I'm looking for a reliable way to see what changes my Bicep code might make before actually deploying it. Since the What-If feature isn't working, I thought I could deploy ARM templates generated from my Bicep code and keep those stored away. Then, I could run diffs between the latest deployed ARM templates and the new ones I plan to deploy. Would this approach help me avoid unexpected changes? Or do you have any better suggestions?
3 Answers
Honestly, I have a similar approach. For our Front Door setup, we capture the state of all resources before and after deployment in our test environment, and then use git diff on the JSON for each resource. It's worked really well and has helped build trust for our production deployments.
Last I heard, Microsoft is rolling out a fix for the What-If issue. You can actually request that it be applied to your tenant. In the meantime, I've been using a combo of Pester testing and PsRule. While not a direct substitute for What-If, it gives me confidence in how my resources will look after deployment. Also, it seems there's a new command for the What-If that might be worth checking out!
Cool, thanks for the update! I'll definitely give that a try.
Have you considered using Terraform? Just keep in mind that if someone modifies something in Azure outside of your stored templates, you won't be able to diff against the live resources. That's something to think about as you develop your strategy.
Thanks for the tip! It’s reassuring to know I’m on the right path.