Deploy DTS resources with application

[philliphoff]

Description

Enables Durable Task Scheduler resources to be deployed to Azure when publishing an Aspire application. Previously, the DTS integration only supported local emulator and existing-connection-string modes — users could not provision new scheduler infrastructure through Aspire. With this change, AddDurableTaskScheduler and AddTaskHub generate the necessary Bicep templates, role assignments, and connection configuration for Azure deployment, matching the patterns established by other Aspire Azure hosting integrations.

What's included

• Azure provisioning: Schedulers and task hubs are provisioned as Microsoft.DurableTask/schedulers and Microsoft.DurableTask/schedulers/taskhubs resources via generated Bicep, with support for PublishAsExisting and ConfigureInfrastructure customization.
• Role assignments: Referencing applications are automatically assigned the Durable Task Data Contributor role, with WithRoleAssignments APIs for customization (scoped to either the scheduler or a specific task hub).
• Dashboard URLs: A background service automatically adds dashboard URL annotations to task hub resources, linking to the DTS dashboard in both emulator and Azure modes.

Fixes # (issue)

Checklist

• Is this feature complete?
  • Yes. Ready to ship.
  • No. Follow-up changes expected.
• Are you including unit tests for the changes and scenario tests if relevant?
  • Yes
  • No
• Did you add public API?
  • Yes
    • If yes, did you have an API Review for it?
      • Yes
      • No
    • Did you add <remarks /> and <code /> elements on your triple slash comments?
      • Yes
      • No
  • No
• Does the change make any security assumptions or guarantees?
  • Yes
    • If yes, have you done a threat model and had a security review?
      • Yes
      • No
  • No
• Does the change require an update in our Aspire docs?
  • Yes
    • Link to aspire.dev issue:
      • New issue
  • No

[github-actions]

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 16050

Or

• Run remotely in PowerShell:

iex "& { $(irm https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 16050"

[Copilot]

Pull request overview

This PR adds Azure deployment/provisioning support for the Durable Task Scheduler (DTS) Aspire hosting integration, so AddDurableTaskScheduler/AddTaskHub can generate Bicep + role assignments and provide dashboard URLs when publishing.

Changes:

• Introduces custom Azure.Provisioning resources for Microsoft.DurableTask/schedulers and .../taskhubs, and wires them into DTS resource builders/Bicep outputs.
• Adds default and customizable role assignments for scheduler/task hub references (with ATS-compatible overloads).
• Adds a background service that annotates task hub resources with DTS dashboard URLs (emulator + Azure), plus snapshot-based Bicep verification tests and README updates.

Reviewed changes

Copilot reviewed 16 out of 16 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
tests/Aspire.Hosting.Azure.Tests/DurableTaskResourceExtensionsTests.cs	Expands coverage for publish-mode connection strings, role assignments, Bicep generation, and dashboard URL service behavior.
tests/Aspire.Hosting.Azure.Tests/Snapshots/DurableTaskResourceExtensionsTests.AddDurableTaskScheduler_GeneratesBicep.verified.bicep	Snapshot of generated Bicep for scheduler provisioning.
tests/Aspire.Hosting.Azure.Tests/Snapshots/DurableTaskResourceExtensionsTests.AddDurableTaskScheduler_WithTaskHub_GeneratesBicep.verified.bicep	Snapshot including a single task hub sub-resource.
tests/Aspire.Hosting.Azure.Tests/Snapshots/DurableTaskResourceExtensionsTests.AddDurableTaskScheduler_WithNamedTaskHub_GeneratesBicep.verified.bicep	Snapshot for explicitly named task hub provisioning.
tests/Aspire.Hosting.Azure.Tests/Snapshots/DurableTaskResourceExtensionsTests.AddDurableTaskScheduler_WithMultipleTaskHubs_GeneratesBicep.verified.bicep	Snapshot for multiple task hubs under one scheduler.
tests/Aspire.Hosting.Azure.Tests/Snapshots/DurableTaskResourceExtensionsTests.AddDurableTaskScheduler_PublishAsExisting_GeneratesBicep.verified.bicep	Snapshot for referencing an existing scheduler at publish time.
tests/Aspire.Hosting.Azure.Tests/Snapshots/DurableTaskResourceExtensionsTests.AddDurableTaskScheduler_PublishAsExisting_WithResourceGroup_GeneratesBicep.verified.bicep	Snapshot for existing scheduler with RG parameterization.
src/Aspire.Hosting.Azure.Functions/README.md	Documents Azure provisioning, PublishAsExisting, infra customization, and role assignment usage for DTS.
src/Aspire.Hosting.Azure.Functions/DurableTask/DurableTaskSchedulerRole.cs	Adds ATS-compatible role enum used by exported role-assignment overloads.
src/Aspire.Hosting.Azure.Functions/DurableTask/DurableTaskSchedulerBuiltInRole.cs	Introduces built-in role IDs + role-name mapping for role assignment generation.
src/Aspire.Hosting.Azure.Functions/DurableTask/DurableTaskSchedulerProvisioningResource.cs	Custom ProvisionableResource for schedulers until an official package exists.
src/Aspire.Hosting.Azure.Functions/DurableTask/DurableTaskHubProvisioningResource.cs	Custom ProvisionableResource for task hub sub-resources.
src/Aspire.Hosting.Azure.Functions/DurableTask/DurableTaskSchedulerResource.cs	Converts scheduler to AzureProvisioningResource, adds outputs + existing-resource support + Azure Functions config.
src/Aspire.Hosting.Azure.Functions/DurableTask/DurableTaskHubResource.cs	Converts hub to AzureProvisioningResource, adds provisioning conversion + existing-resource support.
src/Aspire.Hosting.Azure.Functions/DurableTask/DurableTaskDashboardUrlService.cs	Adds hosted service to compute and apply dashboard URL annotations based on emulator endpoints / Azure outputs.
src/Aspire.Hosting.Azure.Functions/DurableTask/DurableTaskResourceExtensions.cs	Wires up Azure provisioning, task hub creation under scheduler infra, default roles, and role assignment APIs.

[Copilot]

hub.HubName is a ReferenceExpression and ReferenceExpression does not override ToString(), so string interpolation here will produce the type name (e.g., Aspire.Hosting.ApplicationModel.ReferenceExpression) instead of the actual hub name. This will generate incorrect dashboard URLs (and should break the associated tests). Resolve the hub name via await hub.TaskHubName.GetValueAsync(...) (or equivalent) and make the URL builder async so parameter-based hub names work too.

[Copilot]

Same issue as emulator mode: hub.HubName is a ReferenceExpression, so interpolating it into the URL will produce the type name rather than the resolved Task Hub name. This will yield broken Azure dashboard deep links, especially when WithTaskHubName(ParameterResource) is used. Resolve the Task Hub name string via GetValueAsync before building the URL.

[Copilot]

When WithTaskHubName(ParameterResource) is used, provisioning currently falls back to Name for the ARM/Bicep task hub resource name. That means Azure will provision a task hub named after the resource (e.g., "taskhub") while the app config/connection string uses the parameter value (e.g., "mytaskhub"), causing a mismatch at runtime. The provisioning path should use the parameter value (e.g., convert the ParameterResource to a ProvisioningParameter via AsProvisioningParameter(...)) instead of discarding it.

[Copilot]

Defaulting the scheduler ipAllowlist to 0.0.0.0/0 makes the provisioned scheduler publicly reachable from any IPv4 address. Unless this is a documented requirement for DTS, this is an insecure default; consider omitting ipAllowlist (let service defaults apply) or making it opt-in/configurable (and ideally aligning with the repo’s private-endpoint/public-network-access patterns).