Add default dab-config.json to Docker image

[Copilot]

Why make this change?

The Docker image shipped with no default configuration file, requiring users to supply one before the container would start — a poor out-of-the-box experience for first-time users.

What is this change?

• dab-config.json (new, repo root) — Default configuration baked into the image:
  • mssql database type; connection string resolved at runtime via @env('DAB_CONNSTRING') (no secrets committed)
  • REST (/api), GraphQL (/graphql), and MCP (/mcp) endpoints enabled
  • autoentities.default template with DML tools and anonymous:* permissions
  • Host mode: development
• Dockerfile — Copies the default config into the runtime image:

  # Add default dab-config.json to /App in the image
  COPY dab-config.json /App/dab-config.json

• .gitignore — Added !/dab-config.json exception; the existing dab-config*.json rule was silently excluding this file from version control.

How was this tested?

• Integration Tests
• Unit Tests

Sample Request(s)

Run the container with just a connection string — no config mount required:

docker run -e DAB_CONNSTRING="<your-connection-string>" -p 5000:5000 <image>

Override the default config by mounting your own:

docker run -e DAB_CONNSTRING="..." -v ./my-dab-config.json:/App/dab-config.json -p 5000:5000 <image>

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Supplement Docker image with default configuration file (dab-config.json)</issue_title>
<issue_description>## Problem

The current Docker image does not include a default configuration file, making it less user-friendly for those getting started.

Proposal

• Add a default configuration file named dab-config.json to the Docker image.
• The file should be available in a standard location within the image, such as /App/dab-config.json (see the Dockerfile below).
• The file should contain the following settings:

{
  "$schema": "https://github.com/Azure/data-api-builder/releases/download/v1.7.86-rc/dab.draft.schema.json",
  "data-source": {
    "database-type": "mssql",
    "connection-string": "@env('DAB_CONNSTRING')",
    "options": {
      "set-session-context": false
    }
  },
  "runtime": {
    "rest": {
      "enabled": true,
      "path": "/api",
      "request-body-strict": false
    },
    "graphql": {
      "enabled": true,
      "path": "/graphql",
      "allow-introspection": true
    },
    "mcp": {
      "enabled": true,
      "path": "/mcp"
    },
    "host": {
      "cors": {
        "origins": [],
        "allow-credentials": false
      },
      "authentication": {
        "provider": "Unauthenticated"
      },
      "mode": "development"
    }
  },
  "entities": {},
  "autoentities": {
    "default": {
        "template": {
        "mcp": { "dml-tool": true },
        "rest": { "enabled": true},
        "graphql": { "enabled": true },
        "health": { "enabled": true },
        "cache": {
          "enabled": false
        }
      },
      "permissions": [
        {
          "role": "anonymous",
          "actions": [
           "*"
          ]
        }
      ]
    }
  }
}

Benefit

Including this configuration file will provide immediate guidance for users, improve out-of-the-box experience, and make Docker-based experimentation much easier.

Relevant code locations

Dockerfile
The Docker image is defined by Dockerfile:

FROM mcr.microsoft.com/dotnet/sdk:8.0-cbl-mariner2.0. AS build

WORKDIR /src
COPY [".", "./"]
RUN dotnet build "./src/Service/Azure.DataApiBuilder.Service.csproj" -c Docker -o /out -r linux-x64

FROM mcr.microsoft.com/dotnet/aspnet:8.0-cbl-mariner2.0 AS runtime
COPY --from=build /out /App
WORKDIR /App
ENV ASPNETCORE_URLS=http://+:5000
ENTRYPOINT ["dotnet", "Azure.DataApiBuilder.Service.dll"]

To add the default config, include a line such as:

# Add default dab-config.json to /App in the image
COPY dab-config.json /App/dab-config.json

References in deployment scripts and samples

• samples/aspire/apphost.cs binds dab-config.json into the container at /App/dab-config.json.
• samples/azure/bicep/dab-on-aca.bicep and
  samples/azure/azure-container-apps-deploy.sh
  reference mounting and passing dab-config.json.
• Documentation and deployment code often expect this file to be named dab-config.json and placed at /App/dab-config.json or a similar standard path.

Please ensure the Docker image has this default config at /App/dab-config.json, and consider documenting override patterns for cloud and local deployments.</issue_description>

<agent_instructions>refer to .github/copilot-instructions.md</agent_instructions>

Comments on the Issue (you are @copilot in this section)

• Fixes Supplement Docker image with default configuration file (dab-config.json) #3160

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Copilot]

Pull request overview

Adds a default dab-config.json into the published Docker image to improve first-run experience (container can start without mounting a config file, relying on an env-provided connection string).

Changes:

• Added a new root-level dab-config.json intended to be baked into the Docker image as the default runtime configuration.
• Updated Dockerfile to copy dab-config.json into /App/dab-config.json in the runtime image.
• Updated .gitignore to ensure the root dab-config.json is not ignored by the existing dab-config*.json rule.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 4 comments.

File	Description
dab-config.json	Introduces a default runtime config intended for Docker image consumption.
Dockerfile	Bakes the default config into the runtime image at /App/dab-config.json.
.gitignore	Ensures the root default config is tracked despite existing ignore patterns.

[Copilot]

The $schema URL is pinned to a specific prerelease tag (v1.7.86-rc). This is likely to go stale as the repo/version advances and may break editor schema resolution. Consider using the repo’s vmajor.minor.patch convention used elsewhere in the repo configs, or updating this to a stable/maintained schema URL that won’t require frequent edits.

Suggested change

	"$schema": "https://github.com/Azure/data-api-builder/releases/download/v1.7.86-rc/dab.draft.schema.json",
	"$schema": "https://github.com/Azure/data-api-builder/releases/latest/download/dab.draft.schema.json",

[Copilot]

This default config grants anonymous the * action for auto-generated entities while also enabling REST/GraphQL/MCP (and DML tools). If a user runs the image with a real connection string in a network-accessible environment, this can unintentionally expose full CRUD access. Consider making the default safer (e.g., read-only permissions, or require an explicit auth provider / opt-in before enabling mutations).

Suggested change

	"*"
	"read"

[Copilot]

runtime.host.authentication.provider is set to "Unauthenticated", but that value isn’t supported by the config schema (only StaticWebApps/EntraID/Simulator/AppService/AzureAD/Custom) and will also fail engine startup (unsupported authentication configuration). Remove the authentication block to use defaults, or switch to a supported provider (e.g., "Simulator" for dev mode).

Suggested change

	"provider": "Unauthenticated"
	"provider": "Simulator"

[Copilot]

In the autoentities.default.template.mcp section the property name is dml-tool, but the schema expects dml-tools. With additionalProperties: false this will make the config invalid / fail validation and DML tools won’t be enabled as intended.

Suggested change

	"mcp": { "dml-tool": true },
	"mcp": { "dml-tools": true },