zava-app-template

Golden-path application template for Zava services. Provisioned repos deploy to Azure Container Apps via azd using GitHub OIDC (no stored secrets), and inherit the APM supply-chain gate from zava-agent-config.

See WHY-THIS-REPO.md for the contract.

Layout

src/        minimal Node service (replace with your app) + Dockerfile
infra/      azd Bicep — Container Apps env, ACR, managed identity, Log Analytics
azure.yaml  azd service map (web → containerapp)
.github/workflows/deploy.yml   OIDC provision + deploy to the `dev` environment
.github/workflows/ci.yml       required APM audit gate
apm.yml     pinned governance (secure-baseline + release-kit)

Local

azd auth login
azd up        # provision + deploy to your own subscription
azd down      # tear down

In a provisioned repo

The provisioning golden path sets repo variables AZURE_CLIENT_ID, AZURE_TENANT_ID, AZURE_SUBSCRIPTION_ID, AZURE_ENV_NAME, AZURE_LOCATION and the dev environment. Pushing to main deploys automatically.