CRITICAL: Both backend and frontend container images replaced with hello-world

## Configuration Drift Detected — Check #49 (2026-03-17 21:30 UTC)

### Severity: CRITICAL — Complete Application Outage

### Summary
Both `ca-banking-demo-backend` and `ca-banking-demo-frontend` container images have been replaced with the generic `mcr.microsoft.com/azuredocs/containerapps-helloworld:latest` image. This results in a **complete outage** of the Three Rivers Bank credit card comparison platform — neither the backend API nor the frontend UI are serving production code.

### Drift Details

| Property | Backend | Frontend |
|----------|---------|----------|
| **Current Image** | `mcr.microsoft.com/azuredocs/containerapps-helloworld:latest` ❌ | `mcr.microsoft.com/azuredocs/containerapps-helloworld:latest` ❌ |
| **Expected Image** | `crbankingdemooqaqx.azurecr.io/three-rivers-bank/backend-banking-demo:azd-deploy-1773698363` | `crbankingdemooqaqx.azurecr.io/three-rivers-bank/frontend-banking-demo:azd-deploy-1773698383` |
| **Current Revision** | `ca-banking-demo-backend--0000007` (was `--0000006`) | `ca-banking-demo-frontend--0000006` (was `--0000005`) |
| **Resource Limits** | ✅ 0.5 CPU, 1Gi | ✅ 0.25 CPU, 0.5Gi |
| **Env Vars** | ✅ All correct | ✅ VITE_API_BASE_URL corrected |

### Context
- Both revisions incremented (backend 0000006→0000007, frontend 0000005→0000006), indicating new out-of-band deployments replaced production images.
- This is reminiscent of the backend-only hello-world incident from issue #38 (2026-03-16), but now affects **both** apps simultaneously.
- The frontend `VITE_API_BASE_URL` drift tracked in issue #42 appears to have been resolved as part of these changes.

### Impact
- **Backend API**: Not serving Spring Boot application — all `/api/cards` endpoints return hello-world response
- **Frontend UI**: Not serving React application — users see generic hello-world page
- **End Users**: Complete loss of service

### Recommended Remediation

**Option 1 — Targeted image restore (fastest):**
```bash
# Restore backend image
az containerapp update -n ca-banking-demo-backend -g rg-banking-demo \
  --subscription 529eddcc-17c4-4834-842d-73670845229b \
  --image crbankingdemooqaqx.azurecr.io/three-rivers-bank/backend-banking-demo:azd-deploy-1773698363

# Restore frontend image
az containerapp update -n ca-banking-demo-frontend -g rg-banking-demo \
  --subscription 529eddcc-17c4-4834-842d-73670845229b \
  --image crbankingdemooqaqx.azurecr.io/three-rivers-bank/frontend-banking-demo:azd-deploy-1773698383
```

**Option 2 — Full redeploy:**
```bash
azd deploy
```

### Investigation Recommended
The repeated replacement of production images with hello-world suggests either unauthorized access, a misconfigured CI/CD pipeline, or deliberate testing. An audit of Azure Activity Logs for the `rg-banking-demo` resource group is recommended to identify the actor and prevent recurrence.
---
*This issue was created by three-rivers-bank-sre--35969ff3*
Tracked by the SRE agent [here](https://portal.azure.com/?feature.customPortal=false&feature.canmodifystamps=true&feature.fastmanifest=false&nocdn=force&websitesextension_loglevel=verbose&Microsoft_Azure_PaasServerless=beta&microsoft_azure_paasserverless_assettypeoptions=%7B%22SreAgentCustomMenu%22%3A%7B%22options%22%3A%22%22%7D%7D#view/Microsoft_Azure_PaasServerless/AgentFrameBlade.ReactView/id/%2Fsubscriptions%2F529eddcc-17c4-4834-842d-73670845229b%2FresourceGroups%2Frg-sre-agent-threeriversbank%2Fproviders%2FMicrosoft.App%2Fagents%2Fthree-rivers-bank-sre/sreLink/%2Fviews%2Factivities%2Fthreads%2Febc31550-c867-4afc-997b-bc05a7d671f4)


Property	Backend	Frontend
Current Image	`mcr.microsoft.com/azuredocs/containerapps-helloworld:latest` ❌	`mcr.microsoft.com/azuredocs/containerapps-helloworld:latest` ❌
Expected Image	`crbankingdemooqaqx.azurecr.io/three-rivers-bank/backend-banking-demo:azd-deploy-1773698363`	`crbankingdemooqaqx.azurecr.io/three-rivers-bank/frontend-banking-demo:azd-deploy-1773698383`
Current Revision	`ca-banking-demo-backend--0000007` (was `--0000006`)	`ca-banking-demo-frontend--0000006` (was `--0000005`)
Resource Limits	✅ 0.5 CPU, 1Gi	✅ 0.25 CPU, 0.5Gi
Env Vars	✅ All correct	✅ VITE_API_BASE_URL corrected

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CRITICAL: Both backend and frontend container images replaced with hello-world #43

Configuration Drift Detected — Check #49 (2026-03-17 21:30 UTC)

Severity: CRITICAL — Complete Application Outage

Summary

Drift Details

Context

Impact

Recommended Remediation

Investigation Recommended

The repeated replacement of production images with hello-world suggests either unauthorized access, a misconfigured CI/CD pipeline, or deliberate testing. An audit of Azure Activity Logs for the `rg-banking-demo` resource group is recommended to identify the actor and prevent recurrence.

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CRITICAL: Both backend and frontend container images replaced with hello-world #43

Description

Configuration Drift Detected — Check #49 (2026-03-17 21:30 UTC)

Severity: CRITICAL — Complete Application Outage

Summary

Drift Details

Context

Impact

Recommended Remediation

Investigation Recommended

The repeated replacement of production images with hello-world suggests either unauthorized access, a misconfigured CI/CD pipeline, or deliberate testing. An audit of Azure Activity Logs for the rg-banking-demo resource group is recommended to identify the actor and prevent recurrence.

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions

The repeated replacement of production images with hello-world suggests either unauthorized access, a misconfigured CI/CD pipeline, or deliberate testing. An audit of Azure Activity Logs for the `rg-banking-demo` resource group is recommended to identify the actor and prevent recurrence.