Hi all, I have the following use case. Here sharing an example.

import pulumi
import pulumi_azure_native as azure_native

# Create an Azure Resource Group
resource_group = azure_native.resources.ResourceGroup('resource_group')

# Create an Azure Container Registry
container_registry = azure_native.containerregistry.Registry(
    'container_registry',
    resource_group_name=resource_group.name,
    sku=azure_native.containerregistry.SkuArgs(
        name='Basic',  # Change to 'Standard' or 'Premium' for production workloads
    ),
    admin_user_enabled=True,
)

# Create an App Service Plan with Linux
service_plan = azure_native.web.AppServicePlan(
    'service_plan',
    resource_group_name=resource_group.name,
    kind='Linux',
    reserved=True,  # This is required for Linux plan creation
    sku=azure_native.web.SkuDescriptionArgs(
        name='B1',  # Change as needed for scaling
        tier='Basic',  # Change as needed for scaling
    ),
)

# Create an App Service using an image from the Container Registry
app_service = azure_native.web.WebApp(
    'app_service',
    resource_group_name=resource_group.name,
    server_farm_id=service_plan.id,
    site_config=azure_native.web.SiteConfigArgs(
        linux_fx_version=f'DOCKER|{container_registry.login_server}.azurecr.io/mydockerimage:latest',
        app_settings=[
            azure_native.web.NameValuePairArgs(
                name='DOCKER_REGISTRY_SERVER_URL',
                value=f'https://{container_registry.login_server}.azurecr.io'
            ),
            azure_native.web.NameValuePairArgs(
                name='DOCKER_REGISTRY_SERVER_USERNAME',
                value=container_registry.admin_user_name,
            ),
            azure_native.web.NameValuePairArgs(
                name='DOCKER_REGISTRY_SERVER_PASSWORD',
                value=container_registry.admin_user_enabled.apply(
                    lambda enabled: pulumi.secret(container_registry.admin_user_password) if enabled else pulumi.secret("")
                ),
            ),
        ],
    ),
)

# Export the Azure App Service endpoint
pulumi.export('app_service_endpoint', app_service.default_host_name.apply(lambda host: f'http://{host}'))

So essentially pretty basic setup with a container base app. So basically, create an "App Service Plan" and an "App" then a "Azure Container Registry". This app is going to always use the latest Docker image. Below is what I want to do; 1. Use this example to create the new resources - this is one time operation 2. Use the relevant github repository of a particular app and run the existing github workflow for the first time so that this new resource from the start includes the latest app updates 3. Generally, we have a simple pipeline from github where whenever a new PR is approved and merged with the main branch we execute the relevant workflow(s) to push the latest changes to the Azure Registry Maybe I am not doing or thinking in the right way, so if someone can provide a better approach, will be really greatful.