azure-upgrade

Overview

What is azure-upgrade?

azure-upgrade is a guided upgrade skill for existing Azure workloads. It focuses on in-place and near in-place changes such as upgrading plans, tiers, and SKUs, or moving between closely related Azure services while staying within Azure.

Typical use cases include:

• Upgrading Azure Functions from Consumption to Flex Consumption
• Moving a function app to a different hosting plan or service tier
• Changing the SKU of an existing Azure service
• Migrating from App Service to Azure Container Apps for backend workloads

The skill combines a structured workflow (Identify → Assess → Pre-migrate → Upgrade → Validate) with safety rules and best-practice guidance so you can evolve live applications without guesswork.

Who is azure-upgrade for?

azure-upgrade is designed for:

• Developers and DevOps engineers responsible for Azure-based backend services
• Platform and cloud operations teams managing plan, tier, or SKU changes
• Teams standardizing on Flex Consumption or modernizing from App Service to Container Apps

If you need to tweak plans or move to newer Azure offerings without breaking production, this skill gives you a repeatable, documented path.

What problems does azure-upgrade solve?

azure-upgrade helps you:

• Assess upgrade readiness before touching any live resource
• Plan target plans/tiers/SKUs based on your current setup
• Automate repetitive upgrade steps according to defined rules
• Track progress with an upgrade-status.md file in your repo
• Avoid unsafe operations via strict destructive-action rules and user confirmation

This skill is specifically about in-Azure changes. It does not handle cross-cloud migrations; for that scenario, you would use a separate migration skill such as azure-cloud-migrate.

When is azure-upgrade a good fit?

Use azure-upgrade when:

• You are upgrading a running Azure Functions app to Flex Consumption
• You want to change the hosting tier or SKU for an existing workload
• You are migrating an app from App Service to Azure Container Apps
• You need a traceable, phase-based process for operational Azure upgrades

It may not be the right fit when:

• You are moving workloads out of Azure (cross-cloud migration)
• You are setting up a brand-new app with no existing resources
• You only need CI/CD pipeline automation (better suited to skills like azure-deploy)

If your primary concern is safe rollout, rollback options, and configuration parity during Azure upgrades, azure-upgrade is aligned to that job.

How to Use

1. Installation and setup

To add the azure-upgrade skill from the microsoft/azure-skills repository, use the skills CLI in your agent environment:

npx skills add https://github.com/microsoft/azure-skills --skill azure-upgrade

Once installed, explore the key files that define how the skill works:

• SKILL.md – high-level description, triggers, and rules
• references/global-rules.md – safety rules and best practices
• references/workflow-details.md – detailed workflow phases and status tracking guidance

Make sure your agent is configured with access to relevant Azure MCP tools such as mcp_azure_mcp_get_bestpractices and mcp_azure_mcp_documentation, as referenced in the skill rules.

2. Understand the upgrade workflow

azure-upgrade follows a prescribed sequence:

1. Identify – Clarify the source resource (e.g., current Functions plan) and the target plan, tier, or SKU.
2. Assess – Generate an assessment of upgrade readiness and compatibility.
3. Pre-migrate – Collect app settings, configuration, dependencies, and connectivity details.
4. Upgrade – Execute the automated steps to apply the new plan/tier/SKU or create the new target resource.
5. Validate – Verify that the upgraded app is functional and ready to take traffic.

The skill-enforced rules require that phases be followed in order. Skipping the assessment or pre-migration steps is explicitly discouraged, which helps keep production changes safe and predictable.

3. Track progress with upgrade-status.md

The workflow uses a simple, repo-local tracking file to make upgrades auditable and shareable across the team.

Create upgrade-status.md in the root of your workspace using the structure documented in references/workflow-details.md. At a minimum, it should capture:

• Source app name and current plan
• Target plan or service
• Resource group and region
• Start date
• A checklist of workflow phases (Identify, Assess, Pre-migrate, Upgrade, Validate)
• Notes on issues, decisions, and errors

Update this file as the agent progresses through each phase. If a phase fails, log the error and resolve it before continuing.

4. Respect global safety rules

The references/global-rules.md file defines non-negotiable guardrails for azure-upgrade, including:

• Destructive Action Policy – The agent must not delete apps, services, resource groups, or modify DNS/custom domains without explicit confirmation via ask_user.
• User confirmation checks – Selecting subscriptions or regions, creating new resources, and changing network restrictions must all go through explicit user approval.
• Best practices – The skill favors managed identities, modern runtimes, and keeping the original resource running until the upgraded one is fully validated.

When customizing or extending workflows, keep these rules intact so that your automation remains safe in production environments.

5. Run common upgrade scenarios

Once installed, you interact with azure-upgrade through natural-language intents that match the triggers defined in SKILL.md. Example prompts you might give your agent include:

• "Assess if my function app is ready to move from Consumption to Flex Consumption."
• "Automate the upgrade of my Functions plan to Flex Consumption in the same resource group."
• "Help me migrate this App Service API to Azure Container Apps and validate it before cutover."
• "Change the hosting plan for this function app and document each step in upgrade-status.md."

The skill will then:

1. Interpret your intent as an upgrade scenario.
2. Load the relevant scenario references and global rules.
3. Use Azure MCP tools for documentation and best-practice checks.
4. Propose or generate upgrade steps, asking for confirmation before any impactful change.

6. Hand off to related skills

After a successful upgrade and validation, azure-upgrade supports a clean hand-off to other Azure-focused skills:

• azure-validate – for deeper, post-upgrade validation and testing.
• azure-deploy – to set up or refine CI/CD pipelines around your newly upgraded resources.

This keeps azure-upgrade focused on the change-management workflow while still fitting into a broader automation ecosystem.

FAQ

Is azure-upgrade suitable for production workloads?

Yes, azure-upgrade is designed with production use in mind. The global rules explicitly require:

• Phase-based execution (no skipped assessment)
• Confirmation for destructive or irreversible actions
• Keeping the original app/service running until the upgraded version is fully validated

When used as intended and combined with your own change-management controls, it supports safe upgrades in production environments.

Does azure-upgrade handle cross-cloud migrations?

No. azure-upgrade is focused on in-Azure upgrades such as plan, tier, and SKU changes, or migrations between Azure services like App Service and Container Apps. For moving workloads between clouds, you should use a dedicated migration skill such as azure-cloud-migrate instead.

What Azure services can I upgrade with azure-upgrade?

The skill is geared toward existing workloads such as:

• Azure Functions apps (e.g., Consumption → Flex Consumption)
• Apps running on Azure App Service
• Workloads you want to move to Azure Container Apps

Because the underlying rules focus on plans, tiers, and SKUs, it is particularly useful whenever you need to modernize hosting or adjust capacity for backend services.

How does azure-upgrade keep track of what has been done?

The skill relies on an upgrade-status.md file in your repository, as described in references/workflow-details.md. This file records:

• Key resource details
• Phase completion status
• Errors and remediation notes

This simple mechanism makes upgrades auditable and easy to review, even if multiple team members or agents are involved.

Will azure-upgrade delete my original resources?

Not without explicit approval. references/global-rules.md defines a strict Destructive Action Policy:

• Deleting apps, services, or resource groups
• Stopping or disabling original services
• Modifying DNS or custom domain bindings

All of these require explicit confirmation via ask_user. You stay in control of when (or if) to decommission the original resources after a successful upgrade.

Can I customize the azure-upgrade workflow?

You can adapt how you use the workflow (for example, by integrating the status file with your own processes or combining it with other internal tools), but the defined phases and safety rules are there to keep upgrades predictable and safe. If you extend or wrap azure-upgrade, preserve:

• The Identify → Assess → Pre-migrate → Upgrade → Validate sequence
• The global rules for destructive actions and confirmations

This ensures any custom automation still benefits from the built-in guardrails.

How does azure-upgrade fit with CI/CD pipelines?

azure-upgrade focuses on one-time or periodic operational changes to existing resources. After completing an upgrade and validation, it can hand off to azure-deploy to:

• Configure or update CI/CD pipelines
• Align deployment workflows with the new plan, tier, or service

Use azure-upgrade to safely change the infrastructure characteristics, then rely on pipeline-focused skills for ongoing deployments.

What do I need before using azure-upgrade?

Before running azure-upgrade, make sure you have:

• Access to the target Azure subscription and resource group
• Clarity on your desired target plan/tier/SKU or target service (e.g., Container Apps)
• An agent environment configured with the azure-upgrade skill and Azure MCP tools

Having this information ready will help the agent quickly complete the Identify and Assess phases and reduce back-and-forth confirmations.