(Realize there is a typescript channel, so reposting it here.) Hi everyone, we ran into this ignoreChanges element not found problem when we trying to create an azure app service and a container instance. We use pulumi typescript, versions below: "@pulumi/azure": "5.89.0", "@pulumi/azure-native": "2.58.0", "@pulumi/pulumi": "3.130.0", Here is the app service code:

import { web } from '@pulumi/azure-native';
...
const restAPI = new web.WebApp(
  webAppServiceName,
  {
    resourceGroupName: envBase.AZURE_RESOURCE_GROUP,
    name: webAppServiceName,
    serverFarmId: appServicePlan.id.apply((id) => id),
    virtualNetworkSubnetId: envExtend.SERVICE_ENDPOINT_SUBNET,
    vnetRouteAllEnabled: true,
    clientCertEnabled: false,
    httpsOnly: true,
    identity: {
      type: web.ManagedServiceIdentityType.SystemAssigned,
    },
    siteConfig: {
      publicNetworkAccess: 'Disabled',
      ftpsState: web.FtpsState.FtpsOnly,
      alwaysOn: true,
      numberOfWorkers: 2,
      linuxFxVersion: 'DOCKER|nginx:latest',
      healthCheckPath: '/', 
      cors: {
        allowedOrigins: cors,
        supportCredentials: true,
      },
      httpLoggingEnabled: true,
      logsDirectorySizeLimit: 35,
      appSettings: [
        {
          name: 'AV_HOST',
          value: containerGroup.ipAddress.apply((ip) => ip?.ip || ''),
        },
        {
          name: 'AV_PORT',
          value: '3310',
        },
      ],
    },
  },
  {
    dependsOn: [webappInsight, containerRegistry, appServicePlan, frontendUIStorage, postgresqlCluster, containerGroup],
    ignoreChanges: ['tags', 'siteConfig["linuxFxVersion"]', 'siteConfig["healthCheckPath"]'] # we also tried siteConfig.linuxFxVersion and siteConfig.healthCheckPath
    
  },
);

The code for container instance:

import { containerinstance } from '@pulumi/azure-native';
...
export const containerGroup = new containerinstance.ContainerGroup(
  containerInstanceName,
  {
    containerGroupName: containerInstanceName,
    resourceGroupName: envBase.AZURE_RESOURCE_GROUP,
    osType: 'Linux',
    restartPolicy: 'OnFailure',
    containers: [
      {
        // Anti virus
        name: `${envBase.PROJECT_NAME_ABBREVIATION}-av-container`,
        image: 'mkodockx/docker-clamav:1.1.2-alpine',
        resources: {
          requests: {
            cpu: envExtend.avCPU,
            memoryInGB: envExtend.avMemory,
          },
        },
        command: [],
        ports: [
          {
            port: 80,
            protocol: containerinstance.ContainerNetworkProtocol.TCP,
          },
          {
            port: 3310,
            protocol: containerinstance.ContainerNetworkProtocol.TCP,
          },
        ],
      },
    ],
    subnetIds: [
      {
        id: envExtend.ACI_SERVICE_ENDPOINT_SUBNET,
      },
    ],
    ipAddress: {
      ports: [
        {
          port: 80,
          protocol: containerinstance.ContainerNetworkProtocol.TCP,
        },
        {
          port: 3310,
          protocol: containerinstance.ContainerNetworkProtocol.TCP,
        },
      ],
      type: containerinstance.ContainerGroupIpAddressType.Private,
    },
    diagnostics: {
      logAnalytics: {
        workspaceId: logAnalyticsWorkspace.customerId.apply((id) => id),

        workspaceKey: logAnalyticsWorkspace.id.apply(async () => {
          const keys = await operationalinsights.getSharedKeys({
            resourceGroupName: envBase.AZURE_RESOURCE_GROUP,
            workspaceName: logAnalyticsWorkspaceName,
          });
          if (keys.primarySharedKey) return keys.primarySharedKey;
          return '';
        }),
      },
    },
  },
  {
    dependsOn: [logAnalyticsWorkspace],
  },
);

The github action:

- uses: pulumi/actions@v5.4.0
        with:
          command: preview
          pulumi-version: 3.130.0
          cloud-url: '<azblob://pulumistate>'
          stack-name: ${{ github.event.inputs.environment }} 
          upsert: true
          refresh: true
          diff: true

note: we did try remove upsert, refresh, diff The error when we run it:

stderr: Command failed with exit code 255: pulumi preview --diff --exec-agent pulumi/actions@v5 --color auto --exec-kind auto.local --event-log /tmp/automation-logs-preview-qXcptY/eventlog.txt --stack dev --non-interactive
  error: cannot ignore changes to the following properties because one or more elements of the path are missing: "siteConfig[\"linuxFxVersion\"], siteConfig[\"healthCheckPath\"]"

We wanted to ignoreChanges for the siteConfig.linuxFxVersion and siteConfig.healthCheckPath, the deployment for the app service for the first time work fine. Only when we added the container instance and include the IP in the app service environment it starts to throw this error. Are we doing something wrong that is against the pulumi TS pattern? any advice on the problem or document to look will be appreciated. As we've tried various alternatives and it still work. We can place this in an app config resource or keyvault but we really just have a couple env and thought it might be an overkill to use anything other than the app service environment

hm.

ignoreChanges

looks okay... you're self-managing state with azure blob storage, correct?

Yes, that’s correct