Skip to content

Forked Pipeline SA Password Test#3952

Merged
paulmedynski merged 13 commits intodotnet:dev/paul/db-passwordfrom
paulmedynski:dev/paul/db-password
Feb 12, 2026
Merged

Forked Pipeline SA Password Test#3952
paulmedynski merged 13 commits intodotnet:dev/paul/db-passwordfrom
paulmedynski:dev/paul/db-password

Conversation

@paulmedynski
Copy link
Contributor

@paulmedynski paulmedynski commented Feb 11, 2026
edited
Loading

This PR changes how forked repos acquire the SA password used to configure local SQL Server instances. It tests the pipeline runs from a forked repo, and will be merged to a normal dev branch before being properly reviewed and merged to main.

@paulmedynski
Update README with fork PR pipeline note
179f858 
Added a note about testing fork PR pipeline runs.
Copilot AI review requested due to automatic review settings February 11, 2026 17:40
@paulmedynski
Add no-op edit to build.proj
2888148 
Added a comment to trigger PR pipelines.
Copilot AI reviewed Feb 11, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR is a dummy change intended to validate how CI behaves for pull requests opened from forks.

Changes:

  • Adds a placeholder line to README.md to create a diff and trigger fork PR pipeline execution.

@paulmedynski paulmedynski mentioned this pull request Feb 11, 2026
Open
Copilot AI review requested due to automatic review settings February 11, 2026 18:46
Copilot AI reviewed Feb 11, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

@paulmedynski
- Now generating secrets for the entire pipeline.
c54fbf3 
- Plumbed saPassword down through all of the stages, jobs, and steps that need it.
- No more global $(Password) variable.
@paulmedynski
Added debugging to see the generated secrets at generation time, and …
d4d4ec9 
…at use time.
Copilot AI review requested due to automatic review settings February 11, 2026 20:53
Copilot AI reviewed Feb 11, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 13 out of 13 changed files in this pull request and generated 9 comments.

Copilot AI review requested due to automatic review settings February 11, 2026 22:55
Copilot AI reviewed Feb 11, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 14 out of 14 changed files in this pull request and generated 7 comments.

Copilot AI review requested due to automatic review settings February 12, 2026 02:15
Copilot AI reviewed Feb 12, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 15 out of 15 changed files in this pull request and generated 1 comment.

@codecov
Copy link

codecov bot commented Feb 12, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 66.98%. Comparing base (06b5810) to head (f428d91).
⚠️ Report is 1 commits behind head on dev/paul/db-password.

Additional details and impacted files 
@@                   Coverage Diff                    @@
##           dev/paul/db-password    #3952      +/-   ##
========================================================
- Coverage                 67.23%   66.98%   -0.26%     
========================================================
  Files                       260      260              
  Lines                     65704    65704              
========================================================
- Hits                      44176    44010     -166     
- Misses                    21528    21694     +166
Flag Coverage Δ
netcore 67.27% <ø> (-0.29%) ⬇️
netfx 65.83% <ø> (-0.23%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@paulmedynski paulmedynski marked this pull request as ready for review February 12, 2026 10:34
@paulmedynski paulmedynski requested a review from a team as a code owner February 12, 2026 10:34
Copilot AI review requested due to automatic review settings February 12, 2026 10:34
@paulmedynski paulmedynski changed the title [DO NOT MERGE] Forked Pipeline Test Forked Pipeline SA Password Test Feb 12, 2026
@paulmedynski paulmedynski merged commit a567b28 into dotnet:dev/paul/db-password Feb 12, 2026
155 of 298 checks passed
@paulmedynski paulmedynski deleted the dev/paul/db-password branch February 12, 2026 10:37
Copilot AI reviewed Feb 12, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 15 out of 15 changed files in this pull request and generated 3 comments.

Comments suppressed due to low confidence (1)

eng/pipelines/stages/build-azure-package-ci-stage.yml:233

  • This call passes sqlRootPath, but configure-sql-server-win-step.yml defines the parameter as SQLRootPath. As written, the template will fall back to the default (empty) and skip SQLRootPath-dependent setup (e.g., FileStream). Rename the argument key to match the template parameter.
                # These variables are from an Azure DevOps Library variable
                # group.
                fileStreamDirectory: $(FileStreamDirectory)
                sqlRootPath: $(SQL22RootPath)
          # The ADO-MMS22-SQL22 image includes a local SQL Server that supports

eng/pipelines/common/templates/steps/configure-sql-server-macos-step.yml
Comment on lines +28 to 46
# Configure the prompt to show the current timestamp so we can see how long each command takes.
export PS4='+ [$(date "+%Y-%m-%d %H:%M:%S")] '
set -x

# Password for the SA user (required)
MSSQL_SA_PW="$(Password)"
# Install Docker and SQLCMD tools.
brew install colima
brew install --cask docker
brew tap microsoft/mssql-release https://github.com/Microsoft/homebrew-mssql-release
brew update
HOMEBREW_ACCEPT_EULA=Y brew install mssql-tools18
colima start --arch x86_64
docker --version
docker pull mcr.microsoft.com/mssql/server:2022-latest

docker run -e "ACCEPT_EULA=Y" -e "MSSQL_SA_PASSWORD=$MSSQL_SA_PW" -p 1433:1433 -p 1434:1434 --name sql1 --hostname sql1 -d mcr.microsoft.com/mssql/server:2022-latest
# Password for the SA user (required)
MSSQL_SA_PW="${{ parameters.saPassword }}"

sleep 5
docker run -e "ACCEPT_EULA=Y" -e "MSSQL_SA_PASSWORD=$MSSQL_SA_PW" -p 1433:1433 -p 1434:1434 --name sql1 --hostname sql1 -d mcr.microsoft.com/mssql/server:2022-latest

Copy link

Copilot AI Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This script enables set -x before running commands that include the SA password (e.g., docker run ... MSSQL_SA_PASSWORD=... and sqlcmd -P ...), which will echo the expanded password into logs. Disable xtrace around password-bearing commands and/or source the password from a masked secret variable.

Copilot uses AI. Check for mistakes.
eng/pipelines/common/templates/steps/configure-sql-server-win-step.yml
SQL_USER: ${{parameters.user }}
SQL_PASSWD: ${{ parameters.saPassword }}

- ${{ if ne(parameters.FileStreamDirectory, '') }}:
Copy link

Copilot AI Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The FileStream directory block checks parameters.FileStreamDirectory, but this template defines fileStreamDirectory (lowercase f). This will either fail template expansion (unknown parameter) or skip the step unexpectedly. Update the condition to use the correct parameter name.

Suggested change
- ${{ if ne(parameters.FileStreamDirectory, '') }}:
- ${{ if ne(parameters.fileStreamDirectory, '') }}:

Copilot uses AI. Check for mistakes.
eng/pipelines/sqlclient-pr-project-ref-pipeline.yml
Comment on lines +133 to +135
# TODO: Temporaryily forcing debug for forked repo pipeline runs.
# debug: ${{ parameters.debug }}
debug: true
Copy link

Copilot AI Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

debug is hard-coded to true, which ignores the pipeline parameter and will force extra debug steps/logging on all PR runs. If this is only for temporary fork testing, gate it behind a parameter/condition (e.g., only when System.PullRequest.IsFork is true) or revert before merging.

Suggested change
# TODO: Temporaryily forcing debug for forked repo pipeline runs.
# debug: ${{ parameters.debug }}
debug: true
debug: ${{ parameters.debug }}

Copilot uses AI. Check for mistakes.
paulmedynski added a commit that referenced this pull request Feb 12, 2026
@paulmedynski
Forked Pipeline SA Password Test (#3952)
0948c0b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@paulmedynski