@@ -339,8 +339,6 @@ jobs:
339339 env :
340340 # From GitHub secrets
341341 AZURE_SUBSCRIPTION_ID : ${{ secrets.AZURE_SUBSCRIPTION_ID }}
342- # Needed so the script can refresh the OIDC federated token mid-run
343- # (avoids AADSTS700024 'client assertion expired' before `az acr login`).
344342 AZURE_CLIENT_ID : ${{ secrets.AZURE_CLIENT_ID }}
345343 AZURE_TENANT_ID : ${{ secrets.AZURE_TENANT_ID }}
346344
@@ -400,10 +398,7 @@ jobs:
400398 webapp_url="${{ steps.get_webapp_url.outputs.WEB_APPURL }}"
401399 echo "Validating web app at: $webapp_url"
402400
403- # Wait for AKS workloads to become Available before probing the public endpoint.
404- # First-time pod startup (large container images + cert-manager Let's Encrypt
405- # issuance + ingress wiring) commonly takes 5-10 minutes, which previously
406- # caused the curl health check to give up while pods were still Pending.
401+ # Wait for AKS workloads to become Available
407402 if [ -n "$AZURE_AKS_NAME" ] && [ -n "$RESOURCE_GROUP_NAME" ]; then
408403 echo "Fetching AKS kubeconfig for $AZURE_AKS_NAME..."
409404 az aks get-credentials \
@@ -427,9 +422,7 @@ jobs:
427422 fi
428423 fi
429424
430- # HTTP health check with retry logic.
431- # ~10 minutes of additional headroom on top of the pod-readiness wait above
432- # to cover ingress propagation and TLS cert issuance.
425+ # HTTP health check with retry logic
433426 max_attempts=20
434427 attempt=1
435428 success=false
@@ -459,9 +452,6 @@ jobs:
459452 exit 1
460453 fi
461454
462- # Post-success strict-TLS probe: warn (but do not fail) if the Let's Encrypt
463- # cert hasn't propagated or is invalid. Keeps existing pass/fail behavior
464- # while surfacing TLS issues that the -k loop above intentionally tolerates.
465455 tls_code=$(curl -sS -o /dev/null -w "%{http_code}" "$webapp_url" 2>/tmp/tls_err.log || echo "000")
466456 if [ "$tls_code" -eq 200 ]; then
467457 echo "✅ Public endpoint also validates with strict TLS (HTTP $tls_code)."
0 commit comments