Document Details

Template Tutorial Deployment Script
Home / Scan #41 / Template Tutorial Deployment Script
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
powershell_heavy
windows_first
missing_linux_example
windows_tools
Summary
The documentation demonstrates a strong Windows and PowerShell bias. All deployment script examples use PowerShell exclusively, and the 'kind' property for deployment scripts is set to 'AzurePowerShell', with explicit mention that only PowerShell scripts are supported. The script content, debugging, and troubleshooting instructions are all PowerShell-centric, with no Bash or Linux shell script equivalents. Even when mentioning the Azure Cloud Shell, PowerShell is presented first, and the detailed walkthroughs and error handling are PowerShell-specific. There is no example or guidance for authoring or deploying scripts using Bash or other Linux-native tools, despite Azure supporting Bash-based deployment scripts.
Recommendations
  • Provide equivalent Bash (Azure CLI) deployment script examples alongside PowerShell, especially for the 'deploymentScripts' resource, and clarify when each is supported.
  • Explicitly mention and demonstrate how to use 'AzureCLI' as the 'kind' for deployment scripts, including a Bash script to create and add a certificate to Key Vault.
  • Ensure all code tabs and walkthroughs include both PowerShell and Bash/CLI options, not just for deployment but also for authoring and debugging scripts.
  • When describing script content, include both PowerShell and Bash syntax, and link to documentation for both.
  • Clarify in the prerequisites and throughout the tutorial that both Windows and Linux users are supported, and provide parity in instructions and troubleshooting steps.
  • Add troubleshooting and debugging instructions for Bash-based deployment scripts, not just PowerShell.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2025-07-12 23:44 #41 cancelled Biased Biased
2025-07-12 00:58 #8 cancelled Clean Clean
2025-07-10 05:06 #7 processing Clean Clean

Flagged Code Snippets

    # [PowerShell](#tab/PowerShell)

    
    # [PowerShell](#tab/PowerShell)

    
1. Add a `deploymentScripts` resource:

    > [!NOTE]
    > Because the inline deployment scripts are enclosed in double quotes, the strings inside the deployment scripts need to be enclosed in single quotes instead. The [PowerShell escape character](/powershell/module/microsoft.powershell.core/about/about_quoting_rules#single-and-double-quoted-strings) is the backtick (`` ` ``).

    
    The `deploymentScripts` resource depends on the key vault resource and the role assignment resource. It has these properties:

    * `identity`: Deployment script uses a user-assigned managed identity to perform the operations in the script.
    * `kind`: Specify the type of script. Currently, only PowerShell scripts are supported.
    * `forceUpdateTag`: Determine whether the deployment script should be executed even if the script source hasn't changed. Can be current time stamp or a GUID. To learn more, see [Run script more than once](./deployment-script-template.md#run-script-more-than-once).
    * `azPowerShellVersion`: Specifies the Azure PowerShell module version to be used. Currently, deployment script supports version 2.7.0, 2.8.0, and 3.0.0.
    * `timeout`: Specify the maximum allowed script execution time specified in the [ISO 8601 format](https://en.wikipedia.org/wiki/ISO_8601). Default value is **P1D**.
    * `arguments`: Specify the parameter values. The values are separated by spaces.
    * `scriptContent`: Specify the script content. To run an external script, use `primaryScriptURI` instead. For more information, see [Use external script](./deployment-script-template.md#use-external-scripts).
        Declaring `$DeploymentScriptOutputs` is only required when testing the script on a local machine. Declaring the variable allows the script to be run on a local machine and in a `deploymentScript` resource without having to make changes. The value assigned to `$DeploymentScriptOutputs` is available as outputs in the deployments. For more information, see [Work with outputs from PowerShell deployment scripts](./deployment-script-template.md#work-with-outputs-from-powershell-scripts) or [Work with outputs from CLI deployment scripts](./deployment-script-template.md#work-with-outputs-from-cli-scripts).
    * `cleanupPreference`: Specify the preference on when to delete the deployment script resources. The default value is **Always**, which means the deployment script resources are deleted despite the terminal state (Succeeded, Failed, Canceled). In this tutorial, **OnSuccess** is used so that you get a chance to view the script execution results.
    * `retentionInterval`: Specify the interval for which the service retains the script resources after it reaches a terminal state. Resources will be deleted when this duration expires. Duration is based on ISO 8601 pattern. This tutorial uses **P1D**, which means one day. This property is used when `cleanupPreference` is set to **OnExpiration**. This property isn't enabled currently.

    The deployment script takes three parameters: `keyVaultName`, `certificateName`, and `subjectName`. It creates a certificate, and then adds the certificate to the key vault.

    `$DeploymentScriptOutputs` is used to store output value. To learn more, see [Work with outputs from PowerShell deployment scripts](./deployment-script-template.md#work-with-outputs-from-powershell-scripts) or [Work with outputs from CLI deployment scripts](./deployment-script-template.md#work-with-outputs-from-cli-scripts).

    The completed template can be found [here](https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/deployment-script/deploymentscript-keyvault.json).

1. To see the debugging process, place an error in the code by adding the following line to the deployment script:

    
    ---

    The deployment script service needs to create additional deployment script resources for script execution. The preparation and the cleanup process can take up to one minute to complete in addition to the actual script execution time.

    The deployment failed because the invalid command, `Write-Output1` is used in the script. You will get an error saying: