Update Azure Verified Modules in Bicep Files
This skill guides you through updating Azure Verified Module (AVM) references to their latest versions in Bicep files.
Process
- •
Scan: Use
read_fileorgrep_searchto extract all AVM module references and their current versions from the target Bicep file(s). Look for patterns likebr/public:avm/res/{service}/{resource}:{version}. - •
Check Latest Versions: Use
fetch_webpageto query the Microsoft Container Registry (MCR):- •API endpoint:
https://mcr.microsoft.com/v2/bicep/avm/res/{service}/{resource}/tags/list - •Parse the JSON response and extract the
tagsarray - •Sort tags by semantic versioning to identify the latest stable version
- •API endpoint:
- •
Compare Versions: For each module, compare the current version with the latest available version using semantic version parsing.
- •
Review Breaking Changes: For modules with major or significant version changes, use
fetch_webpageto review the documentation:- •Documentation URL:
https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/{service}/{resource} - •Check the CHANGELOG.md or release notes for breaking changes
- •Documentation URL:
- •
Apply Updates: Use
replace_string_in_fileto update the version numbers in the Bicep file while maintaining file validity. - •
Validate: Use
run_in_terminalto run Bicep linting:bashaz bicep build --file <file-path>
Breaking Change Policy
⚠️ PAUSE for user approval if updates involve:
- •Major version changes (e.g., 0.x.x → 1.x.x or 1.x.x → 2.x.x)
- •Incompatible parameter changes or removals
- •Security or compliance modifications
- •Significant behavioral changes
Output Format
Display results in a table with status icons:
| Module | Current | Latest | Status | Action | Docs |
|---|---|---|---|---|---|
| avm/res/compute/virtual-machine | 0.1.0 | 0.2.0 | 🔄 | Updated | 📖 |
| avm/res/storage/storage-account | 0.3.0 | 0.3.0 | ✅ | Current | 📖 |
| avm/res/network/virtual-network | 0.5.0 | 1.0.0 | ⚠️ | Review | 📖 |
Status Icons
- •🔄 Updated - Module was updated to latest version
- •✅ Current - Module is already at latest version
- •⚠️ Manual review required - Breaking changes detected, needs user approval
- •❌ Failed - Unable to check or update module
Module Path Pattern
AVM modules follow this pattern in Bicep files:
module exampleModule 'br/public:avm/res/{service}/{resource}:{version}' = {
name: 'deployment-name'
params: { /* parameters */ }
}
Common examples:
- •
br/public:avm/res/storage/storage-account:0.14.3 - •
br/public:avm/res/search/search-service:0.11.1 - •
br/public:avm/res/key-vault/vault:0.11.0 - •
br/public:avm/res/operational-insights/workspace:0.9.1
Requirements
- •Use the MCR tags API only for version discovery (no external package managers)
- •Parse JSON tags array and sort by semantic versioning rules
- •Maintain Bicep file validity and linting compliance after updates
- •Preserve all existing module parameters and configurations
- •Do not modify module names or deployment names unless necessary for compatibility
Example Workflow
- •User asks: "Update AVM modules in infra/main.bicep"
- •Use
grep_searchto scan file forbr/public:avm/res/patterns - •For each module found:
- •Use
fetch_webpageto call MCR API to get available tags - •Compare versions
- •Report status
- •Use
- •Present summary table to user
- •If no breaking changes, use
replace_string_in_fileto apply updates - •If breaking changes exist, wait for user approval
- •Use
run_in_terminalto validate withaz bicep build