevOps pipeline setup guide
• GitHub Actions workflow examples
• Service Principal vs User principal for Azure resources in CI
• Running aspire CLI in detached mode for E2E tests
• CI environment compatibility (timeouts, terminal output)

---

3. Kubernetes Publishing - Incomplete (54 questions)

Verified: kubernetes-integration exists but covers hosting only, not publishing/deployment.

Customer Quotes:

"I was wondering if anyone has considered an option where you could orchestrate resources in an actual Kubernetes cluster running locally (with MiniKube, Kind, Docker Desktop)"

From #help threads:

• "How to get Kubernetes integration to use container registry image names?"
• AddKubernetesEnvironment() mentioned but undocumented

Action Items:

• AddKubernetesEnvironment() documentation
• Helm chart generation patterns
• Local Kubernetes (MiniKube, Kind) workflows
• cert-manager integration
• Aspirate mention/comparison

---

4. Container Registry / Airgapped (42 questions)

Verified: azure-container-registry-integration exists for ACR, but no private/airgapped patterns.

Customer Quotes:

"Is there an easy way to override container registry hostnames? Internally we use a jfrog artifactory proxy for mcr.microsoft.com."

"Could someone have a look at dotnet/aspire#14128? This would help us to support container registry mirrors in airgapped environments."

Action Items:

• Private/internal registry configuration
• mcr.microsoft.com proxy/mirror patterns
• Airgapped environment setup
• Enterprise registry authentication patterns

---

Data Source

• Discord channels: #��│general, #🔵│azure, #🔨│building-resources
• Help threads: 147 from #🆘│help
• Total messages: 20,415
• Date range: April 2025 - February 2026
• Verified against: aspire-list_docs and aspire-search_docs</issue_description>

<agent_instructions>Please address this issue, while using the .github/skills/doc-writer/SKILL.md. Be certain to also take into account, related issues, pull requests, links and comments that are directly linked as well as comments.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

• Fixes [Discord Feedback] Deployment & CI/CD documentation gaps #331

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[IEvangelist]

This PR looks good so far, but let's double check it for accuracy by using the .github/skills/doc-tester/SKILL.md skill. Please also consider all new comments and feedback/suggestions. @copilot

[Copilot]

Pull request overview

This PR adds a comprehensive CI/CD deployment guide to address a significant documentation gap identified from Discord community feedback (109+ questions about CI/CD integration with no dedicated documentation). The guide covers deploying Aspire applications from GitHub Actions and Azure DevOps pipelines, with detailed setup instructions for both platforms.

Changes:

• Added new CI/CD deployment documentation covering non-interactive deployment, Azure authentication (OIDC/service principals), complete GitHub Actions and Azure DevOps pipeline examples, and CI environment best practices
• Added sidebar entry for "CI/CD pipelines" with translations for all 16 supported locales, positioned before the "Deploy to Azure" section

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
src/frontend/src/content/docs/deployment/cicd.mdx	New comprehensive guide documenting CI/CD deployment patterns for Aspire applications, including environment variables for non-interactive mode, authentication setup, and complete workflow/pipeline examples
src/frontend/config/sidebar/deployment.topics.ts	Added "CI/CD pipelines" sidebar entry with complete translations for all 16 locales (da, de, en, es, fr, hi, id, it, ja, ko, pt-BR, pt-PT, ru, tr, uk, zh-CN)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This PR looks good so far, but let's double check it for accuracy by using the .github/skills/doc-tester/SKILL.md skill. Please also consider all new comments and feedback/suggestions. @copilot

Doc-tester results for deployment/cicd.mdx:

All checks passed ✅

• Page renders correctly — page title, sidebar entry ("CI/CD pipelines"), and all sections display as expected
• All 5 internal links return HTTP 200 — /deployment/deployment-state-caching/, /deployment/azure/aca-deployment-aspire-cli/, /deployment/azure/azure-security-best-practices/, /deployment/overview/, /reference/cli/commands/aspire-deploy/
• dotnet-version: '10.x' confirmed visible in rendered GitHub Actions workflow (b3eb860)
• azurecli code block language — produces the same existing warning as aca-deployment-aspire-cli.mdx, which uses the same language identifier; consistent with existing docs
• No broken MDX syntax, no unused imports, no casual language

Screenshots from the live dev server: the page title, the Cosmos DB principalType explanation, and the dotnet-version: '10.x' line are all correctly rendered.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• centralus-2.in.applicationinsights.azure.com
  • Triggering command: /home/REDACTED/.aspire/bin/aspire /home/REDACTED/.aspire/bin/aspire config set -g channel daily (dns block)
  • Triggering command: /home/REDACTED/.aspire/bin/aspire /home/REDACTED/.aspire/bin/aspire run --non-interactive --project /home/REDACTED/work/aspire.dev/aspire.dev/src/apphost/Aspire.Dev.AppHost/Aspire.Dev.AppHost.csproj --log-file /home/REDACTED/.aspire/logs/cli_20260223T000104812_detach-child_6b11857adbf14bc0b344be1437b8c65c.log (dns block)
  • Triggering command: /home/REDACTED/.aspire/bin/aspire aspire run --detach (dns block)
• telemetry.astro.build
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/aspire.dev/aspire.dev/src/frontend/node_modules/.bin/../astro/astro.js dev (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[IEvangelist]

Hey @copilot, please update this to be cloud agnostic. Right now it's specific to Azure - we really need it to be general/conceptual guidance on CI/CD for deploying to perhaps any container registry.

[Copilot]

Hey @copilot, please update this to be cloud agnostic. Right now it's specific to Azure - we really need it to be general/conceptual guidance on CI/CD for deploying to perhaps any co...

Done in c1c02b7. The guide is now cloud-agnostic:

• Removed: Azure CLI auth, OIDC with Azure App Registrations, AzureCLI@2 task, ACA-specific env vars
• Added: General publish→push→deploy workflow overview with Mermaid diagram; container registry section covering GHCR, Docker Hub, and generic registries; GitHub Actions workflow using aspire publish + GHCR push; Azure DevOps pipeline using generic docker login/docker push
• Azure is retained only in the "See also" section as a link to the platform-specific ACA deployment guide

The page structure is now:

1. CI/CD workflow overview (platform-agnostic)
2. Running aspire publish in CI
3. Pushing container images to a registry (GHCR / Docker Hub / generic)
4. GitHub Actions workflow
5. Azure DevOps pipeline
6. CI environment tips (terminal, timeouts, Docker, caching)

[IEvangelist]

Hey @copilot, please also link to /fundamentals/app-lifecycle/#step-3-build-app-create--push-image-to-ghcr where it makes sense to.

[Copilot]

Hey @copilot, please also link to /fundamentals/app-lifecycle/#step-3-build-app-create--push-image-to-ghcr where it makes sense to.

Added in 7b5e36e — a LearnMore link to /fundamentals/app-lifecycle/#step-3-build-app-create--push-image-to-ghcr now appears under the "GitHub Container Registry" section, which is the most natural placement since that's where users learn about GHCR authentication and push.

[IEvangelist]

Hey @copilot - please update the steps to install the CLI based on how we have it documented EVERYWHERE else. Not the .NET global tool.

[Copilot]

Hey @copilot - please update the steps to install the CLI based on how we have it documented EVERYWHERE else. Not the .NET global tool.

Updated in 760718f. Both examples now use the canonical install script:

GitHub Actions:

- name: Install Aspire CLI
  run: |
    curl -sSL https://aspire.dev/install.sh | bash
    echo "$HOME/.aspire/bin" >> $GITHUB_PATH

Azure DevOps:

- script: |
    curl -sSL https://aspire.dev/install.sh | bash
    echo "##vso[task.prependpath]$HOME/.aspire/bin"
  displayName: Install Aspire CLI

[IEvangelist]

Hey @copilot, please see my new comments - and could you take a screen shot of the page so that we might see how it looks, and add it to the PR description?

[Copilot]

Hey @copilot, please see my new comments - and could you take a screen shot of the page so that we might see how it looks, and add it to the PR description?

Screenshot added to the PR description and below — the page is rendering correctly with the sidebar entry "CI/CD pipelines" highlighted, the Mermaid architecture diagram, and the updated Steps component:

[alistairmatthews]

@copilot Please implement my suggestions.

[alistairmatthews]

This introduction is good, but please add a short two or three sentence summary of what the students will learn in this article.

[alistairmatthews]

Suggested change

	1. **Build & publish** — `aspire publish` builds your .NET project container images and generates deployment artifacts (Docker Compose files, Kubernetes manifests, etc.) with image name placeholders.
	1. **Push** — Your pipeline tags the locally-built images and pushes them to a container registry such as GitHub Container Registry, Docker Hub, Amazon ECR, or Azure Container Registry.
	1. **Deploy** — Your pipeline applies the generated artifacts using the appropriate tooling (`kubectl apply`, `docker compose up`, etc.), substituting the image placeholders with the pushed registry addresses.
	1. **Build and publish**: `aspire publish` builds your .NET project container images and generates deployment artifacts with image name placeholders.
	1. **Push**: Your pipeline tags the locally-built images and pushes them to a container registry such as GitHub Container Registry, Docker Hub, Amazon ECR, or Azure Container Registry.
	1. **Deploy**: Your pipeline applies the generated artifacts using the appropriate tooling (`kubectl apply`, `docker compose up`, and so on), substituting the image placeholders with the pushed registry addresses.

[alistairmatthews]

Suggested change

	Use a script like this to push your images to Docker Hub:

[alistairmatthews]

Suggested change

	Store `DOCKERHUB_TOKEN` and `DOCKERHUB_USERNAME` as secrets in your pipeline. Generate the token from [hub.docker.com](https://hub.docker.com) under **Account settings > Personal access tokens**.
	Protect the sensitive `DOCKERHUB_TOKEN` and `DOCKERHUB_USERNAME` values by storing them as secrets in your pipeline. Generate the token from [hub.docker.com](https://hub.docker.com) under **Account settings > Personal access tokens**.

[alistairmatthews]

Suggested change

	Other container registries (Amazon ECR, Azure Container Registry, Google Artifact Registry, JFrog Artifactory, and self-hosted registries) follow the same pattern: authenticate with `docker login`, tag your image with the registry hostname, and push. Refer to your registry's authentication documentation for the specific login command.
	Other container registries, such as Amazon ECR, Azure Container Registry, Google Artifact Registry, JFrog Artifactory, and self-hosted registries, follow the same pattern:
	- Authenticate with `docker login`.
	- Tag your image with the registry hostname.
	- Push your images.
	Refer to your registry's authentication documentation for the specific login command.

[alistairmatthews]

Suggested change

	The following complete workflow generates artifacts with `aspire publish`, pushes images to GitHub Container Registry, and applies a Docker Compose deployment. Customize the deploy step for your own target (Kubernetes, a cloud provider, etc.).
	The following complete workflow generates artifacts with `aspire publish`, pushes images to GitHub Container Registry, and applies a Docker Compose deployment. Customize the deploy step for your own target (Kubernetes, a cloud provider, or something else).

[alistairmatthews]

Suggested change

	The Aspire CLI detects whether it's running in a CI environment and adjusts its output accordingly (no interactive prompts, plain-text progress). If you see garbled or ANSI escape codes in logs, set the `NO_COLOR` environment variable:
	The Aspire CLI detects whether it's running in a CI environment and adjusts its output accordingly, with no interactive prompts and plain-text progress. If you see garbled or ANSI escape codes in logs, set the `NO_COLOR` environment variable:

[alistairmatthews]

Suggested change

	- .NET container image builds
	- Container registry image push (varies with image size and network speed)
	- Provisioning and startup of deployment targets
	- .NET container image builds.
	- Container registry image pushes. These times can vary with image size and network speed).
	- Provisioning and startup of deployment targets.

[Copilot]

@copilot Please implement my suggestions.

All suggestions implemented in 5075d7a:

• Added a 2-sentence "what you'll learn" summary to the intro
• Updated Steps to use "Build and publish" / "Push" / "Deploy" with period-terminated list-style descriptions (no — dashes, no etc.)
• Added "Use a script like this to push your images to Docker Hub:" intro sentence
• Changed "Store" to "Protect the sensitive ... values by storing them as secrets"
• Rewrote "Other registries" as a bullet list (authenticate → tag → push)
• Updated workflow intro to end with "or something else" instead of etc.
• Rewrote terminal output sentence to use a comma-separated clause instead of parentheses
• Added periods to the timeout bullet list items