From eae08fc1a943b4a256a4c01f8ce1c60800052b92 Mon Sep 17 00:00:00 2001 From: Cheena Malhotra Date: Tue, 10 Mar 2026 23:36:01 -0700 Subject: [PATCH 01/15] [Release/6.1] Governed release templates --- eng/pipelines/akv-official-pipeline.yml | 147 --------- .../dotnet-sqlclient-signing-pipeline.yml | 169 ---------- eng/pipelines/libraries/common-variables.yml | 50 --- .../jobs/build-akv-official-job.yml | 1 - .../jobs/build-signed-package-job.yml | 4 +- .../jobs/publish-nuget-package-job.yml | 103 ++++++ .../jobs/run-tests-package-reference-job.yml | 14 +- .../jobs/validate-signed-package-job.yml | 2 +- .../onebranch/sqlclient-non-official.yml | 287 +++++++++++++++++ .../onebranch/sqlclient-official.yml | 297 ++++++++++++++++++ ...ld-all-configurations-signed-dlls-step.yml | 0 .../steps/code-analyze-step.yml | 0 .../steps/compound-build-akv-step.yml | 0 .../steps/compound-esrp-code-signing-step.yml | 0 ...ompound-extract-akv-apiscan-files-step.yml | 0 .../steps/compound-nuget-pack-step.yml | 0 .../steps/compound-publish-symbols-step.yml | 0 .../steps/copy-dlls-for-test-step.yml | 0 .../steps/esrp-code-signing-step.yml | 0 .../steps/publish-symbols-step.yml | 0 .../steps/roslyn-analyzers-akv-step.yml | 0 ...ript-output-environment-variables-step.yml | 0 .../variables}/build-variables.yml | 0 .../onebranch/variables/common-variables.yml | 115 +++++++ .../variables}/mds-validation-variables.yml | 0 .../variables}/mds-variables.yml | 0 .../variables}/variables.yml | 0 .../variables/akv-official-variables.yml | 44 --- eng/pipelines/variables/common-variables.yml | 19 -- .../variables/esrp-signing-variables.yml | 17 - .../variables/onebranch-variables.yml | 21 -- 31 files changed, 812 insertions(+), 478 deletions(-) delete mode 100644 eng/pipelines/akv-official-pipeline.yml delete mode 100644 eng/pipelines/dotnet-sqlclient-signing-pipeline.yml delete mode 100644 eng/pipelines/libraries/common-variables.yml rename eng/pipelines/{ => onebranch}/jobs/build-akv-official-job.yml (98%) rename eng/pipelines/{common/templates => onebranch}/jobs/build-signed-package-job.yml (93%) create mode 100644 eng/pipelines/onebranch/jobs/publish-nuget-package-job.yml rename eng/pipelines/{common/templates => onebranch}/jobs/run-tests-package-reference-job.yml (79%) rename eng/pipelines/{common/templates => onebranch}/jobs/validate-signed-package-job.yml (99%) create mode 100644 eng/pipelines/onebranch/sqlclient-non-official.yml create mode 100644 eng/pipelines/onebranch/sqlclient-official.yml rename eng/pipelines/{common/templates => onebranch}/steps/build-all-configurations-signed-dlls-step.yml (100%) rename eng/pipelines/{common/templates => onebranch}/steps/code-analyze-step.yml (100%) rename eng/pipelines/{ => onebranch}/steps/compound-build-akv-step.yml (100%) rename eng/pipelines/{ => onebranch}/steps/compound-esrp-code-signing-step.yml (100%) rename eng/pipelines/{ => onebranch}/steps/compound-extract-akv-apiscan-files-step.yml (100%) rename eng/pipelines/{ => onebranch}/steps/compound-nuget-pack-step.yml (100%) rename eng/pipelines/{ => onebranch}/steps/compound-publish-symbols-step.yml (100%) rename eng/pipelines/{common/templates => onebranch}/steps/copy-dlls-for-test-step.yml (100%) rename eng/pipelines/{common/templates => onebranch}/steps/esrp-code-signing-step.yml (100%) rename eng/pipelines/{common/templates => onebranch}/steps/publish-symbols-step.yml (100%) rename eng/pipelines/{ => onebranch}/steps/roslyn-analyzers-akv-step.yml (100%) rename eng/pipelines/{ => onebranch}/steps/script-output-environment-variables-step.yml (100%) rename eng/pipelines/{libraries => onebranch/variables}/build-variables.yml (100%) create mode 100644 eng/pipelines/onebranch/variables/common-variables.yml rename eng/pipelines/{libraries => onebranch/variables}/mds-validation-variables.yml (100%) rename eng/pipelines/{libraries => onebranch/variables}/mds-variables.yml (100%) rename eng/pipelines/{libraries => onebranch/variables}/variables.yml (100%) delete mode 100644 eng/pipelines/variables/akv-official-variables.yml delete mode 100644 eng/pipelines/variables/common-variables.yml delete mode 100644 eng/pipelines/variables/esrp-signing-variables.yml delete mode 100644 eng/pipelines/variables/onebranch-variables.yml diff --git a/eng/pipelines/akv-official-pipeline.yml b/eng/pipelines/akv-official-pipeline.yml deleted file mode 100644 index d7bc900bb8..0000000000 --- a/eng/pipelines/akv-official-pipeline.yml +++ /dev/null @@ -1,147 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# - -name: $(Year:YY)$(DayOfYear)$(Rev:.r) - -# @TODO: Add triggers and schedules - -parameters: - - name: oneBranchType - displayName: 'OneBranch template' - type: 'string' - values: - - 'Official' - - 'NonOfficial' - default: 'Official' - - - name: buildConfiguration - displayName: 'Build configuration' - type: 'string' - values: - - 'Release' - - 'Debug' - default: 'Release' - - - name: publishSymbols - displayName: 'Publish symbols' - type: 'boolean' - default: false - - - name: runSdlTasks - displayName: 'Run SDL Tasks' - type: 'boolean' - default: true - -variables: - - template: /eng/pipelines/variables/common-variables.yml@self - - template: /eng/pipelines/variables/onebranch-variables.yml@self - - template: /eng/pipelines/variables/esrp-signing-variables.yml@self - - template: /eng/pipelines/variables/akv-official-variables.yml@self - -resources: - repositories: - - repository: templates - type: 'git' - name: 'OneBranch.Pipelines/GovernedTemplates' - ref: 'refs/heads/main' - -extends: - template: 'v2/OneBranch.${{ parameters.oneBranchType }}.CrossPlat.yml@templates' - - parameters: - featureFlags: - WindowsHostVersion: - Version: '2022' - - globalSdl: - # See https://aka.ms/obpipelines/sdl - - apiscan: - enabled: ${{ parameters.runSdlTasks }} - softwareFolder: '${{ variables.apiScanDllPath }}' - softwareName: 'Microsoft.Data.SqlClient' # Note: This name is registered with ApiScan - softwareVersionNum: '${{ variables.assemblyFileVersion }}' - symbolsFolder: '${{ variables.apiScanPdbPath }}' - - armory: - enabled: ${{ parameters.runSdlTasks }} - break: true - - asyncSdl: - # If this should be enabled, move supported tools under this item, - # see https://aka.ms/obpipelines/asyncsdl - enabled: false - - binskim: - enabled: ${{ parameters.runSdlTasks }} - break: true - - codeinspector: - enabled: ${{ parameters.runSdlTasks }} - logLevel: Error - - codeql: - enabled: ${{ parameters.runSdlTasks }} - sourceRoot: '$(REPO_ROOT)/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider' - # Note, this can only be done if project doesn't depend on other projects. In - # package reference mode, this is true, but if we ever enable project reference - # builds, this will have to be removed. - - credscan: - enabled: ${{ parameters.runSdlTasks }} - suppressionsFile: '$(REPO_ROOT)/.config/CredScanSuppressions.json' - - eslint: - enabled: false - - policheck: - enabled: ${{ parameters.runSdlTasks }} - break: true - exclusionFile: '$(REPO_ROOT)/.config/PolicheckExclusions.xml' - - roslyn: - enabled: ${{ parameters.runSdlTasks }} - break: true - # Requires RoslynAnalyzers task to be added after build task - - publishLogs: - enabled: ${{ parameters.runSdlTasks }} - - sbom: - enabled: ${{ parameters.runSdlTasks }} - packageName: 'Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider' - packageVersion: ${{ variables.nugetPackageVersion }} - - tsa: - # OneBranch publishes all sdl results to TSA. If TSA is disabled all SDL tools will - # be forced into 'break' build mode. - enabled: ${{ eq(parameters.oneBranchType, 'Official') }} - configFile: '$(REPO_ROOT)/.config/tsaoptions.json' - - stages: - - stage: BuildAkv - displayName: 'Build AKV' - jobs: - - template: /eng/pipelines/jobs/build-akv-official-job.yml@self - parameters: - apiScanDllPath: '${{ variables.apiScanDllPath }}' - apiScanPdbPath: '${{ variables.apiScanPdbPath }}' - assemblyFileVersion: '${{ variables.assemblyFileVersion }}' - buildConfiguration: '${{ parameters.buildConfiguration }}' - nugetPackageVersion: '${{ variables.nugetPackageVersion }}' - mdsPackageVersion: '${{ variables.mdsPackageVersion }}' - publishSymbols: '${{ parameters.publishSymbols }}' - signingAppRegistrationClientId: '$(SigningAppRegistrationClientId)' - signingAppRegistrationTenantId: '$(SigningAppRegistrationTenantId)' - signingAuthAkvName: '$(SigningAuthAkvName)' - signingAuthSignCertName: '$(SigningAuthSignCertName)' - signingEsrpClientId: '$(SigningEsrpClientId)' - signingEsrpConnectedServiceName: '$(SigningEsrpConnectedServiceName)' - symbolsAzureSubscription: '$(SymbolsAzureSubscription)' - symbolsPublishProjectName: '$(SymbolsPublishProjectName)' - symbolsPublishServer: '$(SymbolsPublishServer)' - symbolsPublishTokenUri: '$(SymbolsPublishTokenUri)' - symbolsUploadAccount: '$(SymbolsUploadAccount)' diff --git a/eng/pipelines/dotnet-sqlclient-signing-pipeline.yml b/eng/pipelines/dotnet-sqlclient-signing-pipeline.yml deleted file mode 100644 index cabb39e11f..0000000000 --- a/eng/pipelines/dotnet-sqlclient-signing-pipeline.yml +++ /dev/null @@ -1,169 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# - -name: $(Year:YY)$(DayOfYear)$(Rev:.r) -trigger: - branches: - include: - - internal/release/6.1 - paths: - include: - - src - - eng - - tools - - .config - - build.proj - - Nuget.config - - '*.cmd' - - '*.sh' - -schedules: -- cron: '0 5 * * Mon' - displayName: Weekly Sunday 10:00 PM (UTC - 7) Build - branches: - include: - - internal/release/6.1 - always: true - -parameters: # parameters are shown up in ADO UI in a build queue time -- name: 'debug' - displayName: 'Enable debug output' - type: boolean - default: true - -- name: publishSymbols - displayName: 'Publish symbols' - type: boolean - default: false - -- name: CurrentNetFxVersion - displayName: 'Lowest supported .NET Framework version (MDS validation)' - type: string - default: 'net462' - -- name: oneBranchType - displayName: 'Select OneBranch template' - default: Official - values: - - NonOfficial - - Official - -- name: isPreview - displayName: 'Is this a preview build?' - type: boolean - default: false - -# The timeout, in minutes, for each test job. -- name: testsTimeout - displayName: 'Tests timeout (in minutes)' - type: string - default: 90 - -variables: - - template: /eng/pipelines/libraries/variables.yml@self - - name: packageFolderName - value: drop_buildMDS_build_signed_package - - name: PublishSymbols - value: ${{ parameters['publishSymbols'] }} - - name: CurrentNetFxVersion - value: ${{ parameters['CurrentNetFxVersion'] }} - -resources: - repositories: - - repository: templates - type: git - name: OneBranch.Pipelines/GovernedTemplates - ref: refs/heads/main - -extends: - template: v2/OneBranch.${{parameters.oneBranchType }}.CrossPlat.yml@templates # https://aka.ms/obpipelines/templates - parameters: - featureFlags: - # Suggested by MerlinBot (https://sqlclientdrivers.visualstudio.com/ADO.Net/_git/dotnet-sqlclient/pullrequest/4882) - EnableCDPxPAT: false - WindowsHostVersion: 1ESWindows2022 - globalSdl: # https://aka.ms/obpipelines/sdl - tsa: - # The OneBranch template will set 'break' to false for the other SDL - # tools when TSA is enabled. This allows TSA to gather the results - # and publish them for downstream analysis. - enabled: true - apiscan: - enabled: true - # For non-official builds, the OneBranch template seems to set APIScan's - # 'break' to true even when TSA is enabled. We don't want APIScan to - # break non-official builds, so we explicitly set 'break' to false here. - ${{ if ne(parameters.oneBranchType, 'Official') }}: - break: false - softwareFolder: $(softwareFolder) - symbolsFolder: $(symbolsFolder) - softwarename: Microsoft.Data.SqlClient - versionNumber: $(AssemblyFileVersion) - codeql: - compiled: - enabled: ${{ not(parameters['isPreview']) }} - sbom: - enabled: ${{ not(parameters['isPreview']) }} - packageName: Microsoft.Data.SqlClient - packageVersion: $(NugetPackageVersion) - policheck: - enabled: ${{ not(parameters['isPreview']) }} - break: true # always break the build on policheck issues. You can disable it by setting to 'false' - exclusionsFile: $(REPOROOT)\.config\PolicheckExclusions.xml - asyncSdl: - enabled: false - credscan: - enabled: ${{ not(parameters['isPreview']) }} - suppressionsFile: $(REPOROOT)/.config/CredScanSuppressions.json - binskim: - enabled: ${{ not(parameters['isPreview']) }} - armory: - enabled: ${{ not(parameters['isPreview']) }} - break: true - eslint: # TypeScript and JavaScript - enabled: false - roslyn: - enabled: ${{ not(parameters['isPreview']) }} - break: true - publishLogs: - enabled: ${{ not(parameters['isPreview']) }} - tsaOptionsPath: $(REPOROOT)\.config\tsaoptions.json - disableLegacyManifest: true - stages: - - stage: buildMDS - displayName: 'Build MDS' - jobs: - - template: eng/pipelines/common/templates/jobs/build-signed-package-job.yml@self - parameters: - symbolsFolder: $(symbolsFolder) - softwareFolder: $(softwareFolder) - publishSymbols: ${{ parameters['publishSymbols'] }} - isPreview: ${{ parameters['isPreview'] }} - - - stage: mds_package_validation - displayName: 'MDS Package Validation' - dependsOn: buildMDS - jobs: - - template: eng/pipelines/common/templates/jobs/validate-signed-package-job.yml@self - parameters: - packageFolderName: $(packageFolderName) - isPreview: ${{ parameters['isPreview'] }} - downloadPackageStep: - download: current - artifact: $(packageFolderName) - patterns: '**/*.*nupkg' - displayName: 'Download NuGet Package' - - - template: eng/pipelines/common/templates/jobs/run-tests-package-reference-job.yml@self - parameters: - packageFolderName: $(packageFolderName) - isPreview: ${{ parameters['isPreview'] }} - timeout: ${{ parameters.testsTimeout }} - downloadPackageStep: - download: current - artifact: $(packageFolderName) - patterns: '**/*.nupkg' - displayName: 'Download NuGet Package' diff --git a/eng/pipelines/libraries/common-variables.yml b/eng/pipelines/libraries/common-variables.yml deleted file mode 100644 index b1b5d5ce7f..0000000000 --- a/eng/pipelines/libraries/common-variables.yml +++ /dev/null @@ -1,50 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# - -variables: - - group: ESRP Federated Creds (AME) - # ESRPConnectedServiceName - # ESRPClientId - # AppRegistrationClientId - # AppRegistrationTenantId - # AuthAKVName - # AuthSignCertName - - - name: Configuration - value: Release - - name: CommitHead - value: '' # the value will be extracted from the repo's head - - name: REPOROOT - value: $(Build.SourcesDirectory) - - name: softwareFolder - value: $(REPOROOT)/software - - name: symbolsFolder - value: $(REPOROOT)/symbols - - name: artifactDirectory - value: '$(REPOROOT)/packages' - - # Update this after every release. This is used to generate the MDS NuGet package version. - - name: Major - value: '6' - - name: Minor - value: '1' - - name: Patch - value: '1' - - # Update this for preview releases. - - name: Preview - value: '-preview' - - name: Revision - value: '3' - - - name: NugetPackageVersion - value: $(Major).$(Minor).$(Patch) - - name: PreviewNugetPackageVersion - value: $(Major).$(Minor).$(Patch)$(Preview)$(Revision).$(Build.BuildNumber) - - name: AssemblyFileVersion - value: '$(Major).$(Minor)$(Patch).$(Build.BuildNumber)' - - name: nuspecPath - value: '$(REPOROOT)/tools/specs/Microsoft.Data.SqlClient.nuspec' diff --git a/eng/pipelines/jobs/build-akv-official-job.yml b/eng/pipelines/onebranch/jobs/build-akv-official-job.yml similarity index 98% rename from eng/pipelines/jobs/build-akv-official-job.yml rename to eng/pipelines/onebranch/jobs/build-akv-official-job.yml index af8f546eff..05f81726b0 100644 --- a/eng/pipelines/jobs/build-akv-official-job.yml +++ b/eng/pipelines/onebranch/jobs/build-akv-official-job.yml @@ -91,7 +91,6 @@ jobs: assemblyFileVersion: '${{ parameters.assemblyFileVersion }}' buildConfiguration: '${{ parameters.buildConfiguration }}' mdsPackageVersion: '${{ parameters.mdsPackageVersion }}' - signingKeyPath: '$(Agent.TempDirectory)/netfxKeypair.snk' - ${{ each targetFramework in parameters.targetFrameworks }}: - template: ../steps/compound-extract-akv-apiscan-files-step.yml diff --git a/eng/pipelines/common/templates/jobs/build-signed-package-job.yml b/eng/pipelines/onebranch/jobs/build-signed-package-job.yml similarity index 93% rename from eng/pipelines/common/templates/jobs/build-signed-package-job.yml rename to eng/pipelines/onebranch/jobs/build-signed-package-job.yml index 91eb864337..3c1868be82 100644 --- a/eng/pipelines/common/templates/jobs/build-signed-package-job.yml +++ b/eng/pipelines/onebranch/jobs/build-signed-package-job.yml @@ -25,7 +25,7 @@ jobs: type: windows # read more about custom job pool types at https://aka.ms/obpipelines/yaml/jobs variables: - - template: ../../../libraries/variables.yml@self + - template: ../variables/variables.yml@self - ${{ if parameters.isPreview }}: - name: NugetPackageVersion value: $(PreviewNugetPackageVersion) @@ -48,7 +48,7 @@ jobs: parameters: artifactType: dll - - template: ../steps/generate-nuget-package-step.yml@self + - template: /eng/pipelines/common/templates/steps/generate-nuget-package-step.yml@self parameters: OutputDirectory: $(artifactDirectory) diff --git a/eng/pipelines/onebranch/jobs/publish-nuget-package-job.yml b/eng/pipelines/onebranch/jobs/publish-nuget-package-job.yml new file mode 100644 index 0000000000..554ffa927b --- /dev/null +++ b/eng/pipelines/onebranch/jobs/publish-nuget-package-job.yml @@ -0,0 +1,103 @@ +################################################################################# +# Licensed to the .NET Foundation under one or more agreements. # +# The .NET Foundation licenses this file to you under the MIT license. # +# See the LICENSE file in the project root for more information. # +################################################################################# + +# Reusable job template for publishing a signed NuGet package to a NuGet feed. +# Downloads the pipeline artifact produced by a build job and pushes .nupkg +# and .snupkg files using NuGetCommand@2. +# +# Uses a deployment job with ADO environment for approval gates. +# +# OneBranch Requirements: +# - All deployment jobs must use releaseJob syntax per 1ES Pipeline Templates v2. +# - Must declare inputs via templateContext since deploy lifecycle doesn't +# auto-download. +# - See: +# https://eng.ms/docs/products/onebranch/build/releasepipelines/releaseworkflows/deploymentjob + +parameters: + # The NuGet package name, used to form the default packagePath and for display + # strings. + - name: packageName + type: string + + # The pipeline artifact name to download (OneBranch naming: drop__). + - name: artifactName + type: string + + # NuGet service connection name for authentication. + - name: nugetServiceConnection + type: string + + # Indicates whether this is a production release (enables additional 1ES PT + # checks). + - name: isProduction + type: boolean + default: false + + # The path to the NuGet package to publish, relative to the root of the + # downloaded pipeline artifact. + # + # Defaults to '${{ parameters.packageName }}.*.nupkg' to match any version + # of the package. + - name: packagePath + type: string + default: '' + + # When true, lists the package that would be published without actually pushing. + - name: isDryRun + type: boolean + default: false + +# Read more: https://eng.ms/docs/products/onebranch/release/yamlreleasepipelines/pipelinebasics#what-is-a-onebranch-release-yaml-pipeline +jobs: + - job: publish_${{ replace(parameters.packageName, '.', '_') }} + displayName: Publish ${{ parameters.packageName }} + + variables: + - name: ob_outputDirectory + value: $(Build.SourcesDirectory)/output + + - name: artifactPath + value: $(Pipeline.Workspace)/${{ parameters.artifactName }} + + - name: packageToPush + value: $(artifactPath)/${{ coalesce(parameters.packagePath, format('{0}.*.nupkg', parameters.packageName)) }} + + # Template context inputs are used to pass parameters to the deployment job + # since it doesn't automatically download pipeline artifacts. + templateContext: + type: releaseJob + isProduction: ${{ parameters.isProduction }} + inputs: + - input: pipelineArtifact + artifactName: ${{ parameters.artifactName }} + targetPath: $(artifactPath) + + pool: + type: release + + steps: + + # Artifacts are downloaded via templateContext.inputs per OneBranch + # requirements. + + - ${{ if eq(parameters.isDryRun, true) }}: + - pwsh: | + Write-Host "##[section]DRY RUN — The following packages would be published:" + + Get-ChildItem -Path "$(packageToPush)" -ErrorAction SilentlyContinue + + Write-Host "##[warning]DRY RUN — No packages were pushed." + displayName: Dry Run — List ${{ parameters.packageName }} packages + + - ${{ else }}: + - task: NuGetCommand@2 + displayName: Push ${{ parameters.packageName }} to NuGet + inputs: + command: push + packagesToPush: $(packageToPush) + nuGetFeedType: external + publishFeedCredentials: ${{ parameters.nugetServiceConnection }} diff --git a/eng/pipelines/common/templates/jobs/run-tests-package-reference-job.yml b/eng/pipelines/onebranch/jobs/run-tests-package-reference-job.yml similarity index 79% rename from eng/pipelines/common/templates/jobs/run-tests-package-reference-job.yml rename to eng/pipelines/onebranch/jobs/run-tests-package-reference-job.yml index 14aea42411..7ae3b62adb 100644 --- a/eng/pipelines/common/templates/jobs/run-tests-package-reference-job.yml +++ b/eng/pipelines/onebranch/jobs/run-tests-package-reference-job.yml @@ -42,35 +42,35 @@ jobs: vmImage: 'ADO-MMS22-SQL19' variables: # More settings at https://aka.ms/obpipelines/yaml/jobs - - template: ../../../libraries/mds-validation-variables.yml@self + - template: ../variables/mds-validation-variables.yml@self steps: - - template: ../steps/pre-build-step.yml + - template: /eng/pipelines/common/templates/steps/pre-build-step.yml - ${{parameters.downloadPackageStep }} - - template: ../steps/update-nuget-config-local-feed-step.yml + - template: /eng/pipelines/common/templates/steps/update-nuget-config-local-feed-step.yml parameters: downloadedNugetPath: $(Pipeline.Workspace)\${{parameters.packageFolderName }} ${{ if parameters.isPreview }}: nugetPackageVersion: $(PreviewNugetPackageVersion) - - template: ../steps/update-config-file-step.yml + - template: /eng/pipelines/common/templates/steps/update-config-file-step.yml parameters: TCPConnectionString: $(SQL_TCP_CONN_STRING) NPConnectionString: $(SQL_NP_CONN_STRING) SupportsIntegratedSecurity: false - - template: ../steps/prepare-test-db-step.yml + - template: /eng/pipelines/common/templates/steps/prepare-test-db-step.yml # build & test - - template: ../steps/build-and-run-tests-netfx-step.yml + - template: /eng/pipelines/common/templates/steps/build-and-run-tests-netfx-step.yml parameters: referenceType: Package ${{ if parameters.isPreview }}: nugetPackageVersion: $(PreviewNugetPackageVersion) - - template: ../steps/build-and-run-tests-netcore-step.yml + - template: /eng/pipelines/common/templates/steps/build-and-run-tests-netcore-step.yml parameters: referenceType: Package cleanFirst: true diff --git a/eng/pipelines/common/templates/jobs/validate-signed-package-job.yml b/eng/pipelines/onebranch/jobs/validate-signed-package-job.yml similarity index 99% rename from eng/pipelines/common/templates/jobs/validate-signed-package-job.yml rename to eng/pipelines/onebranch/jobs/validate-signed-package-job.yml index 009e6f2647..390ca64eca 100644 --- a/eng/pipelines/common/templates/jobs/validate-signed-package-job.yml +++ b/eng/pipelines/onebranch/jobs/validate-signed-package-job.yml @@ -48,7 +48,7 @@ jobs: vmImage: 'ADO-MMS22-SQL19' variables: # More settings at https://aka.ms/obpipelines/yaml/jobs - - template: ../../../libraries/mds-validation-variables.yml@self + - template: ../variables/mds-validation-variables.yml@self - name: pathToDownloadedNuget # path to the downloaded nuget files value: $(Pipeline.Workspace)\${{parameters.packageFolderName }} diff --git a/eng/pipelines/onebranch/sqlclient-non-official.yml b/eng/pipelines/onebranch/sqlclient-non-official.yml new file mode 100644 index 0000000000..ad11ad5bbc --- /dev/null +++ b/eng/pipelines/onebranch/sqlclient-non-official.yml @@ -0,0 +1,287 @@ +################################################################################# +# Licensed to the .NET Foundation under one or more agreements. # +# The .NET Foundation licenses this file to you under the MIT license. # +# See the LICENSE file in the project root for more information. # +################################################################################# + +name: $(Year:YY)$(DayOfYear)$(Rev:.r) +trigger: + branches: + include: + - internal/release/6.1 + paths: + include: + - src + - eng + - tools + - .config + - build.proj + - Nuget.config + - '*.cmd' + - '*.sh' + +parameters: # parameters are shown up in ADO UI in a build queue time +- name: 'debug' + displayName: 'Enable debug output' + type: boolean + default: true + +- name: publishSymbols + displayName: 'Publish symbols' + type: boolean + default: false + +- name: CurrentNetFxVersion + displayName: 'Lowest supported .NET Framework version (MDS validation)' + type: string + default: 'net462' + +- name: isPreview + displayName: 'Is this a preview build?' + type: boolean + default: false + +# The timeout, in minutes, for each test job. +- name: testsTimeout + displayName: 'Tests timeout (in minutes)' + type: string + default: 90 + +# Build the AKV Provider package. +- name: buildAKVProvider + displayName: 'Build Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider' + type: boolean + default: true + +# Release Dry Run (do not push to NuGet) +- name: releaseDryRun + displayName: 'Release Dry Run (do not push to NuGet)' + type: boolean + default: true + +# Release the Microsoft.Data.SqlClient package. +- name: releaseSqlClient + displayName: 'Release Microsoft.Data.SqlClient' + type: boolean + default: false + +# Release the AKV Provider package. +- name: releaseAKVProvider + displayName: 'Release Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider' + type: boolean + default: false + +variables: + - template: /eng/pipelines/onebranch/variables/variables.yml@self + - name: packageFolderName + value: drop_buildMDS_build_signed_package + - name: PublishSymbols + value: ${{ parameters['publishSymbols'] }} + - name: CurrentNetFxVersion + value: ${{ parameters['CurrentNetFxVersion'] }} + # The effective NuGet package version used by the release stage. + - ${{ if parameters.isPreview }}: + - name: effectiveMDSPackageVersion + value: $(PreviewNugetPackageVersion) + - name: effectiveAkvPackageVersion + value: $(akvPreviewPackageVersion) + - ${{ else }}: + - name: effectiveMDSPackageVersion + value: $(NugetPackageVersion) + - name: effectiveAkvPackageVersion + value: $(akvPackageVersion) + +resources: + repositories: + - repository: templates + type: git + name: OneBranch.Pipelines/GovernedTemplates + ref: refs/heads/main + +extends: + template: v2/OneBranch.NonOfficial.CrossPlat.yml@templates # https://aka.ms/obpipelines/templates + parameters: + release: + # This indicates the pipeline category to deploy Box products. See: + # https://eng.ms/docs/products/onebranch/release/yamlreleasepipelines/deployboxproducts + category: NonAzure + featureFlags: + # Suggested by MerlinBot (https://sqlclientdrivers.visualstudio.com/ADO.Net/_git/dotnet-sqlclient/pullrequest/4882) + EnableCDPxPAT: false + WindowsHostVersion: 1ESWindows2022 + globalSdl: # https://aka.ms/obpipelines/sdl + tsa: + # The OneBranch template will set 'break' to false for the other SDL + # tools when TSA is enabled. This allows TSA to gather the results + # and publish them for downstream analysis. + enabled: false + apiscan: + enabled: true + break: false + softwareFolder: $(softwareFolder) + symbolsFolder: $(symbolsFolder) + softwarename: Microsoft.Data.SqlClient + versionNumber: $(AssemblyFileVersion) + codeql: + compiled: + enabled: ${{ not(parameters['isPreview']) }} + sbom: + enabled: ${{ not(parameters['isPreview']) }} + packageName: Microsoft.Data.SqlClient + packageVersion: $(NugetPackageVersion) + policheck: + enabled: ${{ not(parameters['isPreview']) }} + break: true # always break the build on policheck issues. You can disable it by setting to 'false' + exclusionsFile: $(REPOROOT)\.config\PolicheckExclusions.xml + asyncSdl: + enabled: false + credscan: + enabled: ${{ not(parameters['isPreview']) }} + suppressionsFile: $(REPOROOT)/.config/CredScanSuppressions.json + binskim: + enabled: ${{ not(parameters['isPreview']) }} + armory: + enabled: ${{ not(parameters['isPreview']) }} + break: true + eslint: # TypeScript and JavaScript + enabled: false + roslyn: + enabled: ${{ not(parameters['isPreview']) }} + break: true + publishLogs: + enabled: ${{ not(parameters['isPreview']) }} + tsaOptionsPath: $(REPOROOT)\.config\tsaoptions.json + disableLegacyManifest: true + stages: + - stage: buildMDS + displayName: 'Build MDS' + jobs: + - template: /eng/pipelines/onebranch/jobs/build-signed-package-job.yml@self + parameters: + symbolsFolder: $(symbolsFolder) + softwareFolder: $(softwareFolder) + publishSymbols: ${{ parameters['publishSymbols'] }} + isPreview: ${{ parameters['isPreview'] }} + + - stage: mds_package_validation + displayName: 'MDS Package Validation' + dependsOn: buildMDS + jobs: + - template: /eng/pipelines/onebranch/jobs/validate-signed-package-job.yml@self + parameters: + packageFolderName: $(packageFolderName) + isPreview: ${{ parameters['isPreview'] }} + downloadPackageStep: + download: current + artifact: $(packageFolderName) + patterns: '**/*.*nupkg' + displayName: 'Download NuGet Package' + + - template: /eng/pipelines/onebranch/jobs/run-tests-package-reference-job.yml@self + parameters: + packageFolderName: $(packageFolderName) + isPreview: ${{ parameters['isPreview'] }} + timeout: ${{ parameters.testsTimeout }} + downloadPackageStep: + download: current + artifact: $(packageFolderName) + patterns: '**/*.nupkg' + displayName: 'Download NuGet Package' + + # ================================================================== + # Build Add-on Packages (AKV Provider) + # Depends on MDS build completing first. + # ================================================================== + - ${{ if eq(parameters.buildAKVProvider, true) }}: + - stage: build_addons + displayName: 'Build Add-on Packages' + dependsOn: buildMDS + + variables: + - name: PACKAGE_NAME + value: 'Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider' + + jobs: + - template: /eng/pipelines/onebranch/jobs/build-akv-official-job.yml@self + parameters: + apiScanDllPath: $(apiScanDllPath) + apiScanPdbPath: $(apiScanPdbPath) + assemblyFileVersion: $(akvAssemblyFileVersion) + buildConfiguration: Release + nugetPackageVersion: $(effectiveAkvPackageVersion) + mdsPackageVersion: $(akvMdsPackageVersion) + publishSymbols: ${{ parameters['publishSymbols'] }} + signingAppRegistrationClientId: $(SigningAppRegistrationClientId) + signingAppRegistrationTenantId: $(SigningAppRegistrationTenantId) + signingAuthAkvName: $(SigningAuthAkvName) + signingAuthSignCertName: $(SigningAuthSignCertName) + signingEsrpClientId: $(SigningEsrpClientId) + signingEsrpConnectedServiceName: $(SigningEsrpConnectedServiceName) + symbolsAzureSubscription: $(SymbolsAzureSubscription) + symbolsPublishProjectName: $(SymbolsPublishProjectName) + symbolsPublishServer: $(SymbolsPublishServer) + symbolsPublishTokenUri: $(SymbolsPublishTokenUri) + symbolsUploadAccount: $(SymbolsUploadAccount) + + # ================================================================== + # Release Stage — on-demand publish to NuGet.org + # + # Compile-time conditional: stage is removed entirely when no + # release parameters are selected, avoiding OneBranch validation + # errors for empty stages. + # + # Official pipeline → Production environment, approval gate, + # dryRun controlled by releaseDryRun parameter. + # Non-official → Test environment, dryRun always enforced. + # ================================================================== + - ${{ if eq(parameters.releaseSqlClient, true) }}: + - stage: release_sqlclient + ${{ if eq(parameters.releaseDryRun, true) }}: + displayName: 'Release Microsoft.Data.SqlClient (Dry Run)' + ${{ else }}: + displayName: 'Release Microsoft.Data.SqlClient' + dependsOn: + - buildMDS + - mds_package_validation + + variables: + - name: ob_release_environment + value: Test + - name: ob_release_usedeploymentjob + value: true + - name: ob_deploymentjob_environment + value: NuGet-DryRun + + jobs: + - template: /eng/pipelines/onebranch/jobs/publish-nuget-package-job.yml@self + parameters: + packageName: Microsoft.Data.SqlClient + artifactName: $(packageFolderName) + packagePath: Microsoft.Data.SqlClient.$(effectiveMDSPackageVersion).nupkg + nugetServiceConnection: $(NuGetServiceConnection) + isProduction: false + isDryRun: true + + - ${{ if eq(parameters.releaseAKVProvider, true) }}: + - stage: release_akv_provider + displayName: 'Release AKV Provider (Dry Run)' + dependsOn: + - build_addons + + variables: + - name: ob_release_environment + value: Test + - name: ob_release_usedeploymentjob + value: true + - name: ob_deploymentjob_environment + value: NuGet-DryRun + + jobs: + - template: /eng/pipelines/onebranch/jobs/publish-nuget-package-job.yml@self + parameters: + packageName: Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider + artifactName: $(akvPackageFolderName) + packagePath: Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.$(effectiveAkvPackageVersion).nupkg + nugetServiceConnection: $(NuGetServiceConnection) + isProduction: false + isDryRun: true diff --git a/eng/pipelines/onebranch/sqlclient-official.yml b/eng/pipelines/onebranch/sqlclient-official.yml new file mode 100644 index 0000000000..5c05f648c5 --- /dev/null +++ b/eng/pipelines/onebranch/sqlclient-official.yml @@ -0,0 +1,297 @@ +################################################################################# +# Licensed to the .NET Foundation under one or more agreements. # +# The .NET Foundation licenses this file to you under the MIT license. # +# See the LICENSE file in the project root for more information. # +################################################################################# + +name: $(Year:YY)$(DayOfYear)$(Rev:.r) +trigger: + branches: + include: + - internal/release/6.1 + paths: + include: + - src + - eng + - tools + - .config + - build.proj + - Nuget.config + - '*.cmd' + - '*.sh' + +schedules: +- cron: '0 5 * * Mon' + displayName: Weekly Sunday 10:00 PM (UTC - 7) Build + branches: + include: + - internal/release/6.1 + always: true + +parameters: # parameters are shown up in ADO UI in a build queue time +- name: 'debug' + displayName: 'Enable debug output' + type: boolean + default: true + +- name: publishSymbols + displayName: 'Publish symbols' + type: boolean + default: false + +- name: CurrentNetFxVersion + displayName: 'Lowest supported .NET Framework version (MDS validation)' + type: string + default: 'net462' + +- name: isPreview + displayName: 'Is this a preview build?' + type: boolean + default: false + +# The timeout, in minutes, for each test job. +- name: testsTimeout + displayName: 'Tests timeout (in minutes)' + type: string + default: 90 + +# Build the AKV Provider package. +- name: buildAKVProvider + displayName: 'Build Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider' + type: boolean + default: true + +# Release Dry Run (do not push to NuGet) +- name: releaseDryRun + displayName: 'Release Dry Run (do not push to NuGet)' + type: boolean + default: true + +# Release the Microsoft.Data.SqlClient package. +- name: releaseSqlClient + displayName: 'Release Microsoft.Data.SqlClient' + type: boolean + default: false + +# Release the AKV Provider package. +- name: releaseAKVProvider + displayName: 'Release Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider' + type: boolean + default: false + +variables: + - template: /eng/pipelines/onebranch/variables/variables.yml@self + - name: packageFolderName + value: drop_buildMDS_build_signed_package + - name: PublishSymbols + value: ${{ parameters['publishSymbols'] }} + - name: CurrentNetFxVersion + value: ${{ parameters['CurrentNetFxVersion'] }} + # The effective NuGet package version used by the release stage. + - ${{ if parameters.isPreview }}: + - name: effectiveMDSPackageVersion + value: $(PreviewNugetPackageVersion) + - name: effectiveAkvPackageVersion + value: $(akvPreviewPackageVersion) + - ${{ else }}: + - name: effectiveMDSPackageVersion + value: $(NugetPackageVersion) + - name: effectiveAkvPackageVersion + value: $(akvPackageVersion) + +resources: + repositories: + - repository: templates + type: git + name: OneBranch.Pipelines/GovernedTemplates + ref: refs/heads/main + +extends: + template: v2/OneBranch.Official.CrossPlat.yml@templates # https://aka.ms/obpipelines/templates + parameters: + release: + # This indicates the pipeline category to deploy Box products. See: + # https://eng.ms/docs/products/onebranch/release/yamlreleasepipelines/deployboxproducts + category: NonAzure + featureFlags: + # Suggested by MerlinBot (https://sqlclientdrivers.visualstudio.com/ADO.Net/_git/dotnet-sqlclient/pullrequest/4882) + EnableCDPxPAT: false + WindowsHostVersion: 1ESWindows2022 + globalSdl: # https://aka.ms/obpipelines/sdl + tsa: + # The OneBranch template will set 'break' to false for the other SDL + # tools when TSA is enabled. This allows TSA to gather the results + # and publish them for downstream analysis. + enabled: true + apiscan: + enabled: true + softwareFolder: $(softwareFolder) + symbolsFolder: $(symbolsFolder) + softwarename: Microsoft.Data.SqlClient + versionNumber: $(AssemblyFileVersion) + codeql: + compiled: + enabled: ${{ not(parameters['isPreview']) }} + sbom: + enabled: ${{ not(parameters['isPreview']) }} + packageName: Microsoft.Data.SqlClient + packageVersion: $(NugetPackageVersion) + policheck: + enabled: ${{ not(parameters['isPreview']) }} + break: true # always break the build on policheck issues. You can disable it by setting to 'false' + exclusionsFile: $(REPOROOT)\.config\PolicheckExclusions.xml + asyncSdl: + enabled: false + credscan: + enabled: ${{ not(parameters['isPreview']) }} + suppressionsFile: $(REPOROOT)/.config/CredScanSuppressions.json + binskim: + enabled: ${{ not(parameters['isPreview']) }} + armory: + enabled: ${{ not(parameters['isPreview']) }} + break: true + eslint: # TypeScript and JavaScript + enabled: false + roslyn: + enabled: ${{ not(parameters['isPreview']) }} + break: true + publishLogs: + enabled: ${{ not(parameters['isPreview']) }} + tsaOptionsPath: $(REPOROOT)\.config\tsaoptions.json + disableLegacyManifest: true + stages: + - stage: buildMDS + displayName: 'Build MDS' + jobs: + - template: /eng/pipelines/onebranch/jobs/build-signed-package-job.yml@self + parameters: + symbolsFolder: $(symbolsFolder) + softwareFolder: $(softwareFolder) + publishSymbols: ${{ parameters['publishSymbols'] }} + isPreview: ${{ parameters['isPreview'] }} + + - stage: mds_package_validation + displayName: 'MDS Package Validation' + dependsOn: buildMDS + jobs: + - template: /eng/pipelines/onebranch/jobs/validate-signed-package-job.yml@self + parameters: + packageFolderName: $(packageFolderName) + isPreview: ${{ parameters['isPreview'] }} + downloadPackageStep: + download: current + artifact: $(packageFolderName) + patterns: '**/*.*nupkg' + displayName: 'Download NuGet Package' + + - template: /eng/pipelines/onebranch/jobs/run-tests-package-reference-job.yml@self + parameters: + packageFolderName: $(packageFolderName) + isPreview: ${{ parameters['isPreview'] }} + timeout: ${{ parameters.testsTimeout }} + downloadPackageStep: + download: current + artifact: $(packageFolderName) + patterns: '**/*.nupkg' + displayName: 'Download NuGet Package' + + # ================================================================== + # Build Add-on Packages (AKV Provider) + # Depends on MDS build completing first. + # ================================================================== + - ${{ if eq(parameters.buildAKVProvider, true) }}: + - stage: build_addons + displayName: 'Build Add-on Packages' + dependsOn: buildMDS + + variables: + - name: PACKAGE_NAME + value: 'Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider' + + jobs: + - template: /eng/pipelines/onebranch/jobs/build-akv-official-job.yml@self + parameters: + apiScanDllPath: $(apiScanDllPath) + apiScanPdbPath: $(apiScanPdbPath) + assemblyFileVersion: $(akvAssemblyFileVersion) + buildConfiguration: Release + nugetPackageVersion: $(effectiveAkvPackageVersion) + mdsPackageVersion: $(akvMdsPackageVersion) + publishSymbols: ${{ parameters['publishSymbols'] }} + signingAppRegistrationClientId: $(SigningAppRegistrationClientId) + signingAppRegistrationTenantId: $(SigningAppRegistrationTenantId) + signingAuthAkvName: $(SigningAuthAkvName) + signingAuthSignCertName: $(SigningAuthSignCertName) + signingEsrpClientId: $(SigningEsrpClientId) + signingEsrpConnectedServiceName: $(SigningEsrpConnectedServiceName) + symbolsAzureSubscription: $(SymbolsAzureSubscription) + symbolsPublishProjectName: $(SymbolsPublishProjectName) + symbolsPublishServer: $(SymbolsPublishServer) + symbolsPublishTokenUri: $(SymbolsPublishTokenUri) + symbolsUploadAccount: $(SymbolsUploadAccount) + + # ================================================================== + # Release Stage — on-demand publish to NuGet.org + # + # Compile-time conditional: stage is removed entirely when no + # release parameters are selected, avoiding OneBranch validation + # errors for empty stages. + # + # Official pipeline → Production environment, approval gate, + # dryRun controlled by releaseDryRun parameter. + # Non-official → Test environment, dryRun always enforced. + # ================================================================== + - ${{ if eq(parameters.releaseSqlClient, true) }}: + - stage: release_sqlclient + ${{ if eq(parameters.releaseDryRun, true) }}: + displayName: 'Release Microsoft.Data.SqlClient (Dry Run)' + ${{ else }}: + displayName: 'Release Microsoft.Data.SqlClient' + dependsOn: + - buildMDS + - mds_package_validation + + variables: + - name: ob_release_environment + value: Production + - name: ob_release_usedeploymentjob + value: true + - name: ob_deploymentjob_environment + value: NuGet-Production + + jobs: + - template: /eng/pipelines/onebranch/jobs/publish-nuget-package-job.yml@self + parameters: + packageName: Microsoft.Data.SqlClient + artifactName: $(packageFolderName) + packagePath: Microsoft.Data.SqlClient.$(effectiveMDSPackageVersion).nupkg + nugetServiceConnection: $(NuGetServiceConnection) + isProduction: true + isDryRun: ${{ parameters.releaseDryRun }} + + - ${{ if eq(parameters.releaseAKVProvider, true) }}: + - stage: release_akv_provider + ${{ if eq(parameters.releaseDryRun, true) }}: + displayName: 'Release AKV Provider (Dry Run)' + ${{ else }}: + displayName: 'Release AKV Provider' + dependsOn: + - build_addons + + variables: + - name: ob_release_environment + value: Production + - name: ob_release_usedeploymentjob + value: true + - name: ob_deploymentjob_environment + value: NuGet-Production + + jobs: + - template: /eng/pipelines/onebranch/jobs/publish-nuget-package-job.yml@self + parameters: + packageName: Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider + artifactName: $(akvPackageFolderName) + packagePath: Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.$(effectiveAkvPackageVersion).nupkg + nugetServiceConnection: $(NuGetServiceConnection) + isProduction: true + isDryRun: ${{ parameters.releaseDryRun }} diff --git a/eng/pipelines/common/templates/steps/build-all-configurations-signed-dlls-step.yml b/eng/pipelines/onebranch/steps/build-all-configurations-signed-dlls-step.yml similarity index 100% rename from eng/pipelines/common/templates/steps/build-all-configurations-signed-dlls-step.yml rename to eng/pipelines/onebranch/steps/build-all-configurations-signed-dlls-step.yml diff --git a/eng/pipelines/common/templates/steps/code-analyze-step.yml b/eng/pipelines/onebranch/steps/code-analyze-step.yml similarity index 100% rename from eng/pipelines/common/templates/steps/code-analyze-step.yml rename to eng/pipelines/onebranch/steps/code-analyze-step.yml diff --git a/eng/pipelines/steps/compound-build-akv-step.yml b/eng/pipelines/onebranch/steps/compound-build-akv-step.yml similarity index 100% rename from eng/pipelines/steps/compound-build-akv-step.yml rename to eng/pipelines/onebranch/steps/compound-build-akv-step.yml diff --git a/eng/pipelines/steps/compound-esrp-code-signing-step.yml b/eng/pipelines/onebranch/steps/compound-esrp-code-signing-step.yml similarity index 100% rename from eng/pipelines/steps/compound-esrp-code-signing-step.yml rename to eng/pipelines/onebranch/steps/compound-esrp-code-signing-step.yml diff --git a/eng/pipelines/steps/compound-extract-akv-apiscan-files-step.yml b/eng/pipelines/onebranch/steps/compound-extract-akv-apiscan-files-step.yml similarity index 100% rename from eng/pipelines/steps/compound-extract-akv-apiscan-files-step.yml rename to eng/pipelines/onebranch/steps/compound-extract-akv-apiscan-files-step.yml diff --git a/eng/pipelines/steps/compound-nuget-pack-step.yml b/eng/pipelines/onebranch/steps/compound-nuget-pack-step.yml similarity index 100% rename from eng/pipelines/steps/compound-nuget-pack-step.yml rename to eng/pipelines/onebranch/steps/compound-nuget-pack-step.yml diff --git a/eng/pipelines/steps/compound-publish-symbols-step.yml b/eng/pipelines/onebranch/steps/compound-publish-symbols-step.yml similarity index 100% rename from eng/pipelines/steps/compound-publish-symbols-step.yml rename to eng/pipelines/onebranch/steps/compound-publish-symbols-step.yml diff --git a/eng/pipelines/common/templates/steps/copy-dlls-for-test-step.yml b/eng/pipelines/onebranch/steps/copy-dlls-for-test-step.yml similarity index 100% rename from eng/pipelines/common/templates/steps/copy-dlls-for-test-step.yml rename to eng/pipelines/onebranch/steps/copy-dlls-for-test-step.yml diff --git a/eng/pipelines/common/templates/steps/esrp-code-signing-step.yml b/eng/pipelines/onebranch/steps/esrp-code-signing-step.yml similarity index 100% rename from eng/pipelines/common/templates/steps/esrp-code-signing-step.yml rename to eng/pipelines/onebranch/steps/esrp-code-signing-step.yml diff --git a/eng/pipelines/common/templates/steps/publish-symbols-step.yml b/eng/pipelines/onebranch/steps/publish-symbols-step.yml similarity index 100% rename from eng/pipelines/common/templates/steps/publish-symbols-step.yml rename to eng/pipelines/onebranch/steps/publish-symbols-step.yml diff --git a/eng/pipelines/steps/roslyn-analyzers-akv-step.yml b/eng/pipelines/onebranch/steps/roslyn-analyzers-akv-step.yml similarity index 100% rename from eng/pipelines/steps/roslyn-analyzers-akv-step.yml rename to eng/pipelines/onebranch/steps/roslyn-analyzers-akv-step.yml diff --git a/eng/pipelines/steps/script-output-environment-variables-step.yml b/eng/pipelines/onebranch/steps/script-output-environment-variables-step.yml similarity index 100% rename from eng/pipelines/steps/script-output-environment-variables-step.yml rename to eng/pipelines/onebranch/steps/script-output-environment-variables-step.yml diff --git a/eng/pipelines/libraries/build-variables.yml b/eng/pipelines/onebranch/variables/build-variables.yml similarity index 100% rename from eng/pipelines/libraries/build-variables.yml rename to eng/pipelines/onebranch/variables/build-variables.yml diff --git a/eng/pipelines/onebranch/variables/common-variables.yml b/eng/pipelines/onebranch/variables/common-variables.yml new file mode 100644 index 0000000000..91260f89f0 --- /dev/null +++ b/eng/pipelines/onebranch/variables/common-variables.yml @@ -0,0 +1,115 @@ +################################################################################# +# Licensed to the .NET Foundation under one or more agreements. # +# The .NET Foundation licenses this file to you under the MIT license. # +# See the LICENSE file in the project root for more information. # +################################################################################# + +variables: + - group: ESRP Federated Creds (AME) + # ESRPConnectedServiceName + # ESRPClientId + # AppRegistrationClientId + # AppRegistrationTenantId + # AuthAKVName + # AuthSignCertName + + - name: Configuration + value: Release + - name: CommitHead + value: '' # the value will be extracted from the repo's head + - name: REPOROOT + value: $(Build.SourcesDirectory) + - name: softwareFolder + value: $(REPOROOT)/software + - name: symbolsFolder + value: $(REPOROOT)/symbols + - name: artifactDirectory + value: '$(REPOROOT)/packages' + + # Update this after every release. This is used to generate the MDS NuGet package version. + - name: Major + value: '6' + - name: Minor + value: '1' + - name: Patch + value: '1' + + # Update this for preview releases. + - name: Preview + value: '-preview' + - name: Revision + value: '3' + + - name: NugetPackageVersion + value: $(Major).$(Minor).$(Patch) + - name: PreviewNugetPackageVersion + value: $(Major).$(Minor).$(Patch)$(Preview)$(Revision).$(Build.BuildNumber) + - name: AssemblyFileVersion + value: '$(Major).$(Minor)$(Patch).$(Build.BuildNumber)' + - name: nuspecPath + value: '$(REPOROOT)/tools/specs/Microsoft.Data.SqlClient.nuspec' + + # NuGet service connection used by the release stage to push packages. + # This should match the name of an ADO service connection configured with + # NuGet.org credentials (API key or federated auth). + - name: NuGetServiceConnection + value: ADO Nuget Org Connection + + # ---------------------------------------------------------------------------- + # AKV Provider Package Versions + # + # These are version values that will be used by the official build. They + # should be updated after each release to reflect the next release's versions. + + - name: akvVersionMajor + value: '6' + - name: akvVersionMinor + value: '1' + - name: akvVersionPatch + value: '2' + - name: akvVersionPreview + value: '-preview1' + + - name: akvPackageVersion + value: $(akvVersionMajor).$(akvVersionMinor).$(akvVersionPatch) + - name: akvPreviewPackageVersion + value: $(akvVersionMajor).$(akvVersionMinor).$(akvVersionPatch)$(akvVersionPreview).$(Build.BuildNumber) + - name: akvAssemblyFileVersion + value: '$(akvVersionMajor).$(akvVersionMinor)$(akvVersionPatch).$(Build.BuildNumber)' + - name: akvMdsPackageVersion + value: $(Major).$(Minor).$(Patch) + - name: akvNuspecPath + value: '$(REPOROOT)/tools/specs/add-ons/Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.nuspec' + + # AKV Provider artifact name (drop__) + - name: akvPackageFolderName + value: drop_build_addons_buildSignedAkvPackage + + # AKV ApiScan paths + - name: apiScanDllPath + value: '$(Build.SourcesDirectory)/apiScan/dlls' + - name: apiScanPdbPath + value: '$(Build.SourcesDirectory)/apiScan/pdbs' + + # ---------------------------------------------------------------------------- + # Symbols Publishing + # + # Credentials for publishing symbols to symbol servers. + - group: 'akv-variables-v2' + # SymbolsAzureSubscription + # SymbolsPublishProjectName + # SymbolsPublishServer + # SymbolsPublishTokenUri + # SymbolsUploadAccount + + # ---------------------------------------------------------------------------- + # ESRP Signing (AKV pipeline) + # + # Signing credentials used by the AKV build job. + - group: 'esrp-variables-v2' + # SigningAppRegistrationClientId + # SigningAppRegistrationTenantId + # SigningAuthAkvName + # SigningAuthSignCertName + # SigningEsrpClientId + # SigningEsrpConnectedServiceName diff --git a/eng/pipelines/libraries/mds-validation-variables.yml b/eng/pipelines/onebranch/variables/mds-validation-variables.yml similarity index 100% rename from eng/pipelines/libraries/mds-validation-variables.yml rename to eng/pipelines/onebranch/variables/mds-validation-variables.yml diff --git a/eng/pipelines/libraries/mds-variables.yml b/eng/pipelines/onebranch/variables/mds-variables.yml similarity index 100% rename from eng/pipelines/libraries/mds-variables.yml rename to eng/pipelines/onebranch/variables/mds-variables.yml diff --git a/eng/pipelines/libraries/variables.yml b/eng/pipelines/onebranch/variables/variables.yml similarity index 100% rename from eng/pipelines/libraries/variables.yml rename to eng/pipelines/onebranch/variables/variables.yml diff --git a/eng/pipelines/variables/akv-official-variables.yml b/eng/pipelines/variables/akv-official-variables.yml deleted file mode 100644 index 30176ac98b..0000000000 --- a/eng/pipelines/variables/akv-official-variables.yml +++ /dev/null @@ -1,44 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# - -# @TODO: These seem to only really apply to official builds. Name should probably be adjusted to match. - -variables: - # @TODO: If symbols variables are indeed shared between projects and not expected to change - # then they can be removed from this variable group. - - group: 'akv-variables-v2' - # SymbolsAzureSubscription - # SymbolsPublishProjectName - # SymbolsPublishServer - # SymbolsPublishTokenUri - # SymbolsUploadAccount - - # Well-Known Variables ------------------------------------------------- - - name: PACKAGE_NAME - value: 'Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider' - - # Base Variables ------------------------------------------------------- - - name: mdsPackageVersion - value: '6.1.1' - - # @TODO: Version should ideally be pulled from one location (versions.props?) - - name: versionMajor - value: '6' - - name: versionMinor - value: '1' - - name: versionPatch - value: '2' - - name: versionPreview - value: '-preview1' - - # Compound Variables --------------------------------------------------- - - name: assemblyFileVersion - value: '${{ variables.versionMajor }}.${{ variables.versionMinor }}${{ variables.versionPatch }}.$(Build.BuildNumber)' - - name: nugetPackageVersion - value: '${{ variables.versionMajor }}.${{ variables.versionMinor }}.${{ variables.versionPatch }}' - #value: '${{ variables.versionMajor }}.${{ variables.versionMinor }}.${{ variables.versionPatch }}${{ variables.versionPreview }}' - - diff --git a/eng/pipelines/variables/common-variables.yml b/eng/pipelines/variables/common-variables.yml deleted file mode 100644 index 1486c3c227..0000000000 --- a/eng/pipelines/variables/common-variables.yml +++ /dev/null @@ -1,19 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# - -variables: - # Well-known paths - - name: REPO_ROOT - value: '$(Build.SourcesDirectory)' - readonly: true - - - name: BUILD_OUTPUT - value: '$(Build.SourcesDirectory)/artifacts' - readonly: true - - - name: ARTIFACT_PATH - value: '$(Build.SourcesDirectory)/packages' - readonly: true diff --git a/eng/pipelines/variables/esrp-signing-variables.yml b/eng/pipelines/variables/esrp-signing-variables.yml deleted file mode 100644 index 15d920759f..0000000000 --- a/eng/pipelines/variables/esrp-signing-variables.yml +++ /dev/null @@ -1,17 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# - -# These variables are used for running ESRP signing tasks. All names start with "Signing" to make -# it clear that these variables are used for signing (as opposed to other msc tasks). - -variables: - - group: 'esrp-variables-v2' - # SigningAppRegistrationClientId - # SigningAppRegistrationTenantId - # SigningAuthAkvName - # SigningAuthSignCertName - # SigningEsrpClientId - # SigningEsrpConnectedServiceName diff --git a/eng/pipelines/variables/onebranch-variables.yml b/eng/pipelines/variables/onebranch-variables.yml deleted file mode 100644 index 1a8ffadec5..0000000000 --- a/eng/pipelines/variables/onebranch-variables.yml +++ /dev/null @@ -1,21 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# - -variables: - # Variables defined by us ---------------------------------------------- - - name: apiScanDllPath - value: '$(Build.SourcesDirectory)/apiScan/dlls' - - - name: apiScanPdbPath - value: '$(Build.SourcesDirectory)/apiScan/pdbs' - - # Variables defined by OneBranch --------------------------------------- - - name: Packaging.EnableSBOMSigning - value: true - - - # Docker image which is used to build the project https://aka.ms/obpipelines/containers - name: WindowsContainerImage - value: 'onebranch.azurecr.io/windows/ltsc2022/vse2022:latest' From b9ae937365b8f8e4d0274d94d934586c9b95727b Mon Sep 17 00:00:00 2001 From: Cheena Malhotra Date: Tue, 10 Mar 2026 23:57:49 -0700 Subject: [PATCH 02/15] Update ESRP tasks to v6 --- .../onebranch/steps/compound-esrp-code-signing-step.yml | 8 ++++---- eng/pipelines/onebranch/steps/esrp-code-signing-step.yml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/eng/pipelines/onebranch/steps/compound-esrp-code-signing-step.yml b/eng/pipelines/onebranch/steps/compound-esrp-code-signing-step.yml index 1eedc78c48..07a6934724 100644 --- a/eng/pipelines/onebranch/steps/compound-esrp-code-signing-step.yml +++ b/eng/pipelines/onebranch/steps/compound-esrp-code-signing-step.yml @@ -33,7 +33,7 @@ parameters: steps: - ${{ if eq(parameters.artifactType, 'dll') }}: - - task: EsrpMalwareScanning@5 + - task: EsrpMalwareScanning@6 displayName: 'ESRP Malware Scanning Code' inputs: AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' @@ -46,7 +46,7 @@ steps: UseMSIAuthentication: true VerboseLogin: 1 - - task: EsrpCodeSigning@5 + - task: EsrpCodeSigning@6 displayName: 'ESRP Signing Code' inputs: AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' @@ -100,7 +100,7 @@ steps: ] - ${{ else }}: - - task: EsrpMalwareScanning@5 + - task: EsrpMalwareScanning@6 displayName: 'ESRP Malware Scanning NuGet Package' inputs: AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' @@ -113,7 +113,7 @@ steps: UseMSIAuthentication: true VerboseLogin: 1 - - task: EsrpCodeSigning@5 + - task: EsrpCodeSigning@6 displayName: 'ESRP Signing NuGet Package' inputs: AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' diff --git a/eng/pipelines/onebranch/steps/esrp-code-signing-step.yml b/eng/pipelines/onebranch/steps/esrp-code-signing-step.yml index e9d62ad074..9d90219e0f 100644 --- a/eng/pipelines/onebranch/steps/esrp-code-signing-step.yml +++ b/eng/pipelines/onebranch/steps/esrp-code-signing-step.yml @@ -43,7 +43,7 @@ parameters: steps: - ${{ if eq(parameters.artifactType, 'dll') }}: - - task: EsrpMalwareScanning@5 + - task: EsrpMalwareScanning@6 displayName: 'ESRP MalwareScanning' inputs: ConnectedServiceName: '${{parameters.ESRPConnectedServiceName }}' @@ -55,7 +55,7 @@ steps: Pattern: '*.dll' CleanupTempStorage: 1 VerboseLogin: 1 - - task: EsrpCodeSigning@5 + - task: EsrpCodeSigning@6 displayName: 'ESRP CodeSigning' inputs: ConnectedServiceName: '${{parameters.ESRPConnectedServiceName }}' @@ -108,7 +108,7 @@ steps: ] - ${{ if eq(parameters.artifactType, 'pkg') }}: - - task: EsrpMalwareScanning@5 + - task: EsrpMalwareScanning@6 displayName: 'ESRP MalwareScanning Nuget Package' inputs: ConnectedServiceName: '${{parameters.ESRPConnectedServiceName }}' @@ -120,7 +120,7 @@ steps: Pattern: '*.*nupkg' CleanupTempStorage: 1 VerboseLogin: 1 - - task: EsrpCodeSigning@5 + - task: EsrpCodeSigning@6 displayName: 'ESRP CodeSigning Nuget Package' inputs: inputs: From 7162273539b856d240936c336d3edb615eb91bb8 Mon Sep 17 00:00:00 2001 From: Cheena Malhotra Date: Thu, 9 Apr 2026 13:39:20 -0700 Subject: [PATCH 03/15] Install .NEY 10 and update ESRP variables in use. --- .../onebranch/steps/esrp-code-signing-step.yml | 12 ++++++------ eng/pipelines/steps/install-dotnet.yml | 4 +++- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/eng/pipelines/onebranch/steps/esrp-code-signing-step.yml b/eng/pipelines/onebranch/steps/esrp-code-signing-step.yml index 9d90219e0f..5a8e538823 100644 --- a/eng/pipelines/onebranch/steps/esrp-code-signing-step.yml +++ b/eng/pipelines/onebranch/steps/esrp-code-signing-step.yml @@ -19,27 +19,27 @@ parameters: - name: ESRPConnectedServiceName type: string - default: $(ESRPConnectedServiceName) + default: $(SigningESRPConnectedServiceName) - name: appRegistrationClientId type: string - default: $(appRegistrationClientId) + default: $(SigningAppRegistrationClientId) - name: appRegistrationTenantId type: string - default: $(appRegistrationTenantId) + default: $(SigningAppRegistrationTenantId) - name: AuthAKVName type: string - default: $(AuthAKVName) + default: $(SigningAuthAKVName) - name: AuthSignCertName type: string - default: $(AuthSignCertName) + default: $(SigningAuthSignCertName) - name: EsrpClientId type: string - default: $(EsrpClientId) + default: $(SigningEsrpClientId) steps: - ${{ if eq(parameters.artifactType, 'dll') }}: diff --git a/eng/pipelines/steps/install-dotnet.yml b/eng/pipelines/steps/install-dotnet.yml index 5b0c413475..6408b49a36 100644 --- a/eng/pipelines/steps/install-dotnet.yml +++ b/eng/pipelines/steps/install-dotnet.yml @@ -45,9 +45,11 @@ parameters: # # https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/reference/use-dotnet-v2 # + # 10.x: Install .NET 10 for ESRP code signing tasks for official builds. + # - name: runtimes type: object - default: [] + default: [10.x] steps: From 255ed126de4dc604742cc506af31062d9a2fa26c Mon Sep 17 00:00:00 2001 From: Cheena Malhotra Date: Thu, 9 Apr 2026 13:39:20 -0700 Subject: [PATCH 04/15] Install .NET 10, address official build requirements, and update ESRP variables in use. --- .../onebranch/jobs/build-akv-official-job.yml | 42 ++--- .../jobs/build-signed-package-job.yml | 18 ++- .../onebranch/sqlclient-non-official.yml | 15 +- .../steps/compound-esrp-code-signing-step.yml | 145 ------------------ .../steps/esrp-code-signing-step.yml | 12 +- eng/pipelines/steps/install-dotnet.yml | 4 +- 6 files changed, 47 insertions(+), 189 deletions(-) delete mode 100644 eng/pipelines/onebranch/steps/compound-esrp-code-signing-step.yml diff --git a/eng/pipelines/onebranch/jobs/build-akv-official-job.yml b/eng/pipelines/onebranch/jobs/build-akv-official-job.yml index 05f81726b0..d9e0888b0b 100644 --- a/eng/pipelines/onebranch/jobs/build-akv-official-job.yml +++ b/eng/pipelines/onebranch/jobs/build-akv-official-job.yml @@ -16,6 +16,7 @@ parameters: - name: buildConfiguration type: string + default: Release - name: nugetPackageVersion type: string @@ -26,38 +27,53 @@ parameters: - name: publishSymbols type: boolean + - name: isOfficialBuild + type: boolean + default: false + - name: signingAppRegistrationClientId type: string + default: $(SigningAppRegistrationClientId) - name: signingAppRegistrationTenantId type: string + default: $(SigningAppRegistrationTenantId) - name: signingAuthAkvName type: string + default: $(SigningAuthAkvName) - name: signingAuthSignCertName type: string + default: $(SigningAuthSignCertName) - name: signingEsrpClientId type: string + default: $(SigningEsrpClientId) - name: signingEsrpConnectedServiceName type: string + default: $(SigningEsrpConnectedServiceName) - name: symbolsAzureSubscription type: string + default: $(SymbolsAzureSubscription) - name: symbolsPublishProjectName type: string + default: $(SymbolsPublishProjectName) - name: symbolsPublishServer type: string + default: $(SymbolsPublishServer) - name: symbolsPublishTokenUri type: string + default: $(SymbolsPublishTokenUri) - name: symbolsUploadAccount type: string + default: $(SymbolsUploadAccount) # @TODO: This should be determined from build output, or at a higher level - # Note: not intended to be passed in, is only used for copying files for ApiScan. @@ -107,15 +123,10 @@ jobs: mdsPackageVersion: '${{ parameters.mdsPackageVersion }}' signingKeyPath: '$(Agent.TempDirectory)/netfxKeypair.snk' - - template: ../steps/compound-esrp-code-signing-step.yml@self - parameters: - appRegistrationClientId: '${{ parameters.signingAppRegistrationClientId }}' - appRegistrationTenantId: '${{ parameters.signingAppRegistrationTenantId }}' - artifactType: 'dll' - authAkvName: '${{ parameters.signingAuthAkvName }}' - authSignCertName: '${{ parameters.signingAuthSignCertName }}' - esrpClientId: '${{ parameters.signingEsrpClientId }}' - esrpConnectedServiceName: '${{ parameters.signingEsrpConnectedServiceName }}' + - if eq(${{ parameters.isOfficialBuild }}, 'true'): + - template: ../steps/esrp-code-signing-step.yml@self + parameters: + artifactType: 'dll' - template: ../steps/compound-nuget-pack-step.yml@self parameters: @@ -126,15 +137,10 @@ jobs: outputDirectory: '$(ARTIFACT_PATH)' referenceType: 'Package' - - template: ../steps/compound-esrp-code-signing-step.yml@self - parameters: - appRegistrationClientId: '${{ parameters.signingAppRegistrationClientId }}' - appRegistrationTenantId: '${{ parameters.signingAppRegistrationTenantId }}' - artifactType: 'pkg' - authAkvName: '${{ parameters.signingAuthAkvName }}' - authSignCertName: '${{ parameters.signingAuthSignCertName }}' - esrpClientId: '${{ parameters.signingEsrpClientId }}' - esrpConnectedServiceName: '${{ parameters.signingEsrpConnectedServiceName }}' + - if eq(${{ parameters.isOfficialBuild }}, 'true'): + - template: ../steps/esrp-code-signing-step.yml@self + parameters: + artifactType: pkg - ${{ if parameters.publishSymbols }}: - template: ../steps/compound-publish-symbols-step.yml@self diff --git a/eng/pipelines/onebranch/jobs/build-signed-package-job.yml b/eng/pipelines/onebranch/jobs/build-signed-package-job.yml index 3c1868be82..27c2ee07ff 100644 --- a/eng/pipelines/onebranch/jobs/build-signed-package-job.yml +++ b/eng/pipelines/onebranch/jobs/build-signed-package-job.yml @@ -18,6 +18,10 @@ parameters: - name: isPreview type: boolean + - name: isOfficialBuild + type: boolean + default: false + jobs: - job: build_signed_package displayName: 'Build Signed MDS Package' @@ -44,17 +48,19 @@ jobs: parameters: analyzeType: all - - template: ../steps/esrp-code-signing-step.yml@self - parameters: - artifactType: dll + - if eq(${{ variables['isOfficialBuild'] }}, 'true'): + - template: ../steps/esrp-code-signing-step.yml@self + parameters: + artifactType: dll - template: /eng/pipelines/common/templates/steps/generate-nuget-package-step.yml@self parameters: OutputDirectory: $(artifactDirectory) - - template: ../steps/esrp-code-signing-step.yml@self - parameters: - artifactType: pkg + - if eq(${{ variables['isOfficialBuild'] }}, 'true'): + - template: ../steps/esrp-code-signing-step.yml@self + parameters: + artifactType: pkg - template: ../steps/copy-dlls-for-test-step.yml@self parameters: diff --git a/eng/pipelines/onebranch/sqlclient-non-official.yml b/eng/pipelines/onebranch/sqlclient-non-official.yml index ad11ad5bbc..ad45352ae1 100644 --- a/eng/pipelines/onebranch/sqlclient-non-official.yml +++ b/eng/pipelines/onebranch/sqlclient-non-official.yml @@ -207,22 +207,11 @@ extends: apiScanDllPath: $(apiScanDllPath) apiScanPdbPath: $(apiScanPdbPath) assemblyFileVersion: $(akvAssemblyFileVersion) - buildConfiguration: Release nugetPackageVersion: $(effectiveAkvPackageVersion) mdsPackageVersion: $(akvMdsPackageVersion) publishSymbols: ${{ parameters['publishSymbols'] }} - signingAppRegistrationClientId: $(SigningAppRegistrationClientId) - signingAppRegistrationTenantId: $(SigningAppRegistrationTenantId) - signingAuthAkvName: $(SigningAuthAkvName) - signingAuthSignCertName: $(SigningAuthSignCertName) - signingEsrpClientId: $(SigningEsrpClientId) - signingEsrpConnectedServiceName: $(SigningEsrpConnectedServiceName) - symbolsAzureSubscription: $(SymbolsAzureSubscription) - symbolsPublishProjectName: $(SymbolsPublishProjectName) - symbolsPublishServer: $(SymbolsPublishServer) - symbolsPublishTokenUri: $(SymbolsPublishTokenUri) - symbolsUploadAccount: $(SymbolsUploadAccount) - + isOfficialBuild: false + # ================================================================== # Release Stage — on-demand publish to NuGet.org # diff --git a/eng/pipelines/onebranch/steps/compound-esrp-code-signing-step.yml b/eng/pipelines/onebranch/steps/compound-esrp-code-signing-step.yml deleted file mode 100644 index 07a6934724..0000000000 --- a/eng/pipelines/onebranch/steps/compound-esrp-code-signing-step.yml +++ /dev/null @@ -1,145 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# - -parameters: - - name: appRegistrationClientId - type: string - - - name: appRegistrationTenantId - type: string - - - # Name of the Azure Key Vault to retrieve certificates from. - # note: This has nothing to do with the AKV provider package. - name: authAkvName - type: string - - - name: authSignCertName - type: string - - - name: artifactType - type: string - values: - - dll - - pkg - - - name: esrpConnectedServiceName - type: string - - - name: esrpClientId - type: string - -steps: - - ${{ if eq(parameters.artifactType, 'dll') }}: - - task: EsrpMalwareScanning@6 - displayName: 'ESRP Malware Scanning Code' - inputs: - AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' - AppRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}' - CleanupTempStorage: 1 - ConnectedServiceName: '${{ parameters.esrpConnectedServiceName }}' - EsrpClientId: '${{ parameters.esrpClientId }}' - FolderPath: '$(BUILD_OUTPUT)' - Pattern: '*.dll' - UseMSIAuthentication: true - VerboseLogin: 1 - - - task: EsrpCodeSigning@6 - displayName: 'ESRP Signing Code' - inputs: - AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' - AppRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}' - AuthAKVName: '${{ parameters.authAkvName }}' - AuthSignCertName: '${{ parameters.authSignCertName }}' - ConnectedServiceName: '${{ parameters.esrpConnectedServiceName }}' - EsrpClientId: '${{ parameters.esrpClientId }}' - FolderPath: '$(BUILD_OUTPUT)' - Pattern: '*.dll' - signConfigType: 'inlineSignParams' - UseMSIAuthentication: true - inlineOperation: | - [ - { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolSign", - "parameters": - [ - { - "parameterName": "OpusName", - "parameterValue": "Microsoft Data SqlClient Data Provider for SQL Server" - }, - { - "parameterName": "OpusInfo", - "parameterValue": "http://www.microsoft.com" - }, - { - "parameterName": "FileDigest", - "parameterValue": "/fd \"SHA256\"" - }, - { - "parameterName": "PageHash", - "parameterValue": "/NPH" - }, - { - "parameterName": "TimeStamp", - "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" - } - ], - "toolName": "sign", - "toolVersion": "1.0" - }, - { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolVerify", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - } - ] - - - ${{ else }}: - - task: EsrpMalwareScanning@6 - displayName: 'ESRP Malware Scanning NuGet Package' - inputs: - AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' - AppRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}' - CleanupTempStorage: 1 - ConnectedServiceName: '${{ parameters.esrpConnectedServiceName }}' - EsrpClientId: '${{ parameters.esrpClientId }}' - FolderPath: '$(ARTIFACT_PATH)' - Pattern: '*.*nupkg' - UseMSIAuthentication: true - VerboseLogin: 1 - - - task: EsrpCodeSigning@6 - displayName: 'ESRP Signing NuGet Package' - inputs: - AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' - AppRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}' - ConnectedServiceName: '${{ parameters.esrpConnectedServiceName }}' - EsrpClientId: '${{ parameters.esrpClientId }}' - AuthAKVName: '${{ parameters.authAkvName }}' - AuthSignCertName: '${{ parameters.authSignCertName }}' - FolderPath: '$(ARTIFACT_PATH)' - Pattern: '*.*nupkg' - signConfigType: 'inlineSignParams' - UseMSIAuthentication: true - inlineOperation: | - [ - { - "keyCode": "CP-401405", - "operationSetCode": "NuGetSign", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - }, - { - "keyCode": "CP-401405", - "operationSetCode": "NuGetVerify", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - } - ] diff --git a/eng/pipelines/onebranch/steps/esrp-code-signing-step.yml b/eng/pipelines/onebranch/steps/esrp-code-signing-step.yml index 9d90219e0f..5a8e538823 100644 --- a/eng/pipelines/onebranch/steps/esrp-code-signing-step.yml +++ b/eng/pipelines/onebranch/steps/esrp-code-signing-step.yml @@ -19,27 +19,27 @@ parameters: - name: ESRPConnectedServiceName type: string - default: $(ESRPConnectedServiceName) + default: $(SigningESRPConnectedServiceName) - name: appRegistrationClientId type: string - default: $(appRegistrationClientId) + default: $(SigningAppRegistrationClientId) - name: appRegistrationTenantId type: string - default: $(appRegistrationTenantId) + default: $(SigningAppRegistrationTenantId) - name: AuthAKVName type: string - default: $(AuthAKVName) + default: $(SigningAuthAKVName) - name: AuthSignCertName type: string - default: $(AuthSignCertName) + default: $(SigningAuthSignCertName) - name: EsrpClientId type: string - default: $(EsrpClientId) + default: $(SigningEsrpClientId) steps: - ${{ if eq(parameters.artifactType, 'dll') }}: diff --git a/eng/pipelines/steps/install-dotnet.yml b/eng/pipelines/steps/install-dotnet.yml index 5b0c413475..6408b49a36 100644 --- a/eng/pipelines/steps/install-dotnet.yml +++ b/eng/pipelines/steps/install-dotnet.yml @@ -45,9 +45,11 @@ parameters: # # https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/reference/use-dotnet-v2 # + # 10.x: Install .NET 10 for ESRP code signing tasks for official builds. + # - name: runtimes type: object - default: [] + default: [10.x] steps: From 97983e8f953aa4b6f9274308a1f36c7af9aa102a Mon Sep 17 00:00:00 2001 From: Cheena Malhotra Date: Thu, 9 Apr 2026 14:18:56 -0700 Subject: [PATCH 05/15] Minor touch-ups --- eng/pipelines/onebranch/jobs/build-signed-package-job.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/eng/pipelines/onebranch/jobs/build-signed-package-job.yml b/eng/pipelines/onebranch/jobs/build-signed-package-job.yml index 106b5dc51b..89484bb746 100644 --- a/eng/pipelines/onebranch/jobs/build-signed-package-job.yml +++ b/eng/pipelines/onebranch/jobs/build-signed-package-job.yml @@ -65,9 +65,11 @@ jobs: - template: ../steps/copy-dlls-for-test-step.yml@self parameters: product: MDS + symbolsFolder: ${{ parameters['symbolsFolder'] }} + softwareFolder: ${{ parameters['softwareFolder'] }} # Publish symbols to servers - template: ../steps/publish-symbols-step.yml@self parameters: publishSymbols: ${{ parameters['publishSymbols'] }} - symbolsArtifactName: mds_symbols_$(System.TeamProject)_$(Build.Repository.Name)_$(Build.SourceBranchName)_$(NuGetPackageVersion)_$(System.TimelineId) + symbolsArtifactName: mds_symbols_$(System.TeamProject)_$(Build.Repository.Name)_$(Build.SourceBranchName)_$(NugetPackageVersion)_$(System.TimelineId) From fbdac7ba912cbf19a90b1a7d180bebc509b3d479 Mon Sep 17 00:00:00 2001 From: Cheena Malhotra Date: Thu, 9 Apr 2026 21:37:56 -0700 Subject: [PATCH 06/15] Skip signature validation in non-official + .net sdk upgrade --- .../jobs/validate-signed-package-job.yml | 37 +++++++++++-------- global.json | 2 +- 2 files changed, 22 insertions(+), 17 deletions(-) diff --git a/eng/pipelines/onebranch/jobs/validate-signed-package-job.yml b/eng/pipelines/onebranch/jobs/validate-signed-package-job.yml index 390ca64eca..a6599e23bc 100644 --- a/eng/pipelines/onebranch/jobs/validate-signed-package-job.yml +++ b/eng/pipelines/onebranch/jobs/validate-signed-package-job.yml @@ -36,6 +36,10 @@ parameters: - name: isPreview type: boolean + - name: isOfficialBuild + type: boolean + default: false + jobs: - job: validate_signed_package displayName: 'Verify signed package' @@ -105,23 +109,24 @@ jobs: Write-Host "--------------------------------------------------" displayName: 'Extract Nuget in temp folder' - - powershell: | - # Artifact is stored in the Nuget folder - $packageType = '${{parameters.packageType}}' + - ${{ if eq(parameters.isOfficialBuild, true) }}: + - powershell: | + # Artifact is stored in the Nuget folder + $packageType = '${{parameters.packageType}}' - Write-Host "--------------------------------------------------" - Write-Host "This will verify the artifact signature" -ForegroundColor Green - Write-Host "--------------------------------------------------" - - if ($packageType -eq 'dll' -or $packageType -eq 'both') - { - nuget verify -All $(pathToDownloadedNuget)\*.nupkg - } - if ($packageType -eq 'pdb' -or $packageType -eq 'both') - { - nuget verify -All $(pathToDownloadedNuget)\*.snupkg - } - displayName: 'Verify nuget signature' + Write-Host "--------------------------------------------------" + Write-Host "This will verify the artifact signature" -ForegroundColor Green + Write-Host "--------------------------------------------------" + + if ($packageType -eq 'dll' -or $packageType -eq 'both') + { + nuget verify -All $(pathToDownloadedNuget)\*.nupkg + } + if ($packageType -eq 'pdb' -or $packageType -eq 'both') + { + nuget verify -All $(pathToDownloadedNuget)\*.snupkg + } + displayName: 'Verify nuget signature' - powershell: | $buildType = [string]"$(BuildType)" diff --git a/global.json b/global.json index 836b730053..ca7945da47 100644 --- a/global.json +++ b/global.json @@ -15,7 +15,7 @@ // system, etc.) may use their own installed SDKs unless configured // otherwise. // - "version": "9.0.309", + "version": "9.0.312", // Any 9.x version is acceptable. "rollForward": "latestMinor", From 77337aafbe98e5206d0348b3bc2192e0d376d4dd Mon Sep 17 00:00:00 2001 From: Cheena Malhotra Date: Wed, 22 Apr 2026 14:12:46 -0700 Subject: [PATCH 07/15] Update versions --- .../onebranch/variables/common-variables.yml | 23 +++++++++++-------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/eng/pipelines/onebranch/variables/common-variables.yml b/eng/pipelines/onebranch/variables/common-variables.yml index 91260f89f0..8eab7867d2 100644 --- a/eng/pipelines/onebranch/variables/common-variables.yml +++ b/eng/pipelines/onebranch/variables/common-variables.yml @@ -16,7 +16,7 @@ variables: - name: Configuration value: Release - name: CommitHead - value: '' # the value will be extracted from the repo's head + value: '' # the value will be extracted from the repo's head - name: REPOROOT value: $(Build.SourcesDirectory) - name: softwareFolder @@ -32,18 +32,21 @@ variables: - name: Minor value: '1' - name: Patch - value: '1' - - # Update this for preview releases. - - name: Preview - value: '-preview' - - name: Revision - value: '3' + value: '5' - name: NugetPackageVersion value: $(Major).$(Minor).$(Patch) + + # Since we're on the release/6.1 branch, there will never be another legitimate preview release. + # However, we routinely want to run preview builds to test other changes, so we continue to + # maintain this variable such that these testing preview builds receive newer version numbers + # than previous builds. - name: PreviewNugetPackageVersion - value: $(Major).$(Minor).$(Patch)$(Preview)$(Revision).$(Build.BuildNumber) + value: 6.1.6-preview1 + + # GOTCHA: We're intentionally omitting the '.' between Minor and Patch because the BuildNumber + # already contains a '.' and assembly file versions must only contain a maximum of three '.' + # characters. - name: AssemblyFileVersion value: '$(Major).$(Minor)$(Patch).$(Build.BuildNumber)' - name: nuspecPath @@ -68,7 +71,7 @@ variables: - name: akvVersionPatch value: '2' - name: akvVersionPreview - value: '-preview1' + value: '' - name: akvPackageVersion value: $(akvVersionMajor).$(akvVersionMinor).$(akvVersionPatch) From eec6186397f675d0a160700b873d9d888b61fc6c Mon Sep 17 00:00:00 2001 From: Cheena Malhotra Date: Wed, 22 Apr 2026 14:23:18 -0700 Subject: [PATCH 08/15] Update symbols publishing to isolate environments Co-authored-by: Copilot --- .../onebranch/jobs/build-signed-package-job.yml | 10 ++++++++++ eng/pipelines/onebranch/sqlclient-non-official.yml | 2 ++ eng/pipelines/onebranch/sqlclient-official.yml | 2 ++ .../onebranch/steps/publish-symbols-step.yml | 7 +++---- .../onebranch/variables/common-variables.yml | 13 ++++++++----- 5 files changed, 25 insertions(+), 9 deletions(-) diff --git a/eng/pipelines/onebranch/jobs/build-signed-package-job.yml b/eng/pipelines/onebranch/jobs/build-signed-package-job.yml index 89484bb746..3e74c0fa06 100644 --- a/eng/pipelines/onebranch/jobs/build-signed-package-job.yml +++ b/eng/pipelines/onebranch/jobs/build-signed-package-job.yml @@ -15,6 +15,14 @@ parameters: - name: publishSymbols type: boolean + - name: SymbolServer + type: string + default: '$(SymbolsPublishServerProd)' + + - name: SymbolTokenUri + type: string + default: '$(SymbolsPublishTokenUriProd)' + - name: isPreview type: boolean @@ -72,4 +80,6 @@ jobs: - template: ../steps/publish-symbols-step.yml@self parameters: publishSymbols: ${{ parameters['publishSymbols'] }} + symbolServer: ${{ parameters['SymbolServer'] }} + symbolTokenUri: ${{ parameters['SymbolTokenUri'] }} symbolsArtifactName: mds_symbols_$(System.TeamProject)_$(Build.Repository.Name)_$(Build.SourceBranchName)_$(NugetPackageVersion)_$(System.TimelineId) diff --git a/eng/pipelines/onebranch/sqlclient-non-official.yml b/eng/pipelines/onebranch/sqlclient-non-official.yml index 189e875895..6a80eb9e94 100644 --- a/eng/pipelines/onebranch/sqlclient-non-official.yml +++ b/eng/pipelines/onebranch/sqlclient-non-official.yml @@ -161,6 +161,8 @@ extends: symbolsFolder: $(symbolsFolder) softwareFolder: $(softwareFolder) publishSymbols: ${{ parameters['publishSymbols'] }} + symbolServer: $(SymbolsPublishServerPpe) + symbolTokenUri: $(SymbolsPublishTokenUriPpe) isPreview: ${{ parameters['isPreview'] }} isOfficialBuild: false diff --git a/eng/pipelines/onebranch/sqlclient-official.yml b/eng/pipelines/onebranch/sqlclient-official.yml index e231e57b64..b578630aa0 100644 --- a/eng/pipelines/onebranch/sqlclient-official.yml +++ b/eng/pipelines/onebranch/sqlclient-official.yml @@ -168,6 +168,8 @@ extends: symbolsFolder: $(symbolsFolder) softwareFolder: $(softwareFolder) publishSymbols: ${{ parameters['publishSymbols'] }} + symbolServer: $(SymbolsPublishServerProd) + symbolTokenUri: $(SymbolsPublishTokenUriProd) isPreview: ${{ parameters['isPreview'] }} isOfficialBuild: true diff --git a/eng/pipelines/onebranch/steps/publish-symbols-step.yml b/eng/pipelines/onebranch/steps/publish-symbols-step.yml index 52e622d9a3..0e0c53dc37 100644 --- a/eng/pipelines/onebranch/steps/publish-symbols-step.yml +++ b/eng/pipelines/onebranch/steps/publish-symbols-step.yml @@ -64,7 +64,7 @@ steps: SymbolServerType: TeamServices SymbolsMaximumWaitTime: 60 SymbolExpirationInDays: 1825 # 5 years - SymbolsProduct: Microsoft.Data.SqlClient + SymbolsProduct: $(SymbolsPublishProjectNameSqlClient) SymbolsVersion: ${{parameters.symbolsVersion }} SymbolsArtifactName: ${{parameters.symbolsArtifactName }} Pat: $(System.AccessToken) @@ -74,7 +74,7 @@ steps: displayName: 'Publish symbols' condition: and(succeeded(), ${{ eq(parameters.publishSymbols, 'true') }}) inputs: - azureSubscription: 'Symbols publishing Workload Identity federation service-ADO.Net' + azureSubscription: '$(SymbolsAzureSubscription)' scriptType: ps scriptLocation: inlineScript inlineScript: | @@ -87,8 +87,7 @@ steps: $symbolServer = "${{parameters.symbolServer }}" $tokenUri = "${{parameters.symbolTokenUri }}" - # Registered project name in the symbol publishing pipeline: https://portal.microsofticm.com/imp/v3/incidents/incident/520844254/summary - $projectName = "Microsoft.Data.SqlClient.SNI" + $projectName = "$(SymbolsPublishProjectNameSqlClient)" # Get the access token for the symbol publishing service $symbolPublishingToken = az account get-access-token --resource $tokenUri --query accessToken -o tsv diff --git a/eng/pipelines/onebranch/variables/common-variables.yml b/eng/pipelines/onebranch/variables/common-variables.yml index 8eab7867d2..b17a653acd 100644 --- a/eng/pipelines/onebranch/variables/common-variables.yml +++ b/eng/pipelines/onebranch/variables/common-variables.yml @@ -98,11 +98,14 @@ variables: # Symbols Publishing # # Credentials for publishing symbols to symbol servers. - - group: 'akv-variables-v2' - # SymbolsAzureSubscription - # SymbolsPublishProjectName - # SymbolsPublishServer - # SymbolsPublishTokenUri + - group: 'symbols-variables-v3' + # SymbolsAzureSubscription + # SymbolsPublishProjectNameSqlClient + # SymbolsPublishProjectNameSni + # SymbolsPublishServerProd + # SymbolsPublishServerPpe + # SymbolsPublishTokenUriProd + # SymbolsPublishTokenUriPpe # SymbolsUploadAccount # ---------------------------------------------------------------------------- From 5bd58ee8b1e23ffb6a8d7e60f4e471cbeeded6a5 Mon Sep 17 00:00:00 2001 From: Cheena Malhotra Date: Wed, 22 Apr 2026 15:13:11 -0700 Subject: [PATCH 09/15] Update verify step Co-authored-by: Copilot --- .../jobs/validate-signed-package-job.yml | 37 ++++++++++--------- 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/eng/pipelines/onebranch/jobs/validate-signed-package-job.yml b/eng/pipelines/onebranch/jobs/validate-signed-package-job.yml index a6599e23bc..88b15dd8d5 100644 --- a/eng/pipelines/onebranch/jobs/validate-signed-package-job.yml +++ b/eng/pipelines/onebranch/jobs/validate-signed-package-job.yml @@ -268,24 +268,25 @@ jobs: } } displayName: 'Verify all DLLs unzipped match "expected" hierarchy' - - powershell: | - # Verify all dlls status are Valid - - $dlls = Get-ChildItem -Path $(extractedNugetPath) -Recurse -Include *.dll - foreach ($status in $dlls | Get-AuthenticodeSignature) - { - if ($status.Status -eq "Valid") - { - Write-Host $status.Status $status.Path - } - else - { - Write-Host "dll status of '$status.Path' is not valid!" -ForegroundColor Red - $status - Exit -1 - } - } - displayName: 'Verify all dlls status are Valid' + - ${{ if eq(parameters.isOfficialBuild, true) }}: + - powershell: | + # Verify all dlls are signed + + $dlls = Get-ChildItem -Path $(extractedNugetPath) -Recurse -Include *.dll + foreach ($status in $dlls | Get-AuthenticodeSignature) + { + if ($status.Status -eq "Valid") + { + Write-Host $status.Status $status.Path + } + else + { + Write-Host "dll status of '$status.Path' is not valid!" -ForegroundColor Red + $status + Exit -1 + } + } + displayName: 'Verify all dlls are signed and signatures are valid' - powershell: | # This will check for ProductVersion and FileVersion. From 4a8bfca1b4f8d2de2b0c07b9f9bc1c2a5974b1c4 Mon Sep 17 00:00:00 2001 From: Cheena Malhotra Date: Thu, 23 Apr 2026 00:13:35 -0700 Subject: [PATCH 10/15] Remove run package ref tests --- .../jobs/run-tests-package-reference-job.yml | 80 ------------------- .../onebranch/sqlclient-non-official.yml | 11 --- .../onebranch/sqlclient-official.yml | 11 --- 3 files changed, 102 deletions(-) delete mode 100644 eng/pipelines/onebranch/jobs/run-tests-package-reference-job.yml diff --git a/eng/pipelines/onebranch/jobs/run-tests-package-reference-job.yml b/eng/pipelines/onebranch/jobs/run-tests-package-reference-job.yml deleted file mode 100644 index ad54207404..0000000000 --- a/eng/pipelines/onebranch/jobs/run-tests-package-reference-job.yml +++ /dev/null @@ -1,80 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# -parameters: - - name: downloadPackageStep - type: step - default: - script: echo - - - name: packageFolderName - type: string - default: drop_build_build_signed_package - - - name: dependsOn - type: string - default: empty - - - name: isPreview - type: boolean - - # The timeout, in minutes, for this job. - - name: timeout - type: string - default: 90 - -jobs: -- job: run_tests_package_reference - displayName: 'Run tests with package reference' - ${{ if ne(parameters.dependsOn, 'empty')}}: - dependsOn: '${{parameters.dependsOn }}' - - # Some of our tests take longer than the default 60 minutes to run on some - # OSes and configurations. - timeoutInMinutes: ${{ parameters.timeout }} - - pool: - type: windows # read more about custom job pool types at https://aka.ms/obpipelines/yaml/jobs - isCustom: true - name: ADO-1ES-Pool - vmImage: 'ADO-MMS22-SQL19' - - variables: # More settings at https://aka.ms/obpipelines/yaml/jobs - - template: ../variables/mds-validation-variables.yml@self - - steps: - - template: /eng/pipelines/common/templates/steps/pre-build-step.yml - - - ${{parameters.downloadPackageStep }} - - - template: /eng/pipelines/common/templates/steps/update-nuget-config-local-feed-step.yml - parameters: - downloadedNugetPath: $(Pipeline.Workspace)\${{parameters.packageFolderName }} - ${{ if parameters.isPreview }}: - nugetPackageVersion: $(PreviewNugetPackageVersion) - - - template: /eng/pipelines/common/templates/steps/update-config-file-step.yml - parameters: - # We use the Library $(Password) variable as the SA password in this pipeline. - saPassword: $(Password) - TCPConnectionString: $(SQL_TCP_CONN_STRING) - NPConnectionString: $(SQL_NP_CONN_STRING) - SupportsIntegratedSecurity: false - - - template: /eng/pipelines/common/templates/steps/prepare-test-db-step.yml - -# build & test - - template: /eng/pipelines/common/templates/steps/build-and-run-tests-netfx-step.yml - parameters: - referenceType: Package - ${{ if parameters.isPreview }}: - nugetPackageVersion: $(PreviewNugetPackageVersion) - - - template: /eng/pipelines/common/templates/steps/build-and-run-tests-netcore-step.yml - parameters: - referenceType: Package - cleanFirst: true - ${{ if parameters.isPreview }}: - nugetPackageVersion: $(PreviewNugetPackageVersion) diff --git a/eng/pipelines/onebranch/sqlclient-non-official.yml b/eng/pipelines/onebranch/sqlclient-non-official.yml index 6a80eb9e94..f10976eeaa 100644 --- a/eng/pipelines/onebranch/sqlclient-non-official.yml +++ b/eng/pipelines/onebranch/sqlclient-non-official.yml @@ -180,17 +180,6 @@ extends: patterns: '**/*.*nupkg' displayName: 'Download NuGet Package' - - template: /eng/pipelines/onebranch/jobs/run-tests-package-reference-job.yml@self - parameters: - packageFolderName: $(packageFolderName) - isPreview: ${{ parameters['isPreview'] }} - timeout: ${{ parameters.testsTimeout }} - downloadPackageStep: - download: current - artifact: $(packageFolderName) - patterns: '**/*.nupkg' - displayName: 'Download NuGet Package' - # ================================================================== # Build Add-on Packages (AKV Provider) # Depends on MDS build completing first. diff --git a/eng/pipelines/onebranch/sqlclient-official.yml b/eng/pipelines/onebranch/sqlclient-official.yml index b578630aa0..1566c9c1be 100644 --- a/eng/pipelines/onebranch/sqlclient-official.yml +++ b/eng/pipelines/onebranch/sqlclient-official.yml @@ -187,17 +187,6 @@ extends: patterns: '**/*.*nupkg' displayName: 'Download NuGet Package' - - template: /eng/pipelines/onebranch/jobs/run-tests-package-reference-job.yml@self - parameters: - packageFolderName: $(packageFolderName) - isPreview: ${{ parameters['isPreview'] }} - timeout: ${{ parameters.testsTimeout }} - downloadPackageStep: - download: current - artifact: $(packageFolderName) - patterns: '**/*.nupkg' - displayName: 'Download NuGet Package' - # ================================================================== # Build Add-on Packages (AKV Provider) # Depends on MDS build completing first. From 8bac315936bb8d4c0e33d26b089ffb9a229e0431 Mon Sep 17 00:00:00 2001 From: Cheena Malhotra Date: Thu, 23 Apr 2026 01:17:29 -0700 Subject: [PATCH 11/15] Update variable --- eng/pipelines/onebranch/jobs/build-akv-official-job.yml | 2 +- eng/pipelines/onebranch/steps/compound-build-akv-step.yml | 2 +- eng/pipelines/onebranch/steps/roslyn-analyzers-akv-step.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/eng/pipelines/onebranch/jobs/build-akv-official-job.yml b/eng/pipelines/onebranch/jobs/build-akv-official-job.yml index 1812cf4666..912996e89c 100644 --- a/eng/pipelines/onebranch/jobs/build-akv-official-job.yml +++ b/eng/pipelines/onebranch/jobs/build-akv-official-job.yml @@ -133,7 +133,7 @@ jobs: buildConfiguration: '${{ parameters.buildConfiguration }}' generateSymbolsPackage: true # Always generate symbols, even if they are not published packageVersion: '${{ parameters.nugetPackageVersion }}' - nuspecPath: '$(REPO_ROOT)/tools/specs/add-ons/$(PACKAGE_NAME).nuspec' + nuspecPath: '$(REPOROOT)/tools/specs/add-ons/$(PACKAGE_NAME).nuspec' outputDirectory: '$(ARTIFACT_PATH)' referenceType: 'Package' diff --git a/eng/pipelines/onebranch/steps/compound-build-akv-step.yml b/eng/pipelines/onebranch/steps/compound-build-akv-step.yml index d01d6b51cc..74b505a235 100644 --- a/eng/pipelines/onebranch/steps/compound-build-akv-step.yml +++ b/eng/pipelines/onebranch/steps/compound-build-akv-step.yml @@ -36,7 +36,7 @@ steps: - task: MSBuild@1 displayName: 'Build.proj - BuildAkv' inputs: - solution: '$(REPO_ROOT)/build.proj' + solution: '$(REPOROOT)/build.proj' configuration: '${{ parameters.buildConfiguration }}' msbuildArguments: >- -t:BuildAkv diff --git a/eng/pipelines/onebranch/steps/roslyn-analyzers-akv-step.yml b/eng/pipelines/onebranch/steps/roslyn-analyzers-akv-step.yml index d65ec57ca4..a43be26324 100644 --- a/eng/pipelines/onebranch/steps/roslyn-analyzers-akv-step.yml +++ b/eng/pipelines/onebranch/steps/roslyn-analyzers-akv-step.yml @@ -29,7 +29,7 @@ steps: msBuildArchitecture: x64 msBuildCommandLine: >- msbuild - $(REPO_ROOT)/build.proj + $(REPOROOT)/build.proj -t:BuildAkv -p:Configuration=${{ parameters.buildConfiguration }} -p:NugetPackageVersion=${{ parameters.mdsPackageVersion }} From 0f4089401f4b921d545fdf76cdfd5f196202c7f4 Mon Sep 17 00:00:00 2001 From: Cheena Malhotra Date: Thu, 23 Apr 2026 09:46:55 -0700 Subject: [PATCH 12/15] Address remaining gaps for MDS Co-authored-by: Copilot --- eng/pipelines/onebranch/jobs/build-akv-official-job.yml | 6 +++--- .../onebranch/jobs/build-signed-package-job.yml | 8 ++++---- eng/pipelines/onebranch/sqlclient-official.yml | 9 ++++++--- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/eng/pipelines/onebranch/jobs/build-akv-official-job.yml b/eng/pipelines/onebranch/jobs/build-akv-official-job.yml index 912996e89c..b831b5ea32 100644 --- a/eng/pipelines/onebranch/jobs/build-akv-official-job.yml +++ b/eng/pipelines/onebranch/jobs/build-akv-official-job.yml @@ -61,15 +61,15 @@ parameters: - name: symbolsPublishProjectName type: string - default: $(SymbolsPublishProjectName) + default: $(SymbolsPublishProjectNameSqlClient) - name: symbolsPublishServer type: string - default: $(SymbolsPublishServer) + default: $(SymbolsPublishServerPpe) - name: symbolsPublishTokenUri type: string - default: $(SymbolsPublishTokenUri) + default: $(SymbolsPublishTokenUriPpe) - name: symbolsUploadAccount type: string diff --git a/eng/pipelines/onebranch/jobs/build-signed-package-job.yml b/eng/pipelines/onebranch/jobs/build-signed-package-job.yml index 3e74c0fa06..a2b2da754f 100644 --- a/eng/pipelines/onebranch/jobs/build-signed-package-job.yml +++ b/eng/pipelines/onebranch/jobs/build-signed-package-job.yml @@ -15,11 +15,11 @@ parameters: - name: publishSymbols type: boolean - - name: SymbolServer + - name: symbolServer type: string default: '$(SymbolsPublishServerProd)' - - name: SymbolTokenUri + - name: symbolTokenUri type: string default: '$(SymbolsPublishTokenUriProd)' @@ -80,6 +80,6 @@ jobs: - template: ../steps/publish-symbols-step.yml@self parameters: publishSymbols: ${{ parameters['publishSymbols'] }} - symbolServer: ${{ parameters['SymbolServer'] }} - symbolTokenUri: ${{ parameters['SymbolTokenUri'] }} + symbolServer: ${{ parameters['symbolServer'] }} + symbolTokenUri: ${{ parameters['symbolTokenUri'] }} symbolsArtifactName: mds_symbols_$(System.TeamProject)_$(Build.Repository.Name)_$(Build.SourceBranchName)_$(NugetPackageVersion)_$(System.TimelineId) diff --git a/eng/pipelines/onebranch/sqlclient-official.yml b/eng/pipelines/onebranch/sqlclient-official.yml index 1566c9c1be..29bf7b7ab1 100644 --- a/eng/pipelines/onebranch/sqlclient-official.yml +++ b/eng/pipelines/onebranch/sqlclient-official.yml @@ -181,6 +181,7 @@ extends: parameters: packageFolderName: $(packageFolderName) isPreview: ${{ parameters['isPreview'] }} + isOfficialBuild: true downloadPackageStep: download: current artifact: $(packageFolderName) @@ -217,9 +218,11 @@ extends: signingEsrpClientId: $(SigningEsrpClientId) signingEsrpConnectedServiceName: $(SigningEsrpConnectedServiceName) symbolsAzureSubscription: $(SymbolsAzureSubscription) - symbolsPublishProjectName: $(SymbolsPublishProjectName) - symbolsPublishServer: $(SymbolsPublishServer) - symbolsPublishTokenUri: $(SymbolsPublishTokenUri) + # @TODO: Should there be a project name registered for AKV provider project, + # or should they go under the same project as SQL Client? + symbolsPublishProjectName: $(SymbolsPublishProjectNameSqlClient) + symbolsPublishServer: $(SymbolsPublishServerProd) + symbolsPublishTokenUri: $(SymbolsPublishTokenUriProd) symbolsUploadAccount: $(SymbolsUploadAccount) # ================================================================== From 6f790b6df1a6933bd0df903e86f9e607f4b582cc Mon Sep 17 00:00:00 2001 From: Paul Medynski <31868385+paulmedynski@users.noreply.github.com> Date: Thu, 23 Apr 2026 14:27:28 -0300 Subject: [PATCH 13/15] Tidied up a few things rather than go back and forth in review conversations. --- .../templates/jobs/ci-build-nugets-job.yml | 10 +-- .../templates/jobs/ci-run-tests-job.yml | 14 ++-- .../templates/stages/ci-run-tests-stage.yml | 4 +- .../build-and-run-tests-netcore-step.yml | 82 ------------------- .../steps/build-and-run-tests-netfx-step.yml | 81 ------------------ .../templates/steps/ci-prebuild-step.yml | 2 +- .../steps/configure-sql-server-step.yml | 6 +- .../common/templates/steps/pre-build-step.yml | 25 ------ .../templates/steps/prepare-test-db-step.yml | 27 ------ eng/pipelines/dotnet-sqlclient-ci-core.yml | 18 ++-- ...qlclient-ci-package-reference-pipeline.yml | 32 ++++---- ...qlclient-ci-project-reference-pipeline.yml | 32 ++++---- .../onebranch/jobs/build-akv-official-job.yml | 16 ++-- .../jobs/build-signed-package-job.yml | 14 ++-- .../jobs/validate-signed-package-job.yml | 2 +- .../onebranch/sqlclient-non-official.yml | 25 +++--- .../onebranch/sqlclient-official.yml | 25 ++---- .../onebranch/variables/build-variables.yml | 4 +- .../onebranch/variables/common-variables.yml | 12 +-- .../variables/mds-validation-variables.yml | 4 +- .../onebranch/variables/variables.yml | 2 +- .../stages/stress-tests-ci-stage.yml | 6 +- 22 files changed, 105 insertions(+), 338 deletions(-) delete mode 100644 eng/pipelines/common/templates/steps/build-and-run-tests-netcore-step.yml delete mode 100644 eng/pipelines/common/templates/steps/build-and-run-tests-netfx-step.yml delete mode 100644 eng/pipelines/common/templates/steps/pre-build-step.yml delete mode 100644 eng/pipelines/common/templates/steps/prepare-test-db-step.yml diff --git a/eng/pipelines/common/templates/jobs/ci-build-nugets-job.yml b/eng/pipelines/common/templates/jobs/ci-build-nugets-job.yml index 25b5e75959..de5bfb48c3 100644 --- a/eng/pipelines/common/templates/jobs/ci-build-nugets-job.yml +++ b/eng/pipelines/common/templates/jobs/ci-build-nugets-job.yml @@ -38,7 +38,7 @@ jobs: - msbuild variables: - - template: ../../../libraries/ci-build-variables.yml@self + - template: /eng/pipelines/libraries/ci-build-variables.yml@self steps: - ${{ if ne(parameters.prebuildSteps, '') }}: @@ -52,21 +52,21 @@ jobs: # compilation errors. We won't use the Release artifacts for anything else # though. - ${{ if eq(parameters.configuration, 'Debug') }}: - - template: ../steps/ci-project-build-step.yml@self + - template: /eng/pipelines/common/templates/steps/ci-project-build-step.yml@self parameters: platform: ${{ parameters.platform }} configuration: Release operatingSystem: Windows build: all - - template: ../steps/ci-project-build-step.yml@self + - template: /eng/pipelines/common/templates/steps/ci-project-build-step.yml@self parameters: platform: ${{ parameters.platform }} configuration: ${{ parameters.configuration }} operatingSystem: Windows build: all - - template: ../steps/generate-nuget-package-step.yml@self + - template: /eng/pipelines/common/templates/steps/generate-nuget-package-step.yml@self parameters: NugetPackageVersion: $(NugetPackageVersion) configuration: $(Configuration) @@ -75,7 +75,7 @@ jobs: generateSymbolsPackage: false displayName: 'Generate NuGet package M.D.SqlClient' - - template: ../steps/generate-nuget-package-step.yml@self + - template: /eng/pipelines/common/templates/steps/generate-nuget-package-step.yml@self parameters: NugetPackageVersion: $(NugetPackageVersion) configuration: $(Configuration) diff --git a/eng/pipelines/common/templates/jobs/ci-run-tests-job.yml b/eng/pipelines/common/templates/jobs/ci-run-tests-job.yml index 7e1da7a84d..dcde2cfbed 100644 --- a/eng/pipelines/common/templates/jobs/ci-run-tests-job.yml +++ b/eng/pipelines/common/templates/jobs/ci-run-tests-job.yml @@ -123,12 +123,12 @@ jobs: - ${{ parameters.prebuildSteps }} # extra steps to run before the build like downloading sni and the required configuration - ${{ if eq(parameters.buildType, 'Project') }}: - - template: ../steps/ci-project-build-step.yml@self + - template: /eng/pipelines/common/templates/steps/ci-project-build-step.yml@self parameters: build: allNoDocs - ${{ if ne(parameters.configProperties, '{}') }}: - - template: ../steps/update-config-file-step.yml@self # update config.json file + - template: /eng/pipelines/common/templates/steps/update-config-file-step.yml@self # update config.json file parameters: debug: ${{ parameters.debug }} saPassword: ${{ parameters.saPassword }} @@ -204,7 +204,7 @@ jobs: displayName: 'Start Sql Browser' condition: eq(variables['Agent.OS'], 'Windows_NT') - ${{ elseif eq(parameters.configSqlFor, 'local') }}: - - template: ../steps/configure-sql-server-step.yml@self # configure SQL Server + - template: /eng/pipelines/common/templates/steps/configure-sql-server-step.yml@self # configure SQL Server parameters: operatingSystem: ${{ parameters.operatingSystem }} netcoreVersionTestUtils: ${{ parameters.netcoreVersionTestUtils }} @@ -236,7 +236,7 @@ jobs: ${{ if parameters.configProperties.FileStreamDirectory }}: fileStreamDirectory: ${{ parameters.configProperties.FileStreamDirectory }} - - template: ../steps/build-all-tests-step.yml@self # build tests + - template: /eng/pipelines/common/templates/steps/build-all-tests-step.yml@self # build tests parameters: targetFramework: ${{ parameters.targetFramework }} referenceType: ${{ parameters.buildType }} @@ -245,7 +245,7 @@ jobs: OSGroup: Unix - ${{ if eq(parameters.enableX64Test, true) }}: # run native tests - - template: ../steps/run-all-tests-step.yml@self # run tests + - template: /eng/pipelines/common/templates/steps/run-all-tests-step.yml@self # run tests parameters: debug: ${{ parameters.debug }} targetFramework: ${{ parameters.targetFramework }} @@ -268,7 +268,7 @@ jobs: installDir: $(dotnetx86RootPath) runtimes: [8.x, 9.x] - - template: ../steps/run-all-tests-step.yml@self + - template: /eng/pipelines/common/templates/steps/run-all-tests-step.yml@self parameters: debug: ${{ parameters.debug }} targetFramework: ${{ parameters.targetFramework }} @@ -279,7 +279,7 @@ jobs: operatingSystem: ${{ parameters.operatingSystem }} - ${{ if and(eq(parameters.publishTestResults, true), eq(parameters.buildType, 'Project')) }}: # publish test results if build type is project - - template: ../steps/publish-test-results-step.yml@self + - template: /eng/pipelines/common/templates/steps/publish-test-results-step.yml@self parameters: debug: ${{ parameters.debug }} targetFramework: ${{ parameters.targetFramework }} diff --git a/eng/pipelines/common/templates/stages/ci-run-tests-stage.yml b/eng/pipelines/common/templates/stages/ci-run-tests-stage.yml index 32e074eb8e..0b15bea851 100644 --- a/eng/pipelines/common/templates/stages/ci-run-tests-stage.yml +++ b/eng/pipelines/common/templates/stages/ci-run-tests-stage.yml @@ -57,7 +57,7 @@ stages: - ${{ each platform in config.value.buildPlatforms }}: - ${{ each testSet in config.value.TestSets }}: - ${{ if contains(targetFramework, 'net4') }}: # .NET Framework - - template: ../jobs/ci-run-tests-job.yml@self + - template: /eng/pipelines/common/templates/jobs/ci-run-tests-job.yml@self parameters: debug: ${{ parameters.debug }} buildType: ${{ parameters.buildType }} @@ -85,7 +85,7 @@ stages: enableX64Test: false - ${{ else }}: # .NET - ${{ each useManagedSNI in config.value.useManagedSNI }}: - - template: ../jobs/ci-run-tests-job.yml@self + - template: /eng/pipelines/common/templates/jobs/ci-run-tests-job.yml@self parameters: debug: ${{ parameters.debug }} buildType: ${{ parameters.buildType }} diff --git a/eng/pipelines/common/templates/steps/build-and-run-tests-netcore-step.yml b/eng/pipelines/common/templates/steps/build-and-run-tests-netcore-step.yml deleted file mode 100644 index c70fe776a7..0000000000 --- a/eng/pipelines/common/templates/steps/build-and-run-tests-netcore-step.yml +++ /dev/null @@ -1,82 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# -parameters: - - name: TargetNetCoreVersion - type: string - default: $(TargetNetCoreVersion) - - - name: configuration - type: string - default: $(Configuration) - - - name: referenceType - default: Project - values: - - Project - - Package - - - name: NugetPackageVersion - type: string - default: $(NugetPackageVersion) - - - name: platform - type: string - default: $(Platform) - - - name: cleanFirst - type: boolean - default: false - - - name: TestTargetOS - type: string - default: Windowsnetcoreapp - values: - - Windowsnetfx - - Windowsnetcoreapp - - Unixnetcoreapp - - - name: retryCountOnManualTests - type: number - default: 2 - -steps: -- ${{ if eq(parameters.cleanFirst, true)}}: - - task: MSBuild@1 - displayName: 'Clean artifacts folder' - inputs: - solution: build.proj - msbuildArguments: '-t:clean' - -- task: MSBuild@1 - displayName: 'Build AKV Provider .NET' - inputs: - solution: build.proj - msbuildArchitecture: x64 - msbuildArguments: '-p:Configuration=${{parameters.configuration }} -t:BuildAKVNetCore -p:ReferenceType=${{parameters.referenceType }} -p:TestMicrosoftDataSqlClientVersion=${{parameters.NugetPackageVersion }}' - -- task: MSBuild@1 - displayName: 'MSBuild Build Tests for ${{parameters.TargetNetCoreVersion }}' - inputs: - solution: build.proj - msbuildArchitecture: x64 - msbuildArguments: '-t:BuildTestsNetCore -p:ReferenceType=${{parameters.referenceType }} -p:TargetNetCoreVersion=${{parameters.TargetNetCoreVersion }} -p:TestMicrosoftDataSqlClientVersion=${{parameters.NugetPackageVersion }} -p:Configuration=${{parameters.configuration }}' - -# Don't run unit tests using package reference. Unit tests are only run using project reference. - -- task: DotNetCoreCLI@2 - displayName: 'Run Functional Tests for ${{parameters.TargetNetCoreVersion }}' - inputs: - command: test - projects: 'src\Microsoft.Data.SqlClient\tests\FunctionalTests\Microsoft.Data.SqlClient.FunctionalTests.csproj' - arguments: '-p:Platform=${{parameters.platform }} -p:TestTargetOS="${{parameters.TestTargetOS }}" -p:TargetNetCoreVersion=${{parameters.TargetNetCoreVersion }} -p:ReferenceType=${{parameters.referenceType }} -p:Configuration=${{parameters.configuration }} -p:TestMicrosoftDataSqlClientVersion=${{parameters.NugetPackageVersion }} --no-build -v n --filter "category!=nonnetcoreapptests&category!=failing&category!=nonwindowstests"' - -- task: DotNetCoreCLI@2 - displayName: 'Run Manual Tests for ${{parameters.TargetNetCoreVersion }}' - inputs: - command: test - projects: 'src\Microsoft.Data.SqlClient\tests\ManualTests\Microsoft.Data.SqlClient.ManualTesting.Tests.csproj' - arguments: '-p:Platform=${{parameters.platform }} -p:TestTargetOS="${{parameters.TestTargetOS }}" -p:TargetNetCoreVersion=${{parameters.TargetNetCoreVersion }} -p:ReferenceType=${{parameters.referenceType }} -p:Configuration=${{parameters.configuration }} -p:TestMicrosoftDataSqlClientVersion=${{parameters.NugetPackageVersion }} --no-build -v n --filter category!=nonnetcoreapptests&category!=failing&category!=nonwindowstests --collect "Code Coverage"' - retryCountOnTaskFailure: ${{parameters.retryCountOnManualTests }} diff --git a/eng/pipelines/common/templates/steps/build-and-run-tests-netfx-step.yml b/eng/pipelines/common/templates/steps/build-and-run-tests-netfx-step.yml deleted file mode 100644 index d7266692dd..0000000000 --- a/eng/pipelines/common/templates/steps/build-and-run-tests-netfx-step.yml +++ /dev/null @@ -1,81 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# -parameters: - - name: TargetNetFxVersion - type: string - default: $(TargetNetFxVersion) - - - name: configuration - type: string - default: $(Configuration) - - - name: referenceType - default: Project - values: - - Project - - Package - - - name: NugetPackageVersion - type: string - default: $(NugetPackageVersion) - - - name: platform - type: string - default: $(Platform) - - - name: cleanFirst - type: boolean - default: false - - - name: TestTargetOS - type: string - default: Windowsnetfx - values: - - Windowsnetfx - - Windowsnetcoreapp - - Unixnetcoreapp - - - name: retryCountOnManualTests - type: number - default: 2 - -steps: -- ${{ if eq(parameters.cleanFirst, true)}}: - - task: MSBuild@1 - displayName: 'Clean artifacts folder' - inputs: - solution: build.proj - msbuildArguments: '-t:clean' - -- task: MSBuild@1 - displayName: 'Build AKV Provider .NET Framework' - inputs: - solution: build.proj - msbuildArchitecture: x64 - msbuildArguments: '-p:Configuration=${{parameters.configuration }} -t:BuildAKVNetFx -p:ReferenceType=${{parameters.referenceType }} -p:TestMicrosoftDataSqlClientVersion=${{parameters.NugetPackageVersion }}' - -- task: MSBuild@1 - displayName: 'MSBuild Build Tests for ${{parameters.TargetNetFxVersion }}' - inputs: - solution: build.proj - msbuildArguments: ' -t:BuildTestsNetFx -p:ReferenceType=${{parameters.referenceType }} -p:TestMicrosoftDataSqlClientVersion=${{parameters.NugetPackageVersion }} -p:TF=${{parameters.TargetNetFxVersion }} -p:Configuration=${{parameters.configuration }} -p:Platform=${{parameters.platform }}' - -# Don't run unit tests using package reference. Unit tests are only run using project reference. - -- task: DotNetCoreCLI@2 - displayName: 'Run Functional Tests for ${{parameters.TargetNetFxVersion }}' - inputs: - command: test - projects: 'src\Microsoft.Data.SqlClient\tests\FunctionalTests\Microsoft.Data.SqlClient.FunctionalTests.csproj' - arguments: '-p:Platform=${{parameters.platform }} -p:TestTargetOS="${{parameters.TestTargetOS }}" -p:TargetNetFxVersion=${{parameters.TargetNetFxVersion }} -p:ReferenceType=${{parameters.referenceType }} -p:Configuration=${{parameters.configuration }} -p:TestMicrosoftDataSqlClientVersion=${{parameters.NugetPackageVersion }} --no-build -v n --filter "category!=nonnetfxtests&category!=failing&category!=nonwindowstests" --collect "Code Coverage"' - -- task: DotNetCoreCLI@2 - displayName: 'Run Manual Tests for ${{parameters.TargetNetFxVersion }}' - inputs: - command: test - projects: 'src\Microsoft.Data.SqlClient\tests\ManualTests\Microsoft.Data.SqlClient.ManualTesting.Tests.csproj' - arguments: '-p:Platform=${{parameters.platform }} -p:TestTargetOS="${{parameters.TestTargetOS }}" -p:TargetNetFxVersion=${{parameters.TargetNetFxVersion }} -p:ReferenceType=${{parameters.referenceType }} -p:Configuration=${{parameters.configuration }} -p:TestMicrosoftDataSqlClientVersion=${{parameters.NugetPackageVersion }} --no-build -v n --filter "category!=nonnetfxtests&category!=failing&category!=nonwindowstests" --collect "Code Coverage"' - retryCountOnTaskFailure: ${{parameters.retryCountOnManualTests }} diff --git a/eng/pipelines/common/templates/steps/ci-prebuild-step.yml b/eng/pipelines/common/templates/steps/ci-prebuild-step.yml index d366d2f9ff..615e2da2c7 100644 --- a/eng/pipelines/common/templates/steps/ci-prebuild-step.yml +++ b/eng/pipelines/common/templates/steps/ci-prebuild-step.yml @@ -34,7 +34,7 @@ steps: patterns: '**/*.nupkg' targetPath: $(Pipeline.Workspace)/${{parameters.artifactName }} - - template: update-nuget-config-local-feed-step.yml@self + - template: /eng/pipelines/common/templates/steps/update-nuget-config-local-feed-step.yml@self parameters: downloadedNugetPath: $(Pipeline.Workspace)\${{parameters.artifactName }} debug: ${{ parameters.debug }} diff --git a/eng/pipelines/common/templates/steps/configure-sql-server-step.yml b/eng/pipelines/common/templates/steps/configure-sql-server-step.yml index 877b73403e..ec63696cb7 100644 --- a/eng/pipelines/common/templates/steps/configure-sql-server-step.yml +++ b/eng/pipelines/common/templates/steps/configure-sql-server-step.yml @@ -72,7 +72,7 @@ parameters: steps: - ${{ if eq(parameters.operatingSystem, 'Windows') }}: # windows only steps - - template: configure-sql-server-win-step.yml@self + - template: /eng/pipelines/common/templates/steps/configure-sql-server-win-step.yml@self parameters: instanceName: ${{parameters.instanceName}} user: ${{parameters.user}} @@ -90,13 +90,13 @@ steps: - ${{ elseif eq(parameters.operatingSystem, 'Linux') }}: # Linux only steps - - template: configure-sql-server-linux-step.yml@self + - template: /eng/pipelines/common/templates/steps/configure-sql-server-linux-step.yml@self parameters: password: ${{parameters.saPassword}} - ${{ elseif eq(parameters.operatingSystem, 'Mac') }}: # macOS only steps - - template: configure-sql-server-macos-step.yml@self + - template: /eng/pipelines/common/templates/steps/configure-sql-server-macos-step.yml@self parameters: password: ${{parameters.saPassword}} diff --git a/eng/pipelines/common/templates/steps/pre-build-step.yml b/eng/pipelines/common/templates/steps/pre-build-step.yml deleted file mode 100644 index 068223af70..0000000000 --- a/eng/pipelines/common/templates/steps/pre-build-step.yml +++ /dev/null @@ -1,25 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# -steps: - # Install the .NET SDK and Runtimes. - - template: /eng/pipelines/steps/install-dotnet.yml@self - parameters: - runtimes: [8.x, 9.x] - - - script: SET - displayName: 'Print Environment Variables' - - - powershell: | - # use sqlcmd to try to connect to localdb - $svc_name = "SQLBrowser" - Get-Service $svc_name | Select-Object -Property Name, StartType, Status - Set-Service -StartupType Automatic $svc_name - net start $svc_name - Get-Service $svc_name | Select-Object -Property Name, StartType, Status - displayName: 'Start SQLBrowser' - - - task: NuGetToolInstaller@1 - displayName: 'Use NuGet' diff --git a/eng/pipelines/common/templates/steps/prepare-test-db-step.yml b/eng/pipelines/common/templates/steps/prepare-test-db-step.yml deleted file mode 100644 index addd2a69b6..0000000000 --- a/eng/pipelines/common/templates/steps/prepare-test-db-step.yml +++ /dev/null @@ -1,27 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# -parameters: - - name: databaseName - type: string - default: $(Database) - - - name: targetFramework - type: string - default: net9.0 - -steps: -- task: DotNetCoreCLI@2 - displayName: 'Build Ext Utilities' - inputs: - command: build - arguments: '-f ${{parameters.targetFramework }}' - workingDirectory: src/Microsoft.Data.SqlClient/tests/tools/Microsoft.Data.SqlClient.ExtUtilities -- task: DotNetCoreCLI@2 - displayName: 'Create Test Database' - inputs: - command: run - arguments: '-f ${{parameters.targetFramework }} -- "CreateDatabase" ${{parameters.databaseName }} ' - workingDirectory: src/Microsoft.Data.SqlClient/tests/tools/Microsoft.Data.SqlClient.ExtUtilities diff --git a/eng/pipelines/dotnet-sqlclient-ci-core.yml b/eng/pipelines/dotnet-sqlclient-ci-core.yml index 0a0839e140..0b61a430a5 100644 --- a/eng/pipelines/dotnet-sqlclient-ci-core.yml +++ b/eng/pipelines/dotnet-sqlclient-ci-core.yml @@ -87,7 +87,7 @@ parameters: default: 90 variables: - - template: libraries/ci-build-variables.yml@self + - template: /eng/pipelines/libraries/ci-build-variables.yml@self - name: artifactName value: Artifacts @@ -102,19 +102,19 @@ stages: - stage: build_nugets displayName: 'Build NuGet Packages' jobs: - - template: common/templates/jobs/ci-build-nugets-job.yml@self + - template: /eng/pipelines/common/templates/jobs/ci-build-nugets-job.yml@self parameters: configuration: ${{ parameters.buildConfiguration }} artifactName: $(artifactName) ${{if ne(parameters.SNIVersion, '')}}: prebuildSteps: - - template: common/templates/steps/override-sni-version.yml@self + - template: /eng/pipelines/common/templates/steps/override-sni-version.yml@self parameters: SNIVersion: ${{parameters.SNIVersion}} SNIValidationFeed: ${{parameters.SNIValidationFeed}} - ${{ if eq(parameters.enableStressTests, true) }}: - - template: stages/stress-tests-ci-stage.yml@self + - template: /eng/pipelines/stages/stress-tests-ci-stage.yml@self parameters: buildConfiguration: ${{ parameters.buildConfiguration }} additionalDependsOn: @@ -124,7 +124,7 @@ stages: ${{ if eq(parameters.debug, 'true') }}: verbosity: 'detailed' - - template: common/templates/stages/ci-run-tests-stage.yml@self + - template: /eng/pipelines/common/templates/stages/ci-run-tests-stage.yml@self parameters: debug: ${{ parameters.debug }} buildType: ${{ parameters.buildType }} @@ -135,18 +135,18 @@ stages: ${{if ne(parameters.SNIVersion, '')}}: prebuildSteps: # steps to run prior to building and running tests on each job - - template: common/templates/steps/override-sni-version.yml@self + - template: /eng/pipelines/common/templates/steps/override-sni-version.yml@self parameters: SNIVersion: ${{parameters.SNIVersion}} SNIValidationFeed: ${{parameters.SNIValidationFeed}} - - template: common/templates/steps/ci-prebuild-step.yml@self + - template: /eng/pipelines/common/templates/steps/ci-prebuild-step.yml@self parameters: debug: ${{ parameters.debug }} artifactName: $(artifactName) buildType: ${{ parameters.buildType }} ${{else}}: prebuildSteps: # steps to run prior to building and running tests on each job - - template: common/templates/steps/ci-prebuild-step.yml@self + - template: /eng/pipelines/common/templates/steps/ci-prebuild-step.yml@self parameters: debug: ${{ parameters.debug }} artifactName: $(artifactName) @@ -154,7 +154,7 @@ stages: ${{ if eq(parameters.buildType, 'Project') }}: # only run the code coverage job if the build type is project postTestJobs: # jobs to run after the tests are done - - template: common/templates/jobs/ci-code-coverage-job.yml@self + - template: /eng/pipelines/common/templates/jobs/ci-code-coverage-job.yml@self parameters: debug: ${{ parameters.debug }} image: ADO-MMS22-CodeCov diff --git a/eng/pipelines/dotnet-sqlclient-ci-package-reference-pipeline.yml b/eng/pipelines/dotnet-sqlclient-ci-package-reference-pipeline.yml index 953a123487..d77d71e04d 100644 --- a/eng/pipelines/dotnet-sqlclient-ci-package-reference-pipeline.yml +++ b/eng/pipelines/dotnet-sqlclient-ci-package-reference-pipeline.yml @@ -14,19 +14,21 @@ name: $(DayOfYear)$(Rev:rr) pr: branches: include: - - release/6.1 + - release/6.1 paths: include: - - .azuredevops - - .config - - doc - - eng - - src - - tools - - azurepipelines-coverage.yml - - build.proj - - NuGet.config + - .azuredevops + - .config + - doc + - eng + - src + - tools + - azurepipelines-coverage.yml + - build.proj + - NuGet.config + exclude: + - eng/pipelines/onebranch/* # Commit triggers for CI runs on specified branches. # @@ -37,8 +39,8 @@ trigger: batch: true branches: include: - - release/6.1 - - internal/release/6.1 + - release/6.1 + - internal/release/6.1 # Scheduled runs. schedules: @@ -48,7 +50,7 @@ schedules: displayName: Sunday Run branches: include: - - release/6.1 + - release/6.1 always: true # ADO on Sundays 05:30 UTC. @@ -56,7 +58,7 @@ schedules: displayName: Sunday Run branches: include: - - internal/release/6.1 + - internal/release/6.1 always: true parameters: # parameters are shown up in ADO UI in a build queue time @@ -123,7 +125,7 @@ parameters: # parameters are shown up in ADO UI in a build queue time default: 90 extends: - template: dotnet-sqlclient-ci-core.yml@self + template: /eng/pipelines/dotnet-sqlclient-ci-core.yml@self parameters: debug: ${{ parameters.debug }} targetFrameworks: ${{ parameters.targetFrameworks }} diff --git a/eng/pipelines/dotnet-sqlclient-ci-project-reference-pipeline.yml b/eng/pipelines/dotnet-sqlclient-ci-project-reference-pipeline.yml index 628295dca9..cdb558d709 100644 --- a/eng/pipelines/dotnet-sqlclient-ci-project-reference-pipeline.yml +++ b/eng/pipelines/dotnet-sqlclient-ci-project-reference-pipeline.yml @@ -14,19 +14,21 @@ name: $(DayOfYear)$(Rev:rr) pr: branches: include: - - release/6.1 + - release/6.1 paths: include: - - .azuredevops - - .config - - doc - - eng - - src - - tools - - azurepipelines-coverage.yml - - build.proj - - NuGet.config + - .azuredevops + - .config + - doc + - eng + - src + - tools + - azurepipelines-coverage.yml + - build.proj + - NuGet.config + exclude: + - eng/pipelines/onebranch/* # Commit triggers for CI runs on specified branches. # @@ -37,8 +39,8 @@ trigger: batch: true branches: include: - - release/6.1 - - internal/release/6.1 + - release/6.1 + - internal/release/6.1 # Scheduled runs. schedules: @@ -48,7 +50,7 @@ schedules: displayName: Sunday Run branches: include: - - release/6.1 + - release/6.1 always: true # ADO on Sundays 05:00 UTC. @@ -56,7 +58,7 @@ schedules: displayName: Sunday Run branches: include: - - internal/release/6.1 + - internal/release/6.1 always: true parameters: # parameters are shown up in ADO UI in a build queue time @@ -123,7 +125,7 @@ parameters: # parameters are shown up in ADO UI in a build queue time default: 90 extends: - template: dotnet-sqlclient-ci-core.yml@self + template: /eng/pipelines/dotnet-sqlclient-ci-core.yml@self parameters: debug: ${{ parameters.debug }} targetFrameworks: ${{ parameters.targetFrameworks }} diff --git a/eng/pipelines/onebranch/jobs/build-akv-official-job.yml b/eng/pipelines/onebranch/jobs/build-akv-official-job.yml index b831b5ea32..53f1e94643 100644 --- a/eng/pipelines/onebranch/jobs/build-akv-official-job.yml +++ b/eng/pipelines/onebranch/jobs/build-akv-official-job.yml @@ -95,21 +95,21 @@ jobs: ob_outputDirectory: '$(ARTIFACT_PATH)' steps: - - template: ../steps/script-output-environment-variables-step.yml@self + - template: /eng/pipelines/onebranch/steps/script-output-environment-variables-step.yml@self - powershell: | $jsonParams = '${{ convertToJson(parameters) }}' -replace '\\', '\\' $jsonParams | ConvertFrom-Json | Format-List displayName: 'Output Job Parameters' - - template: ../steps/compound-build-akv-step.yml@self + - template: /eng/pipelines/onebranch/steps/compound-build-akv-step.yml@self parameters: assemblyFileVersion: '${{ parameters.assemblyFileVersion }}' buildConfiguration: '${{ parameters.buildConfiguration }}' mdsPackageVersion: '${{ parameters.mdsPackageVersion }}' - ${{ each targetFramework in parameters.targetFrameworks }}: - - template: ../steps/compound-extract-akv-apiscan-files-step.yml + - template: /eng/pipelines/onebranch/steps/compound-extract-akv-apiscan-files-step.yml parameters: buildConfiguration: '${{ parameters.buildConfiguration }}' dllPath: '${{ parameters.apiScanDllPath }}' @@ -117,18 +117,18 @@ jobs: referenceType: Package targetFramework: '${{ targetFramework }}' - - template: ../steps/roslyn-analyzers-akv-step.yml@self + - template: /eng/pipelines/onebranch/steps/roslyn-analyzers-akv-step.yml@self parameters: buildConfiguration: '${{ parameters.buildConfiguration }}' mdsPackageVersion: '${{ parameters.mdsPackageVersion }}' signingKeyPath: '$(Agent.TempDirectory)/netfxKeypair.snk' - ${{ if eq(parameters.isOfficialBuild, true) }}: - - template: ../steps/esrp-code-signing-step.yml@self + - template: /eng/pipelines/onebranch/steps/esrp-code-signing-step.yml@self parameters: artifactType: 'dll' - - template: ../steps/compound-nuget-pack-step.yml@self + - template: /eng/pipelines/onebranch/steps/compound-nuget-pack-step.yml@self parameters: buildConfiguration: '${{ parameters.buildConfiguration }}' generateSymbolsPackage: true # Always generate symbols, even if they are not published @@ -138,12 +138,12 @@ jobs: referenceType: 'Package' - ${{ if eq(parameters.isOfficialBuild, true) }}: - - template: ../steps/esrp-code-signing-step.yml@self + - template: /eng/pipelines/onebranch/steps/esrp-code-signing-step.yml@self parameters: artifactType: pkg - ${{ if parameters.publishSymbols }}: - - template: ../steps/compound-publish-symbols-step.yml@self + - template: /eng/pipelines/onebranch/steps/compound-publish-symbols-step.yml@self parameters: artifactName: 'akv_symbols_$(System.TeamProject)_$(Build.Repository.Name)_$(Build.SourceBranchName)_${{ parameters.nugetPackageVersion }}_$(System.TimelineId)' azureSubscription: '${{ parameters.symbolsAzureSubscription }}' diff --git a/eng/pipelines/onebranch/jobs/build-signed-package-job.yml b/eng/pipelines/onebranch/jobs/build-signed-package-job.yml index a2b2da754f..4d337f9f68 100644 --- a/eng/pipelines/onebranch/jobs/build-signed-package-job.yml +++ b/eng/pipelines/onebranch/jobs/build-signed-package-job.yml @@ -37,7 +37,7 @@ jobs: type: windows # read more about custom job pool types at https://aka.ms/obpipelines/yaml/jobs variables: - - template: ../variables/variables.yml@self + - template: /eng/pipelines/onebranch/variables/variables.yml@self - ${{ if parameters.isPreview }}: - name: NugetPackageVersion value: $(PreviewNugetPackageVersion) @@ -50,14 +50,14 @@ jobs: Write-Host "##vso[task.setvariable variable=CDP_BUILD_TYPE_COPY;isOutput=true]$($env:CDP_BUILD_TYPE)" name: GetBuildType - - template: ../steps/build-all-configurations-signed-dlls-step.yml@self + - template: /eng/pipelines/onebranch/steps/build-all-configurations-signed-dlls-step.yml@self - - template: ../steps/code-analyze-step.yml@self + - template: /eng/pipelines/onebranch/steps/code-analyze-step.yml@self parameters: analyzeType: all - ${{ if eq(parameters['isOfficialBuild'], true) }}: - - template: ../steps/esrp-code-signing-step.yml@self + - template: /eng/pipelines/onebranch/steps/esrp-code-signing-step.yml@self parameters: artifactType: dll @@ -66,18 +66,18 @@ jobs: OutputDirectory: $(artifactDirectory) - ${{ if eq(parameters['isOfficialBuild'], true) }}: - - template: ../steps/esrp-code-signing-step.yml@self + - template: /eng/pipelines/onebranch/steps/esrp-code-signing-step.yml@self parameters: artifactType: pkg - - template: ../steps/copy-dlls-for-test-step.yml@self + - template: /eng/pipelines/onebranch/steps/copy-dlls-for-test-step.yml@self parameters: product: MDS symbolsFolder: ${{ parameters['symbolsFolder'] }} softwareFolder: ${{ parameters['softwareFolder'] }} # Publish symbols to servers - - template: ../steps/publish-symbols-step.yml@self + - template: /eng/pipelines/onebranch/steps/publish-symbols-step.yml@self parameters: publishSymbols: ${{ parameters['publishSymbols'] }} symbolServer: ${{ parameters['symbolServer'] }} diff --git a/eng/pipelines/onebranch/jobs/validate-signed-package-job.yml b/eng/pipelines/onebranch/jobs/validate-signed-package-job.yml index 88b15dd8d5..e01588b235 100644 --- a/eng/pipelines/onebranch/jobs/validate-signed-package-job.yml +++ b/eng/pipelines/onebranch/jobs/validate-signed-package-job.yml @@ -52,7 +52,7 @@ jobs: vmImage: 'ADO-MMS22-SQL19' variables: # More settings at https://aka.ms/obpipelines/yaml/jobs - - template: ../variables/mds-validation-variables.yml@self + - template: /eng/pipelines/onebranch/variables/mds-validation-variables.yml@self - name: pathToDownloadedNuget # path to the downloaded nuget files value: $(Pipeline.Workspace)\${{parameters.packageFolderName }} diff --git a/eng/pipelines/onebranch/sqlclient-non-official.yml b/eng/pipelines/onebranch/sqlclient-non-official.yml index f10976eeaa..ea1f35dfed 100644 --- a/eng/pipelines/onebranch/sqlclient-non-official.yml +++ b/eng/pipelines/onebranch/sqlclient-non-official.yml @@ -5,20 +5,17 @@ ################################################################################# name: $(Year:YY)$(DayOfYear)$(Rev:.r) -trigger: + +trigger: none +pr: none + +schedules: +- cron: '0 4 * * Mon' + displayName: Weekly Sunday 09:00 PM (UTC - 7) Build branches: include: - - internal/release/6.1 - paths: - include: - - src - - eng - - tools - - .config - - build.proj - - Nuget.config - - '*.cmd' - - '*.sh' + - internal/release/6.1 + always: true parameters: # parameters are shown up in ADO UI in a build queue time - name: 'debug' @@ -92,7 +89,7 @@ variables: value: $(akvPackageVersion) resources: - repositories: + repositories: - repository: templates type: git name: OneBranch.Pipelines/GovernedTemplates @@ -134,7 +131,7 @@ extends: break: true # always break the build on policheck issues. You can disable it by setting to 'false' exclusionsFile: $(REPOROOT)\.config\PolicheckExclusions.xml asyncSdl: - enabled: false + enabled: false credscan: enabled: ${{ not(parameters['isPreview']) }} suppressionsFile: $(REPOROOT)/.config/CredScanSuppressions.json diff --git a/eng/pipelines/onebranch/sqlclient-official.yml b/eng/pipelines/onebranch/sqlclient-official.yml index 29bf7b7ab1..e41917d95c 100644 --- a/eng/pipelines/onebranch/sqlclient-official.yml +++ b/eng/pipelines/onebranch/sqlclient-official.yml @@ -5,27 +5,16 @@ ################################################################################# name: $(Year:YY)$(DayOfYear)$(Rev:.r) -trigger: - branches: - include: - - internal/release/6.1 - paths: - include: - - src - - eng - - tools - - .config - - build.proj - - Nuget.config - - '*.cmd' - - '*.sh' + +trigger: none +pr: none schedules: - cron: '0 5 * * Mon' displayName: Weekly Sunday 10:00 PM (UTC - 7) Build branches: include: - - internal/release/6.1 + - internal/release/6.1 always: true parameters: # parameters are shown up in ADO UI in a build queue time @@ -100,7 +89,7 @@ variables: value: $(akvPackageVersion) resources: - repositories: + repositories: - repository: templates type: git name: OneBranch.Pipelines/GovernedTemplates @@ -141,7 +130,7 @@ extends: break: true # always break the build on policheck issues. You can disable it by setting to 'false' exclusionsFile: $(REPOROOT)\.config\PolicheckExclusions.xml asyncSdl: - enabled: false + enabled: false credscan: enabled: ${{ not(parameters['isPreview']) }} suppressionsFile: $(REPOROOT)/.config/CredScanSuppressions.json @@ -218,7 +207,7 @@ extends: signingEsrpClientId: $(SigningEsrpClientId) signingEsrpConnectedServiceName: $(SigningEsrpConnectedServiceName) symbolsAzureSubscription: $(SymbolsAzureSubscription) - # @TODO: Should there be a project name registered for AKV provider project, + # @TODO: Should there be a project name registered for AKV provider project, # or should they go under the same project as SQL Client? symbolsPublishProjectName: $(SymbolsPublishProjectNameSqlClient) symbolsPublishServer: $(SymbolsPublishServerProd) diff --git a/eng/pipelines/onebranch/variables/build-variables.yml b/eng/pipelines/onebranch/variables/build-variables.yml index 3dd87fe7d7..15da600d01 100644 --- a/eng/pipelines/onebranch/variables/build-variables.yml +++ b/eng/pipelines/onebranch/variables/build-variables.yml @@ -5,5 +5,5 @@ ################################################################################# variables: - - template: common-variables.yml@self - - template: mds-variables.yml@self + - template: /eng/pipelines/onebranch/variables/common-variables.yml@self + - template: /eng/pipelines/onebranch/variables/mds-variables.yml@self diff --git a/eng/pipelines/onebranch/variables/common-variables.yml b/eng/pipelines/onebranch/variables/common-variables.yml index b17a653acd..b7bc1cecdb 100644 --- a/eng/pipelines/onebranch/variables/common-variables.yml +++ b/eng/pipelines/onebranch/variables/common-variables.yml @@ -26,16 +26,8 @@ variables: - name: artifactDirectory value: '$(REPOROOT)/packages' - # Update this after every release. This is used to generate the MDS NuGet package version. - - name: Major - value: '6' - - name: Minor - value: '1' - - name: Patch - value: '5' - - name: NugetPackageVersion - value: $(Major).$(Minor).$(Patch) + value: '6.1.5' # Since we're on the release/6.1 branch, there will never be another legitimate preview release. # However, we routinely want to run preview builds to test other changes, so we continue to @@ -99,7 +91,7 @@ variables: # # Credentials for publishing symbols to symbol servers. - group: 'symbols-variables-v3' - # SymbolsAzureSubscription + # SymbolsAzureSubscription # SymbolsPublishProjectNameSqlClient # SymbolsPublishProjectNameSni # SymbolsPublishServerProd diff --git a/eng/pipelines/onebranch/variables/mds-validation-variables.yml b/eng/pipelines/onebranch/variables/mds-validation-variables.yml index d7723a059f..cf37d543a2 100644 --- a/eng/pipelines/onebranch/variables/mds-validation-variables.yml +++ b/eng/pipelines/onebranch/variables/mds-validation-variables.yml @@ -5,8 +5,8 @@ ################################################################################# variables: - - template: common-variables.yml@self - - template: mds-variables.yml@self + - template: /eng/pipelines/onebranch/variables/common-variables.yml@self + - template: /eng/pipelines/onebranch/variables/mds-variables.yml@self - name: TempFolderName # extract the nuget package here value: temp diff --git a/eng/pipelines/onebranch/variables/variables.yml b/eng/pipelines/onebranch/variables/variables.yml index 57894459d3..1b58903f4b 100644 --- a/eng/pipelines/onebranch/variables/variables.yml +++ b/eng/pipelines/onebranch/variables/variables.yml @@ -5,7 +5,7 @@ ################################################################################# variables: - - template: build-variables.yml@self + - template: /eng/pipelines/onebranch/variables/build-variables.yml@self # onebranch template variables - name: ob_outputDirectory value: '$(artifactDirectory)' # this directory is uploaded to pipeline artifacts, reddog and cloudvault. More info at https://aka.ms/obpipelines/artifacts diff --git a/eng/pipelines/stages/stress-tests-ci-stage.yml b/eng/pipelines/stages/stress-tests-ci-stage.yml index 396f8fd4cd..b3c714e368 100644 --- a/eng/pipelines/stages/stress-tests-ci-stage.yml +++ b/eng/pipelines/stages/stress-tests-ci-stage.yml @@ -139,7 +139,7 @@ stages: # -------------------------------------------------------------------------- # Build and test on Linux. - - template: ../jobs/stress-tests-ci-job.yml@self + - template: /eng/pipelines/jobs/stress-tests-ci-job.yml@self parameters: jobNameSuffix: linux displayNamePrefix: Linux @@ -160,7 +160,7 @@ stages: # -------------------------------------------------------------------------- # Build and test on Windows - - template: ../jobs/stress-tests-ci-job.yml + - template: /eng/pipelines/jobs/stress-tests-ci-job.yml parameters: jobNameSuffix: windows displayNamePrefix: Win @@ -186,7 +186,7 @@ stages: # -------------------------------------------------------------------------- # Build and test on macOS. - - template: ../jobs/stress-tests-ci-job.yml + - template: /eng/pipelines/jobs/stress-tests-ci-job.yml parameters: jobNameSuffix: macos displayNamePrefix: macOS From c50a58e38f91bd7847e0e2bd6e2ee79b47b2956b Mon Sep 17 00:00:00 2001 From: Cheena Malhotra Date: Thu, 23 Apr 2026 12:24:20 -0700 Subject: [PATCH 14/15] Add variables back Co-authored-by: Copilot --- eng/pipelines/onebranch/variables/common-variables.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/eng/pipelines/onebranch/variables/common-variables.yml b/eng/pipelines/onebranch/variables/common-variables.yml index b7bc1cecdb..946740a35a 100644 --- a/eng/pipelines/onebranch/variables/common-variables.yml +++ b/eng/pipelines/onebranch/variables/common-variables.yml @@ -26,8 +26,15 @@ variables: - name: artifactDirectory value: '$(REPOROOT)/packages' + - name: Major + value: '6' + - name: Minor + value: '1' + - name: Patch + value: '5' + - name: NugetPackageVersion - value: '6.1.5' + value: '$(Major).$(Minor).$(Patch)' # Since we're on the release/6.1 branch, there will never be another legitimate preview release. # However, we routinely want to run preview builds to test other changes, so we continue to From a8c4f018bff073d82d7cb8319bfe935d54561d70 Mon Sep 17 00:00:00 2001 From: Cheena Malhotra Date: Thu, 23 Apr 2026 14:07:27 -0700 Subject: [PATCH 15/15] Touch-ups Co-authored-by: Copilot --- eng/pipelines/onebranch/sqlclient-non-official.yml | 1 + eng/pipelines/onebranch/sqlclient-official.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/eng/pipelines/onebranch/sqlclient-non-official.yml b/eng/pipelines/onebranch/sqlclient-non-official.yml index ea1f35dfed..45e2858be7 100644 --- a/eng/pipelines/onebranch/sqlclient-non-official.yml +++ b/eng/pipelines/onebranch/sqlclient-non-official.yml @@ -171,6 +171,7 @@ extends: parameters: packageFolderName: $(packageFolderName) isPreview: ${{ parameters['isPreview'] }} + isOfficialBuild: false downloadPackageStep: download: current artifact: $(packageFolderName) diff --git a/eng/pipelines/onebranch/sqlclient-official.yml b/eng/pipelines/onebranch/sqlclient-official.yml index e41917d95c..c07958cf0c 100644 --- a/eng/pipelines/onebranch/sqlclient-official.yml +++ b/eng/pipelines/onebranch/sqlclient-official.yml @@ -200,6 +200,7 @@ extends: nugetPackageVersion: $(effectiveAkvPackageVersion) mdsPackageVersion: $(akvMdsPackageVersion) publishSymbols: ${{ parameters['publishSymbols'] }} + isOfficialBuild: true signingAppRegistrationClientId: $(SigningAppRegistrationClientId) signingAppRegistrationTenantId: $(SigningAppRegistrationTenantId) signingAuthAkvName: $(SigningAuthAkvName)