Holiday Request Automation – Logic App Standard + Azure DevOps 🚀

Production-grade scaffold for an Automated Holiday (Leave) Flow built on Logic App Standard and deployed via Azure DevOps (YAML).

The solution handles: request intake → manager approval → calendar entry → notifications, with safe promotion through environments and an explicit rollback path.

🧭 Migration Stages

Discovery → Cutover → Verification → Rollback

• Discovery — inventory connectors, permissions, SLAs, stakeholder map, KPIs.
• Cutover — time-boxed deployment + switch of the request source (e.g., Teams card).
• Verification — synthetic + live smoke checks, run history, alerts quiet for 60 min.
• Rollback — revert to legacy request path; disable triggers; collect diagnostics.

🧪 Sequence (Mermaid)

sequenceDiagram
    autonumber
    participant U as User (Teams/Form)
    participant L as Logic App (Standard)
    participant M as Manager (Approval)
    participant G as Graph/Outlook
    participant S as SharePoint (List)

    U->>L: Submit holiday request
    L->>L: Validate dates & policy checks
    L->>M: Send Adaptive Card for approval
    M-->>L: Approve/Reject
    alt Approved
        L->>G: Create calendar event
        L->>S: Write record (audit)
        L->>U: Confirmation
    else Rejected
        L->>U: Notify with reason
    end

Loading

📂 Repository Layout

.
├─ README.md
├─ RUNBOOK.md
├─ azure-pipelines.yml
├─ pipelines/
│  └─ templates/
│     ├─ stage-infra.yml
│     ├─ stage-app.yml
│     ├─ job-tests.yml
│     └─ steps-kv-setup.yml
├─ infra/
│  ├─ main.bicep
│  ├─ modules/
│  │  ├─ app-plan.bicep
│  │  ├─ logicapp-standard.bicep
│  │  ├─ keyvault.bicep
│  │  └─ insights.bicep
│  └─ parameters/
│     ├─ dev.json
│     ├─ test.json
│     └─ prod.json
├─ app/
│  ├─ host.json
│  ├─ connections.json
│  └─ workflows/
│     ├─ holiday_request/
│     │  ├─ workflow.json
│     │  └─ def.json
│     └─ utils_notify/
│        └─ def.json
├─ scripts/
│  ├─ health-check.ps1
│  └─ test-trigger.ps1
└─ .gitignore

🔐 Security & Secrets

• No org names, IPs, or secrets in repo.
• Use Managed Identity for Graph/SharePoint/Teams where possible.
• App settings resolve to Key Vault references; see pipelines/templates/steps-kv-setup.yml.

⚙️ Pipeline Overview (Azure DevOps)

Environments: dev → test → prod with approvals before prod.

Stages

1. ValidateInfra — Bicep build + what-if.
2. DeployInfra — RG/App Service Plan/Logic App Standard/Key Vault/App Insights.
3. BuildAndPackageApp — archive app/ for zip deploy.
4. DeployApp — zip deploy to Logic App Standard site.
5. PostDeployTests — synthetic trigger and health checks.
6. Promote — repeat for next environment after approval.

▶️ Quickstart (local)

git init
git add .
git commit -m "Initial: Logic App holiday flow with multi-stage pipeline"
git branch -M main
# git remote add origin https://github.com/<you>/<repo>.git
# git push -u origin main

Keep sensitive values in Azure DevOps variable groups, environment secrets, or Key Vault. This repo contains no sensitive details.