From a342fa039f65092a2cafd71911fc788285f5e9c1 Mon Sep 17 00:00:00 2001
From: Joshua Lester <jlester3@ewu.edu>
Date: Fri, 16 Jan 2026 16:34:15 -0800
Subject: [PATCH 01/17] Logging in manually

---
 .github/workflows/Build-Test-And-Deploy.yaml | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/Build-Test-And-Deploy.yaml b/.github/workflows/Build-Test-And-Deploy.yaml
index f66f7c424..1b1cc407b 100644
--- a/.github/workflows/Build-Test-And-Deploy.yaml
+++ b/.github/workflows/Build-Test-And-Deploy.yaml
@@ -81,6 +81,9 @@ jobs:
     needs: build-and-test
     environment:
       name: "Development"
+    permissions:
+      id-token: write
+      contents: read
 
     steps:
       - name: Azure Login
@@ -101,11 +104,21 @@ jobs:
           docker load --input ${{ github.workspace }}/tryimage.tar
           docker image ls -a
 
-      - name: Log in to container registry
+      - name: Get ACR access token
+        id: acr-token
         env:
           REGISTRY_URL: ${{ vars.DEVCONTAINER_REGISTRY }}
-        run:
-            az acr login --name ${REGISTRY_URL%.azurecr.io}
+        run: |
+          TOKEN=$(az acr login --name ${REGISTRY_URL%.azurecr.io} --expose-token --output tsv --query accessToken)
+          echo "::add-mask::$TOKEN"
+          echo "token=$TOKEN" >> $GITHUB_OUTPUT
+
+      - name: Log in to container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ vars.DEVCONTAINER_REGISTRY }}
+          username: 00000000-0000-0000-0000-000000000000
+          password: ${{ steps.acr-token.outputs.token }}
 
       - name: Push Image to Container Registry
         env:

From a054a6e32e839d74196770c1d47ef7056bbb6033 Mon Sep 17 00:00:00 2001
From: Joshua Lester <jlester3@ewu.edu>
Date: Fri, 16 Jan 2026 16:48:54 -0800
Subject: [PATCH 02/17] switch MI id to vars, as its set

---
 .github/workflows/Build-Test-And-Deploy.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/Build-Test-And-Deploy.yaml b/.github/workflows/Build-Test-And-Deploy.yaml
index 1b1cc407b..bf5735453 100644
--- a/.github/workflows/Build-Test-And-Deploy.yaml
+++ b/.github/workflows/Build-Test-And-Deploy.yaml
@@ -133,7 +133,7 @@ jobs:
           CONTAINER_APP_ENVIRONMENT: ${{ vars.CONTAINER_APP_ENVIRONMENT }}
           REGISTRY_URL: ${{ vars.DEVCONTAINER_REGISTRY }}
           SUBSCRIPTION_ID: ${{ secrets.ESSENTIALCSHARP_SUBSCRIPTION_ID }}
-          MANAGED_IDENTITY_ID: ${{ secrets.MANAGED_IDENTITY_ID }}
+          MANAGED_IDENTITY_ID: ${{ vars.MANAGED_IDENTITY_ID }}
         with:
           inlineScript: |
             az config set extension.use_dynamic_install=yes_without_prompt

From f5db202e21b0051a0bc1c146954351b423298c34 Mon Sep 17 00:00:00 2001
From: Joshua Lester <jlester3@ewu.edu>
Date: Tue, 20 Jan 2026 12:07:40 -0800
Subject: [PATCH 03/17] Extract MI assignment

---
 .github/workflows/Build-Test-And-Deploy.yaml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/Build-Test-And-Deploy.yaml b/.github/workflows/Build-Test-And-Deploy.yaml
index bf5735453..f0480e861 100644
--- a/.github/workflows/Build-Test-And-Deploy.yaml
+++ b/.github/workflows/Build-Test-And-Deploy.yaml
@@ -146,9 +146,7 @@ jobs:
               --registry-server $REGISTRY_URL \
               --ingress external \
               --target-port 8080 \
-              --user-assigned /subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCEGROUP/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$MANAGED_IDENTITY_ID \
-              --registry-identity /subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCEGROUP/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$MANAGED_IDENTITY_ID
-
+            az containerapp identity assign -n $CONTAINER_APP_NAME -g $RESOURCEGROUP --user-assigned /subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCEGROUP/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$MANAGED_IDENTITY_ID
 
       - name: Logout of Azure CLI
         if: always()

From 03c7ab5eae5bec798d766090f35447058a0c40d4 Mon Sep 17 00:00:00 2001
From: Joshua Lester <jlester3@ewu.edu>
Date: Tue, 20 Jan 2026 12:26:56 -0800
Subject: [PATCH 04/17] change user assigned arg

---
 .github/workflows/Build-Test-And-Deploy.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/Build-Test-And-Deploy.yaml b/.github/workflows/Build-Test-And-Deploy.yaml
index f0480e861..68b65f827 100644
--- a/.github/workflows/Build-Test-And-Deploy.yaml
+++ b/.github/workflows/Build-Test-And-Deploy.yaml
@@ -146,7 +146,7 @@ jobs:
               --registry-server $REGISTRY_URL \
               --ingress external \
               --target-port 8080 \
-            az containerapp identity assign -n $CONTAINER_APP_NAME -g $RESOURCEGROUP --user-assigned /subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCEGROUP/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$MANAGED_IDENTITY_ID
+            az containerapp identity assign -n $CONTAINER_APP_NAME -g $RESOURCEGROUP --user-assigned $MANAGED_IDENTITY_ID
 
       - name: Logout of Azure CLI
         if: always()

From 4df4a830316c5ca68be2aceb0da99c8e89a3ede7 Mon Sep 17 00:00:00 2001
From: Joshua Lester <jlester3@ewu.edu>
Date: Tue, 20 Jan 2026 12:55:11 -0800
Subject: [PATCH 05/17] remove extension

---
 .github/workflows/Build-Test-And-Deploy.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/Build-Test-And-Deploy.yaml b/.github/workflows/Build-Test-And-Deploy.yaml
index 68b65f827..25e68719f 100644
--- a/.github/workflows/Build-Test-And-Deploy.yaml
+++ b/.github/workflows/Build-Test-And-Deploy.yaml
@@ -137,7 +137,6 @@ jobs:
         with:
           inlineScript: |
             az config set extension.use_dynamic_install=yes_without_prompt
-            az extension add --name containerapp --upgrade
             az containerapp up \
               -n $CONTAINER_APP_NAME \
               -g $RESOURCEGROUP \

From b2380c28d15f4e16a021d2ba624c91330737efda Mon Sep 17 00:00:00 2001
From: Joshua Lester <jlester3@ewu.edu>
Date: Wed, 21 Jan 2026 18:04:16 -0800
Subject: [PATCH 06/17] Fix target port syntax in Azure Container App
 deployment

---
 .github/workflows/Build-Test-And-Deploy.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/Build-Test-And-Deploy.yaml b/.github/workflows/Build-Test-And-Deploy.yaml
index 25e68719f..3bc4527c7 100644
--- a/.github/workflows/Build-Test-And-Deploy.yaml
+++ b/.github/workflows/Build-Test-And-Deploy.yaml
@@ -144,7 +144,7 @@ jobs:
               --environment $CONTAINER_APP_ENVIRONMENT \
               --registry-server $REGISTRY_URL \
               --ingress external \
-              --target-port 8080 \
+              --target-port 8080
             az containerapp identity assign -n $CONTAINER_APP_NAME -g $RESOURCEGROUP --user-assigned $MANAGED_IDENTITY_ID
 
       - name: Logout of Azure CLI

From 3789323b7b80c26cfa8505ee9c82c2c4250edbf9 Mon Sep 17 00:00:00 2001
From: Joshua Lester <jlester3@ewu.edu>
Date: Thu, 22 Jan 2026 12:53:27 -0800
Subject: [PATCH 07/17] Update target port for Container App and assign Managed
 Identity

---
 .github/workflows/Build-Test-And-Deploy.yaml | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/Build-Test-And-Deploy.yaml b/.github/workflows/Build-Test-And-Deploy.yaml
index 3bc4527c7..bddf608f8 100644
--- a/.github/workflows/Build-Test-And-Deploy.yaml
+++ b/.github/workflows/Build-Test-And-Deploy.yaml
@@ -132,8 +132,6 @@ jobs:
           RESOURCEGROUP: ${{ vars.RESOURCEGROUP }}
           CONTAINER_APP_ENVIRONMENT: ${{ vars.CONTAINER_APP_ENVIRONMENT }}
           REGISTRY_URL: ${{ vars.DEVCONTAINER_REGISTRY }}
-          SUBSCRIPTION_ID: ${{ secrets.ESSENTIALCSHARP_SUBSCRIPTION_ID }}
-          MANAGED_IDENTITY_ID: ${{ vars.MANAGED_IDENTITY_ID }}
         with:
           inlineScript: |
             az config set extension.use_dynamic_install=yes_without_prompt
@@ -144,7 +142,16 @@ jobs:
               --environment $CONTAINER_APP_ENVIRONMENT \
               --registry-server $REGISTRY_URL \
               --ingress external \
-              --target-port 8080
+              --target-port 80
+
+      - name: Assign MI to Container App
+        uses: azure/CLI@v2
+        env:
+          CONTAINER_APP_NAME: ${{ vars.CONTAINER_APP_NAME }}
+          RESOURCEGROUP: ${{ vars.RESOURCEGROUP }}
+          MANAGED_IDENTITY_ID: ${{ vars.MANAGED_IDENTITY_ID }}
+        with:
+          inlineScript: |
             az containerapp identity assign -n $CONTAINER_APP_NAME -g $RESOURCEGROUP --user-assigned $MANAGED_IDENTITY_ID
 
       - name: Logout of Azure CLI

From 5376ad076986d4855eb3e0fd59325d0fe13bccf7 Mon Sep 17 00:00:00 2001
From: Joshua Lester <jlester3@ewu.edu>
Date: Thu, 22 Jan 2026 13:20:29 -0800
Subject: [PATCH 08/17] Add subscription and managed identity parameters for
 Container App deployment

---
 .github/workflows/Build-Test-And-Deploy.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/Build-Test-And-Deploy.yaml b/.github/workflows/Build-Test-And-Deploy.yaml
index bddf608f8..40a122286 100644
--- a/.github/workflows/Build-Test-And-Deploy.yaml
+++ b/.github/workflows/Build-Test-And-Deploy.yaml
@@ -132,6 +132,8 @@ jobs:
           RESOURCEGROUP: ${{ vars.RESOURCEGROUP }}
           CONTAINER_APP_ENVIRONMENT: ${{ vars.CONTAINER_APP_ENVIRONMENT }}
           REGISTRY_URL: ${{ vars.DEVCONTAINER_REGISTRY }}
+          SUBSCRIPTION_ID: ${{ secrets.ESSENTIALCSHARP_SUBSCRIPTION_ID }}
+          MANAGED_IDENTITY_ID: ${{ vars.MANAGED_IDENTITY_ID }}
         with:
           inlineScript: |
             az config set extension.use_dynamic_install=yes_without_prompt
@@ -142,6 +144,7 @@ jobs:
               --environment $CONTAINER_APP_ENVIRONMENT \
               --registry-server $REGISTRY_URL \
               --ingress external \
+              --registry-identity /subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCEGROUP/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$MANAGED_IDENTITY_ID \
               --target-port 80
 
       - name: Assign MI to Container App

From 4e24efda3612dff2dd4b8d79eb68a52aa8ee82d0 Mon Sep 17 00:00:00 2001
From: Joshua Lester <jlester3@ewu.edu>
Date: Thu, 22 Jan 2026 13:26:28 -0800
Subject: [PATCH 09/17] Refactor Container App deployment to use dynamic
 identity assignment and update registry identity reference

---
 .github/workflows/Build-Test-And-Deploy.yaml | 22 +++++++++++---------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/Build-Test-And-Deploy.yaml b/.github/workflows/Build-Test-And-Deploy.yaml
index 40a122286..042652af7 100644
--- a/.github/workflows/Build-Test-And-Deploy.yaml
+++ b/.github/workflows/Build-Test-And-Deploy.yaml
@@ -136,6 +136,7 @@ jobs:
           MANAGED_IDENTITY_ID: ${{ vars.MANAGED_IDENTITY_ID }}
         with:
           inlineScript: |
+            IDENTITY_ID=$(az identity show -n ${{ vars.MANAGED_IDENTITY_ID }} -g ${{ vars.RESOURCEGROUP }} --query id -o tsv)
             az config set extension.use_dynamic_install=yes_without_prompt
             az containerapp up \
               -n $CONTAINER_APP_NAME \
@@ -144,18 +145,19 @@ jobs:
               --environment $CONTAINER_APP_ENVIRONMENT \
               --registry-server $REGISTRY_URL \
               --ingress external \
-              --registry-identity /subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCEGROUP/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$MANAGED_IDENTITY_ID \
+              --user-assigned $IDENTITY_ID \
+              --registry-identity $IDENTITY_ID \
               --target-port 80
 
-      - name: Assign MI to Container App
-        uses: azure/CLI@v2
-        env:
-          CONTAINER_APP_NAME: ${{ vars.CONTAINER_APP_NAME }}
-          RESOURCEGROUP: ${{ vars.RESOURCEGROUP }}
-          MANAGED_IDENTITY_ID: ${{ vars.MANAGED_IDENTITY_ID }}
-        with:
-          inlineScript: |
-            az containerapp identity assign -n $CONTAINER_APP_NAME -g $RESOURCEGROUP --user-assigned $MANAGED_IDENTITY_ID
+    #   - name: Assign MI to Container App
+    #     uses: azure/CLI@v2
+    #     env:
+    #       CONTAINER_APP_NAME: ${{ vars.CONTAINER_APP_NAME }}
+    #       RESOURCEGROUP: ${{ vars.RESOURCEGROUP }}
+    #       MANAGED_IDENTITY_ID: ${{ vars.MANAGED_IDENTITY_ID }}
+    #     with:
+    #       inlineScript: |
+    #         az containerapp identity assign -n $CONTAINER_APP_NAME -g $RESOURCEGROUP --user-assigned $MANAGED_IDENTITY_ID
 
       - name: Logout of Azure CLI
         if: always()

From b7d3bcd76d4c671f6253e871035889013832d11e Mon Sep 17 00:00:00 2001
From: Joshua Lester <jlester3@ewu.edu>
Date: Thu, 22 Jan 2026 13:27:12 -0800
Subject: [PATCH 10/17] Add Azure CLI extension for Container App deployment

---
 .github/workflows/Build-Test-And-Deploy.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/Build-Test-And-Deploy.yaml b/.github/workflows/Build-Test-And-Deploy.yaml
index 042652af7..e2b60f451 100644
--- a/.github/workflows/Build-Test-And-Deploy.yaml
+++ b/.github/workflows/Build-Test-And-Deploy.yaml
@@ -138,6 +138,7 @@ jobs:
           inlineScript: |
             IDENTITY_ID=$(az identity show -n ${{ vars.MANAGED_IDENTITY_ID }} -g ${{ vars.RESOURCEGROUP }} --query id -o tsv)
             az config set extension.use_dynamic_install=yes_without_prompt
+            az extension add --name containerapp --upgrade
             az containerapp up \
               -n $CONTAINER_APP_NAME \
               -g $RESOURCEGROUP \

From 422cc0a23465d2d6b6ffe32075e060e3409d54b9 Mon Sep 17 00:00:00 2001
From: Joshua Lester <jlester3@ewu.edu>
Date: Thu, 22 Jan 2026 13:31:55 -0800
Subject: [PATCH 11/17] Add debug flag to Container App deployment command

---
 .github/workflows/Build-Test-And-Deploy.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/Build-Test-And-Deploy.yaml b/.github/workflows/Build-Test-And-Deploy.yaml
index e2b60f451..29fd34498 100644
--- a/.github/workflows/Build-Test-And-Deploy.yaml
+++ b/.github/workflows/Build-Test-And-Deploy.yaml
@@ -148,7 +148,8 @@ jobs:
               --ingress external \
               --user-assigned $IDENTITY_ID \
               --registry-identity $IDENTITY_ID \
-              --target-port 80
+              --target-port 80 \
+              --debug
 
     #   - name: Assign MI to Container App
     #     uses: azure/CLI@v2

From 5e4b108b7dc53a426f58d36f277b38a6d0b709e2 Mon Sep 17 00:00:00 2001
From: Joshua Lester <joshualester3014@gmail.com>
Date: Sun, 25 Jan 2026 10:09:41 -0800
Subject: [PATCH 12/17] Update managed identity assignment script in deployment
 workflow

---
 .github/workflows/Build-Test-And-Deploy.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/Build-Test-And-Deploy.yaml b/.github/workflows/Build-Test-And-Deploy.yaml
index 29fd34498..28ac49c0d 100644
--- a/.github/workflows/Build-Test-And-Deploy.yaml
+++ b/.github/workflows/Build-Test-And-Deploy.yaml
@@ -136,7 +136,9 @@ jobs:
           MANAGED_IDENTITY_ID: ${{ vars.MANAGED_IDENTITY_ID }}
         with:
           inlineScript: |
-            IDENTITY_ID=$(az identity show -n ${{ vars.MANAGED_IDENTITY_ID }} -g ${{ vars.RESOURCEGROUP }} --query id -o tsv)
+            # IDENTITY_ID=$(az identity show -n ${{ vars.MANAGED_IDENTITY_ID }} -g ${{ vars.RESOURCEGROUP }} --query id -o tsv)
+            IDENTITY_ID="/subscriptions/${SUBSCRIPTION_ID}/resourceGroups/EssentialCSharp-Dev/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ecs-web-dev-app-identity"
+
             az config set extension.use_dynamic_install=yes_without_prompt
             az extension add --name containerapp --upgrade
             az containerapp up \

From ff1711b9ee43d9c00625a2dbf4944cf3f3b5ea7b Mon Sep 17 00:00:00 2001
From: Joshua Lester <joshualester3014@gmail.com>
Date: Sun, 25 Jan 2026 16:52:31 -0800
Subject: [PATCH 13/17] Update Azure CLI script for Container App deployment to
 use ACR credentials

---
 .github/workflows/Build-Test-And-Deploy.yaml | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/Build-Test-And-Deploy.yaml b/.github/workflows/Build-Test-And-Deploy.yaml
index 28ac49c0d..5c7500604 100644
--- a/.github/workflows/Build-Test-And-Deploy.yaml
+++ b/.github/workflows/Build-Test-And-Deploy.yaml
@@ -133,14 +133,15 @@ jobs:
           CONTAINER_APP_ENVIRONMENT: ${{ vars.CONTAINER_APP_ENVIRONMENT }}
           REGISTRY_URL: ${{ vars.DEVCONTAINER_REGISTRY }}
           SUBSCRIPTION_ID: ${{ secrets.ESSENTIALCSHARP_SUBSCRIPTION_ID }}
-          MANAGED_IDENTITY_ID: ${{ vars.MANAGED_IDENTITY_ID }}
+          ACR_USERNAME: ${{ secrets.ESSENTIALCSHARP_ACR_USERNAME }}
+          ACR_PASSWORD: ${{ secrets.ESSENTIALCSHARP_ACR_PASSWORD }}
         with:
           inlineScript: |
             # IDENTITY_ID=$(az identity show -n ${{ vars.MANAGED_IDENTITY_ID }} -g ${{ vars.RESOURCEGROUP }} --query id -o tsv)
-            IDENTITY_ID="/subscriptions/${SUBSCRIPTION_ID}/resourceGroups/EssentialCSharp-Dev/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ecs-web-dev-app-identity"
+            # IDENTITY_ID="/subscriptions/${SUBSCRIPTION_ID}/resourceGroups/EssentialCSharp-Dev/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ecs-web-dev-app-identity"
 
             az config set extension.use_dynamic_install=yes_without_prompt
-            az extension add --name containerapp --upgrade
+            # az extension add --name containerapp --upgrade
             az containerapp up \
               -n $CONTAINER_APP_NAME \
               -g $RESOURCEGROUP \
@@ -148,8 +149,10 @@ jobs:
               --environment $CONTAINER_APP_ENVIRONMENT \
               --registry-server $REGISTRY_URL \
               --ingress external \
-              --user-assigned $IDENTITY_ID \
-              --registry-identity $IDENTITY_ID \
+              --registry-username $ACR_USERNAME \
+              --registry-password $ACR_PASSWORD \
+              # --user-assigned $IDENTITY_ID \
+              # --registry-identity $IDENTITY_ID \
               --target-port 80 \
               --debug
 

From 92ce8addc140afdde1330fba2cad214e0e99cd75 Mon Sep 17 00:00:00 2001
From: Joshua Lester <joshualester3014@gmail.com>
Date: Sun, 25 Jan 2026 17:13:47 -0800
Subject: [PATCH 14/17] Refactor ACR login steps in deployment workflow to use
 secrets for credentials

---
 .github/workflows/Build-Test-And-Deploy.yaml | 33 ++++++++++----------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/Build-Test-And-Deploy.yaml b/.github/workflows/Build-Test-And-Deploy.yaml
index 5c7500604..8af46cf00 100644
--- a/.github/workflows/Build-Test-And-Deploy.yaml
+++ b/.github/workflows/Build-Test-And-Deploy.yaml
@@ -104,21 +104,28 @@ jobs:
           docker load --input ${{ github.workspace }}/tryimage.tar
           docker image ls -a
 
-      - name: Get ACR access token
-        id: acr-token
-        env:
-          REGISTRY_URL: ${{ vars.DEVCONTAINER_REGISTRY }}
-        run: |
-          TOKEN=$(az acr login --name ${REGISTRY_URL%.azurecr.io} --expose-token --output tsv --query accessToken)
-          echo "::add-mask::$TOKEN"
-          echo "token=$TOKEN" >> $GITHUB_OUTPUT
+      # - name: Get ACR access token
+      #   id: acr-token
+      #   env:
+      #     REGISTRY_URL: ${{ vars.DEVCONTAINER_REGISTRY }}
+      #   run: |
+      #     TOKEN=$(az acr login --name ${REGISTRY_URL%.azurecr.io} --expose-token --output tsv --query accessToken)
+      #     echo "::add-mask::$TOKEN"
+      #     echo "token=$TOKEN" >> $GITHUB_OUTPUT
+
+      # - name: Log in to container registry
+      #   uses: docker/login-action@v3
+      #   with:
+      #     registry: ${{ vars.DEVCONTAINER_REGISTRY }}
+      #     username: 00000000-0000-0000-0000-000000000000
+      #     password: ${{ steps.acr-token.outputs.token }}
 
       - name: Log in to container registry
         uses: docker/login-action@v3
         with:
           registry: ${{ vars.DEVCONTAINER_REGISTRY }}
-          username: 00000000-0000-0000-0000-000000000000
-          password: ${{ steps.acr-token.outputs.token }}
+          username: ${{ secrets.ESSENTIALCSHARP_ACR_USERNAME }}
+          password: ${{ secrets.ESSENTIALCSHARP_ACR_PASSWORD }}
 
       - name: Push Image to Container Registry
         env:
@@ -137,11 +144,7 @@ jobs:
           ACR_PASSWORD: ${{ secrets.ESSENTIALCSHARP_ACR_PASSWORD }}
         with:
           inlineScript: |
-            # IDENTITY_ID=$(az identity show -n ${{ vars.MANAGED_IDENTITY_ID }} -g ${{ vars.RESOURCEGROUP }} --query id -o tsv)
-            # IDENTITY_ID="/subscriptions/${SUBSCRIPTION_ID}/resourceGroups/EssentialCSharp-Dev/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ecs-web-dev-app-identity"
-
             az config set extension.use_dynamic_install=yes_without_prompt
-            # az extension add --name containerapp --upgrade
             az containerapp up \
               -n $CONTAINER_APP_NAME \
               -g $RESOURCEGROUP \
@@ -151,8 +154,6 @@ jobs:
               --ingress external \
               --registry-username $ACR_USERNAME \
               --registry-password $ACR_PASSWORD \
-              # --user-assigned $IDENTITY_ID \
-              # --registry-identity $IDENTITY_ID \
               --target-port 80 \
               --debug
 

From 78cbf72490e117f8d423497fdf945054e642a096 Mon Sep 17 00:00:00 2001
From: Joshua Lester <joshualester3014@gmail.com>
Date: Sun, 25 Jan 2026 20:19:07 -0800
Subject: [PATCH 15/17] remove commented work

---
 .github/workflows/Build-Test-And-Deploy.yaml | 28 +-------------------
 1 file changed, 1 insertion(+), 27 deletions(-)

diff --git a/.github/workflows/Build-Test-And-Deploy.yaml b/.github/workflows/Build-Test-And-Deploy.yaml
index 8af46cf00..dc72aaf2f 100644
--- a/.github/workflows/Build-Test-And-Deploy.yaml
+++ b/.github/workflows/Build-Test-And-Deploy.yaml
@@ -104,22 +104,6 @@ jobs:
           docker load --input ${{ github.workspace }}/tryimage.tar
           docker image ls -a
 
-      # - name: Get ACR access token
-      #   id: acr-token
-      #   env:
-      #     REGISTRY_URL: ${{ vars.DEVCONTAINER_REGISTRY }}
-      #   run: |
-      #     TOKEN=$(az acr login --name ${REGISTRY_URL%.azurecr.io} --expose-token --output tsv --query accessToken)
-      #     echo "::add-mask::$TOKEN"
-      #     echo "token=$TOKEN" >> $GITHUB_OUTPUT
-
-      # - name: Log in to container registry
-      #   uses: docker/login-action@v3
-      #   with:
-      #     registry: ${{ vars.DEVCONTAINER_REGISTRY }}
-      #     username: 00000000-0000-0000-0000-000000000000
-      #     password: ${{ steps.acr-token.outputs.token }}
-
       - name: Log in to container registry
         uses: docker/login-action@v3
         with:
@@ -156,17 +140,7 @@ jobs:
               --registry-password $ACR_PASSWORD \
               --target-port 80 \
               --debug
-
-    #   - name: Assign MI to Container App
-    #     uses: azure/CLI@v2
-    #     env:
-    #       CONTAINER_APP_NAME: ${{ vars.CONTAINER_APP_NAME }}
-    #       RESOURCEGROUP: ${{ vars.RESOURCEGROUP }}
-    #       MANAGED_IDENTITY_ID: ${{ vars.MANAGED_IDENTITY_ID }}
-    #     with:
-    #       inlineScript: |
-    #         az containerapp identity assign -n $CONTAINER_APP_NAME -g $RESOURCEGROUP --user-assigned $MANAGED_IDENTITY_ID
-
+              
       - name: Logout of Azure CLI
         if: always()
         uses: azure/CLI@v2

From 5be54114909bcd0bf23b7cba4b7460005c9b384d Mon Sep 17 00:00:00 2001
From: Joshua Lester <joshualester3014@gmail.com>
Date: Sun, 25 Jan 2026 20:36:18 -0800
Subject: [PATCH 16/17] remove commented work

---
 .github/workflows/Build-Test-And-Deploy.yaml | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/.github/workflows/Build-Test-And-Deploy.yaml b/.github/workflows/Build-Test-And-Deploy.yaml
index dc72aaf2f..b41d989e5 100644
--- a/.github/workflows/Build-Test-And-Deploy.yaml
+++ b/.github/workflows/Build-Test-And-Deploy.yaml
@@ -129,17 +129,7 @@ jobs:
         with:
           inlineScript: |
             az config set extension.use_dynamic_install=yes_without_prompt
-            az containerapp up \
-              -n $CONTAINER_APP_NAME \
-              -g $RESOURCEGROUP \
-              --image $REGISTRY_URL/try:${{ github.sha }} \
-              --environment $CONTAINER_APP_ENVIRONMENT \
-              --registry-server $REGISTRY_URL \
-              --ingress external \
-              --registry-username $ACR_USERNAME \
-              --registry-password $ACR_PASSWORD \
-              --target-port 80 \
-              --debug
+            az containerapp up -n $CONTAINER_APP_NAME -g $RESOURCEGROUP --image $REGISTRY_URL/try:${{ github.sha }} --environment $CONTAINER_APP_ENVIRONMENT --registry-server $REGISTRY_URL --ingress external --registry-username $ACR_USERNAME --registry-password $ACR_PASSWORD --target-port 80 --debug
               
       - name: Logout of Azure CLI
         if: always()

From 82288c302e4a60cd48afa7a25a20a74ecde135b2 Mon Sep 17 00:00:00 2001
From: Joshua Lester <joshualester3014@gmail.com>
Date: Sun, 25 Jan 2026 20:48:15 -0800
Subject: [PATCH 17/17] Remove subscription ID from environment variables in
 deployment workflow

---
 .github/workflows/Build-Test-And-Deploy.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/Build-Test-And-Deploy.yaml b/.github/workflows/Build-Test-And-Deploy.yaml
index b41d989e5..990e1df44 100644
--- a/.github/workflows/Build-Test-And-Deploy.yaml
+++ b/.github/workflows/Build-Test-And-Deploy.yaml
@@ -123,7 +123,6 @@ jobs:
           RESOURCEGROUP: ${{ vars.RESOURCEGROUP }}
           CONTAINER_APP_ENVIRONMENT: ${{ vars.CONTAINER_APP_ENVIRONMENT }}
           REGISTRY_URL: ${{ vars.DEVCONTAINER_REGISTRY }}
-          SUBSCRIPTION_ID: ${{ secrets.ESSENTIALCSHARP_SUBSCRIPTION_ID }}
           ACR_USERNAME: ${{ secrets.ESSENTIALCSHARP_ACR_USERNAME }}
           ACR_PASSWORD: ${{ secrets.ESSENTIALCSHARP_ACR_PASSWORD }}
         with: