feat(vscode): add "Deploy to Azure" webview and deploy flow (create Logic App without wizard)

[lambrianmsft]

Commit Type

• feature - New functionality
• fix - Bug fix
• refactor - Code restructuring without behavior change
• perf - Performance improvement
• docs - Documentation update
• test - Test-related changes
• chore - Maintenance/tooling

Risk Level

• Low - Minor changes, limited scope
• Medium - Moderate changes, some user impact
• High - Major changes, significant user/system impact

What & Why

This moves the deploy command from using vscode wizards to a custom webview which allows more control and validation from the extension. We also display all relevant information so that users don't have to remember what they had input previously.

Impact of Change

• Users:
  Users now see all content before deploying, and allow naming of resources when a new logic app is created.
• Developers:
• System:

Test Plan

• Unit tests added/updated
• E2E tests added/updated
• Manual testing completed
• Tested in:

Contributors

Screenshots/Videos

[github-actions]

🤖 AI PR Validation Report

PR Review Results

Thank you for your submission! Here's detailed feedback on your PR title and body compliance:

✅ PR Title

• Current: feat(vscode): add "Deploy to Azure" webview and deploy flow (create Logic App without wizard)
• Issue: None significant — title is descriptive and follows conventional-commit-style prefix. Minor: double quotes around Deploy to Azure are fine but unnecessary.
• Recommendation: Keep as-is or simplify to: feat(vscode): add Deploy to Azure webview and deploy flow (create Logic App without wizard)

---

✅ Commit Type

• Properly selected (feature). Only one commit type is checked, which is correct.
• Note: Good.

---

⚠️ Risk Level

• Assessment: The PR body selects Medium and the repository label includes risk:medium. However, based on the code diff (large feature additions across extension + webview + React UI + new backend API payloads + new packages and pnpm-lock changes + many new files and create-without-wizard flow that creates Azure resources), I advise a High risk level.
• Why: This change touches deployment flows, resource creation, networking/security-related flags, new dependencies (some with newer node engine requirements), telemetry properties, and adds a large UI surface. These can have broad customer/system impact and require careful validation and rollout.
• Recommendation: Either change the PR risk label to risk:high or add a thorough, project-maintainer friendly justification explaining why Medium is appropriate (including mitigation, staged rollout, feature flags, etc.).

---

✅ What & Why

• Current: "This moves the deploy command from using vscode wizards to a custom webview which allows more control and validation from the extension. We also display all relevant information so that users don't have to remember what they had input previously."
• Issue: The section is concise and acceptable.
• Recommendation: Optionally expand with 1-2 lines about key user benefits and any rollout plan (experimental flag, opt-in, or enabled by default).

---

❌ Impact of Change

• Issue: The PR body has Users filled, but Developers and System fields are blank. Given the scope of changes, these fields must be filled.
• Recommendation: Add concrete content for each sub-section. Based on the diff, suggested content you can copy/edit:
  • Users: Adds a new "Deploy to Azure" webview — users can create Logic Apps (Standard) and deploy directly from the extension. Users will see improved validation and the ability to name resources during creation.
  • Developers: New APIs and patterns introduced: createLogicAppWithoutWizard, deployViaWebview, new Redux deploySlice, new extension commands (deploy, cancel-deploy, getFilteredLocations), new webView key (deploy), new react UI route. New TypeScript/Node dependencies added: @azure/arm-resources and @azure/arm-subscriptions. Update docs for extension commands and any public APIs if applicable.
  • System: New Graph / ARM calls to enumerate logic apps, locations, app service plans, storage accounts; increased network/API usage during webview interactions; pnpm-lock changes indicate some packages require Node >=20 — verify CI and build images. Consider performance implications and rate limits on large subscriptions.

---

❌ Test Plan

• Assessment: The PR lists only "Manual testing completed" and no detail. The diff adds significant functionality (UI + backend + resource creation) and no unit or e2e tests were added.
• Issue: Per repo guidelines, if only manual testing is selected you must include a detailed manual test plan and justification. Otherwise add automated tests. Currently neither is present.
• Recommendation (must fix): Add one of the following before this PR can be accepted:
  • Preferable: Unit tests + E2E/integration tests covering critical flows:
    • Unit tests for createLogicAppWithoutWizard and SubscriptionTreeItem.createChildWithoutPrompts mocking ARM calls.
    • Unit tests for deploy function behavior when functionAppId is a SlotTreeItem, LogicAppResourceTree, or id string.
    • Tests for ApiService methods (getLogicApps, getLocations, getAppServicePlans, getStorageAccounts, checkStorageAccountNameAvailability) — mock fetch responses.
    • Redux slice unit tests for deploySlice reducers/selectors.
    • E2E test or integration test validating full webview flow (create new Logic App and deploy) in a sandbox environment or using mocked backends.
  • If you cannot add automated tests now, expand Test Plan with detailed manual test steps and expected outcomes (for reviewers and QA): list environment(s), exact steps for creating new Logic App via webview, deploying to existing app, error scenarios (invalid location, storage name taken), telemetry events to validate, and logs to check. Include rollback steps if resources get created in a real subscription.

---

⚠️ Contributors

• Assessment: Empty. While not required, please remember to credit PMs, designers, and reviewers who contributed.
• Recommendation: Add contributor mentions in this section (optional but recommended).

---

❌ Screenshots/Videos

• Assessment: Missing. This PR introduces a substantial visual feature (webview react UI with many controls). Visual review is important.
• Recommendation: Add screenshots (or short video/gif) of the new webview showing both "create new" and "deploy existing" flows, and any validation states (errors, availability results). Attach them to the PR body.

---

Summary Table

Section	Status	Recommendation
Title	✅	Keep; minor cosmetic suggestion optional.
Commit Type	✅	No change.
Risk Level	⚠️	Change label to risk:high or provide justification for Medium.
What & Why	✅	OK; can expand slightly.
Impact of Change	❌	Fill Developers & System sections (see recommendations).
Test Plan	❌	Add automated tests or detailed manual test steps and justifications.
Contributors	⚠️	Optionally add contributor credits.
Screenshots/Videos	❌	Add UI screenshots/videos demonstrating the webview and flows.

---

Final notes & action items (high priority)

1. Tests: add unit and/or E2E tests for the new logic (preferred), or expand the Test Plan with detailed manual test cases that include negative scenarios and telemetry validation. Without this, the PR cannot pass.
2. Risk label: update the PR label to risk:high or provide an explicit justification in the PR body explaining why the change is Medium and what mitigations exist (feature flag, staged rollout, small subset of users, etc.).
3. Impact of Change: fill Developers and System subsections. Call out new commands, new dependencies, and CI/node engine implications.
4. Screenshots/Videos: attach images of the new webview UI (create new + deploy existing), and sample successful/failed deployments.
5. pnpm-lock & node engine: the pnpm-lock shows new package entries with engines node >=20. Please verify CI/build pipeline and contributor guidelines support Node 20. If not, either pin compatible package versions or document required Node upgrade and CI changes.
6. Security/logic correctness: there's a likely logic/comment mismatch in LogicAppCreateStep — you set httpsOnly: true (good) and vnetRouteAllEnabled: false with a comment saying "Enable VNet route all for enhanced security". If you intend to enable VNet route all, set true; otherwise fix the comment. Please confirm intended behavior.
7. Telemetry: you add telemetry properties (e.g., deploymentSource=webview). Ensure telemetry schema/allowlist is updated if required by your telemetry governance.
8. Manual-create flow: ensure createChildWithoutPrompts handles all failure cases cleanly; include tests for partial/failing ARM calls and cleanup if resources are partially created.

Please update the PR body to address the items above and either add tests or a thorough manual test plan, update the risk label (or justify), add screenshots, and fix the vnet/https comment discrepancy. After those updates, re-request review. Thank you for the thorough feature — it adds valuable capability, but it requires stricter testing and risk handling before merge.

---

Last updated: Tue, 20 Jan 2026 22:28:49 GMT

[Copilot]

Pull request overview

This pull request implements a significant UX improvement by migrating the Logic App deployment command from VS Code's native wizard interface to a custom webview. This change provides better control over the deployment process, enhanced validation, and persistent display of user inputs.

Key Changes

• New deployment webview: Custom React-based UI for deployment with comprehensive validation
• Enhanced state management: Added Redux slice for managing deployment state across subscription, resource group, Logic App, and dependent resource selections
• Wizard-free Logic App creation: New code path to create Logic Apps programmatically without user prompts
• Azure resource fetching: New API service methods to fetch subscriptions, Logic Apps, resource groups, locations, app service plans, and storage accounts

Reviewed changes

Copilot reviewed 20 out of 22 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
pnpm-lock.yaml	Added Azure ARM dependencies (@azure/arm-resources, @azure/arm-subscriptions) for resource management
libs/vscode-extension/src/lib/models/project.ts	Added 'deploy' project name constant
libs/vscode-extension/src/lib/models/extensioncommand.ts	Added deploy-related extension commands (deploy, cancel_deploy, getFilteredLocations)
apps/vs-code-react/src/stateWrapper.tsx	Added navigation routing for deploy project
apps/vs-code-react/src/state/store.ts	Registered deploySlice reducer in Redux store
apps/vs-code-react/src/state/deploySlice.ts	Complete Redux slice for deployment state management with 21 state properties
apps/vs-code-react/src/run-service/types.ts	Added logicApps resource type and deploy route
apps/vs-code-react/src/run-service/export/index.ts	Added methods for fetching Logic Apps, locations, app service plans, storage accounts, and name availability checking
apps/vs-code-react/src/router/index.tsx	Added DeployApp route
apps/vs-code-react/src/intl/messages.ts	Added 271 new localization strings for deployment UI
apps/vs-code-react/src/intl/index.ts	Exported deployMessages
apps/vs-code-react/src/app/deploy/deployStyles.ts	Styling definitions for deployment UI
apps/vs-code-react/src/app/deploy/deploy.tsx	Main deployment React component (853 lines) with form validation and Azure resource management
apps/vs-code-designer/src/extensionVariables.ts	Added deploy webview key
apps/vs-code-designer/src/app/tree/subscriptionTree/subscriptionTreeItem.ts	Added createChildWithoutPrompts method for programmatic Logic App creation (254 lines)
apps/vs-code-designer/src/app/commands/registerCommands.ts	Changed deploy command from wizard to webview handler
apps/vs-code-designer/src/app/commands/deploy/deployWebview.ts	New webview handler for deployment with message processing
apps/vs-code-designer/src/app/commands/deploy/deploy.ts	Exported deploy function for reuse
apps/vs-code-designer/src/app/commands/createLogicApp/createLogicAppSteps/logicAppCreateStep.ts	Added httpsOnly and vnetRouteAllEnabled properties to site config
apps/vs-code-designer/src/app/commands/createLogicApp/createLogicApp.ts	Added createLogicAppWithoutWizard function for programmatic creation
apps/vs-code-designer/package.json	Added Azure ARM dependencies
Localize/lang/strings.json	Added localization keys and descriptions for deployment UI

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

[Copilot]

Inconsistent handling of vnetRouteAllEnabled property. The comment says "Enable VNet route all for enhanced security" but the value is set to false, which disables the feature. Either the comment is incorrect or the value should be true.

Suggested change

	vnetRouteAllEnabled: false, // Enable VNet route all for enhanced security
	vnetRouteAllEnabled: true, // Enable VNet route all for enhanced security

[Copilot]

Missing input validation in deployViaWebview handler. The data object should be validated before being used to create resources. Required fields like subscriptionId, newLogicAppName, location, resourceGroup should be checked for existence and validity to prevent runtime errors.

[Copilot]

Duplicate useEffect for storage account name availability check. Lines 294-316 and 318-340 contain identical logic. This will cause the availability check to run twice for every state change, doubling the API calls and potentially causing race conditions.

Suggested change

	// Check storage account name availability (debounced)
	useEffect(() => {
	if (!newStorageAccountName || !isCreatingNew || !isCreatingNewStorageAccount || !selectedSubscription || storageAccountNameError) {
	setStorageNameUnavailable(false);
	setStorageNameMessage('');
	return;
	}
	setIsCheckingStorageName(true);
	const timeoutId = setTimeout(async () => {
	try {
	const result = await apiService.checkStorageAccountNameAvailability(selectedSubscription, newStorageAccountName);
	setStorageNameUnavailable(!result.available);
	setStorageNameMessage(result.message || '');
	} catch (error) {
	console.error('Error checking storage account name availability:', error);
	} finally {
	setIsCheckingStorageName(false);
	}
	}, 500); // 500ms debounce
	return () => clearTimeout(timeoutId);
	}, [newStorageAccountName, isCreatingNew, isCreatingNewStorageAccount, selectedSubscription, storageAccountNameError, apiService]);

[Copilot]

The random GUID generation using Math.random() is not cryptographically secure and may produce collisions. Consider using a proper UUID library or crypto.randomUUID() for generating unique identifiers for Azure resources.

Suggested change

	// Generate a simple GUID-like suffix
	const generateGuid = () => {
	return Math.random().toString(36).substring(2, 10);
	};
	const guid = generateGuid();
	// Generate a simple GUID-like suffix using cryptographically secure random values
	const generateSecureSuffix = () => {
	const bytes = new Uint8Array(8);
	crypto.getRandomValues(bytes);
	return Array.from(bytes, (b) => b.toString(36).padStart(2, '0')).join('').substring(0, 8);
	};
	const guid = generateSecureSuffix();

[andrew-eldridge]

Shouldn't SubscriptionTreeItem.createChild already skip prompts if the values are provided in context? And if not, would it make sense to modify that method to skip prompts when not needed instead of adding this one?

[andrew-eldridge]

Isn't createLogicApp called from deploy if the logic app doesn't exist? Can this be refactored so that the logic app is either always created prior to deploy or always created within deploy function?