Addressed Copilot comments, and fixed some runtime bugs.

Author: paulmedynski

eng/pipelines/common/templates/jobs/run-tests-package-reference-job.yml

@@ -46,6 +46,8 @@ jobs:
 
   - template: /eng/pipelines/common/templates/steps/update-config-file-step.yml
     parameters:
+      # We use the Library $(Password) variable as the SA password in this pipeline.
+      saPassword: $(Password)
       TCPConnectionString: $(SQL_TCP_CONN_STRING)
       NPConnectionString: $(SQL_NP_CONN_STRING)
       SupportsIntegratedSecurity: false

eng/pipelines/common/templates/steps/configure-sql-server-linux-step.yml

@@ -20,6 +20,12 @@ parameters:
 
 steps:
 
+  # Emit the SA password, if desired.
+  - ${{ if eq(parameters.debug, true) }}:
+    - bash: |
+        echo "SA password: ${{ parameters.saPassword }}"
+      displayName: '[Debug] Emit SA password'
+
   # Configure SQL Server.
   - bash: |
       sudo systemctl stop mssql-server

eng/pipelines/common/templates/steps/configure-sql-server-macos-step.yml

@@ -18,6 +18,13 @@ parameters:
     type: string
 
 steps:
+
+  # Emit the SA password, if desired.
+  - ${{ if eq(parameters.debug, true) }}:
+    - bash: |
+        echo "SA password: ${{ parameters.saPassword }}"
+      displayName: '[Debug] Emit SA password'
+
   # Configure SQL Server.  This includes installing Docker and the SQLCMD tools, starting a SQL
   # Server container, and verifying we can connect to it.
   - bash: |
@@ -45,10 +52,6 @@ steps:
       # Password for the SA user (required)
       MSSQL_SA_PW="${{ parameters.saPassword }}"
 
-      if [ "${{ parameters.debug }}" = "True" ]; then
-        echo "SA password: $MSSQL_SA_PW"
-      fi
-
       docker run -e "ACCEPT_EULA=Y" -e "MSSQL_SA_PASSWORD=$MSSQL_SA_PW" -p 1433:1433 -p 1434:1434 --name sql1 --hostname sql1 -d mcr.microsoft.com/mssql/server:2022-latest
 
       sleep 5
@@ -78,7 +81,7 @@ steps:
 
         echo "Waiting for SQL Server to start (attempt #$attempt of $maxAttempts)..."
 
-        sqlcmd -S 127.0.0.1 -No -U sa -P $MSSQL_SA_PW -Q "SELECT @@VERSION" >> $SQLCMD_ERRORS 2>&1
+        sqlcmd -S 127.0.0.1 -No -U sa -P "$MSSQL_SA_PW" -Q "SELECT @@VERSION" >> $SQLCMD_ERRORS 2>&1
 
         # If the command was successful, then the SQL Server is ready.
         if [ $? -eq 0 ]; then
@@ -108,18 +111,18 @@ steps:
 
       echo "Use sqlcmd to show which IP addresses are being listened on..."
       echo 0.0.0.0
-      sqlcmd -S 0.0.0.0 -No -U sa -P $MSSQL_SA_PW -Q "SELECT @@VERSION" -l 2
+      sqlcmd -S 0.0.0.0 -No -U sa -P "$MSSQL_SA_PW" -Q "SELECT @@VERSION" -l 2
       echo 127.0.0.1
-      sqlcmd -S 127.0.0.1 -No -U sa -P $MSSQL_SA_PW -Q "SELECT @@VERSION" -l 2
+      sqlcmd -S 127.0.0.1 -No -U sa -P "$MSSQL_SA_PW" -Q "SELECT @@VERSION" -l 2
       echo ::1
-      sqlcmd -S ::1 -No -U sa -P $MSSQL_SA_PW -Q "SELECT @@VERSION" -l 2
+      sqlcmd -S ::1 -No -U sa -P "$MSSQL_SA_PW" -Q "SELECT @@VERSION" -l 2
       echo localhost
-      sqlcmd -S localhost -No -U sa -P $MSSQL_SA_PW -Q "SELECT @@VERSION" -l 2
+      sqlcmd -S localhost -No -U sa -P "$MSSQL_SA_PW" -Q "SELECT @@VERSION" -l 2
       echo "(sqlcmd default / not specified)"
-      sqlcmd -No -U sa -P $MSSQL_SA_PW -Q "SELECT @@VERSION" -l 2
+      sqlcmd -No -U sa -P "$MSSQL_SA_PW" -Q "SELECT @@VERSION" -l 2
 
       echo "Configuring Dedicated Administer Connections to allow remote connections..."
-      sqlcmd -S 127.0.0.1 -No -U sa -P $MSSQL_SA_PW -Q "sp_configure 'remote admin connections', 1; RECONFIGURE;"
+      sqlcmd -S 127.0.0.1 -No -U sa -P "$MSSQL_SA_PW" -Q "sp_configure 'remote admin connections', 1; RECONFIGURE;"
       if [ $? = 1 ]
       then
         echo "Error configuring DAC for remote access."

eng/pipelines/common/templates/steps/configure-sql-server-win-step.yml

@@ -68,7 +68,13 @@ parameters:
 
 steps:
 
-  - powershell: |
+  # Emit the SA password, if desired.
+  - ${{ if eq(parameters.debug, true) }}:
+    - pwsh: |
+        Write-Host "SA password: ${{ parameters.saPassword }}"
+      displayName: '[Debug] Emit SA password'
+
+  - pwsh: |
       try
       {
       # enable TCP
@@ -102,7 +108,7 @@ steps:
     displayName: 'Enable TCP, NP & Firewall [Win]'
     retryCountOnTaskFailure: 2
 
-  - powershell: |
+  - pwsh: |
       $password = "${{ parameters.saPassword }}"
 
       if ("${{ parameters.debug }}" -eq "True")
@@ -146,7 +152,7 @@ steps:
       SQL_PASSWD: ${{ parameters.saPassword }}
 
   - ${{ if ne(parameters.SQLRootPath, '') }}:
-    - powershell: |
+    - pwsh: |
         #Enable FileStream
         $instance = "${{parameters.instanceName }}"
         $wmi = Get-WmiObject -Namespace "${{parameters.SQLRootPath }}" -Class FilestreamSettings | where {$_.InstanceName -eq $instance}
@@ -171,13 +177,13 @@ steps:
         SQL_PASSWD: ${{ parameters.saPassword }}
 
   - ${{ if ne(parameters.FileStreamDirectory, '') }}:
-    - powershell: |
+    - pwsh: |
         New-Item -Path ${{ parameters.fileStreamDirectory }} -ItemType Directory
       displayName: 'Create FileStreamFolder'
       retryCountOnTaskFailure: 1
       continueOnError: true
 
-  - powershell: |
+  - pwsh: |
       $SQLServerName = ("{0}" -f [System.Net.Dns]::GetHostByName($env:computerName).HostName)
       Write-Host  FQDN is: $SQLServerName
 
@@ -195,7 +201,7 @@ steps:
       New-ItemProperty -Path ${{parameters.x64AliasRegistryPath }} -Name ${{parameters.SQLAliasName }} -PropertyType string -Value $TCPAliasName
     displayName: 'Setup SQL Alias [Win]'
 
-  - powershell: |
+  - pwsh: |
       # Create Certificate
       $computerDnsName = [System.Net.Dns]::Resolve($null).HostName
       $certificate = New-SelfSignedCertificate -DnsName $computerDnsName,localhost -CertStoreLocation cert:\LocalMachine\My -FriendlyName test99 -KeySpec KeyExchange
@@ -232,7 +238,7 @@ steps:
       }
     displayName: 'Add SQL Certificate [Win]'
 
-  - powershell: |
+  - pwsh: |
       # You need to restart SQL Server for the change to persist
       # -Force takes care of any dependent services, like SQL Agent.
       # Note: if the instance is named, replace MSSQLSERVER with MSSQL$ followed by
@@ -251,7 +257,7 @@ steps:
 
     displayName: 'Restart SQL Server [Win]'
 
-  - powershell: |
+  - pwsh: |
       $arrService = Get-Service -Name "SQLBrowser"
       $arrService
 
@@ -271,7 +277,7 @@ steps:
     displayName: 'Start Sql Server Browser [Win]'
 
   - ${{ if parameters.enableLocalDB }}:
-    - powershell: |
+    - pwsh: |
         #script to enable local db
 
         SqlLocalDB info

eng/pipelines/jobs/test-azure-package-ci-job.yml

@@ -274,7 +274,7 @@ jobs:
 
       # List the DLLs in the output directory for debugging purposes.
       - ${{ if eq(parameters.debug, true) }}:
-        - pwsh: >
+        - pwsh: >-
             Get-ChildItem
               -Path "src/Microsoft.Data.SqlClient.Extensions/Azure/test/bin/${{ parameters.buildConfiguration }}"
               -Recurse

eng/pipelines/stages/generate-secrets-ci-stage.yml

@@ -18,7 +18,12 @@
 # Any stages that use these secrets must depend on this stage:
 #
 #   secrets_stage
-
+#
+# None of the values produced here are actual secrets - they are just random values that are
+# suitable for testing purposes, and do not need to be protected.  For simplicity, they are emitted
+# as regular output variables of script steps, are not formally marked as secrets, and not stored in
+# the Azure DevOps Library or Key Vault.
+#
 parameters:
 
   # True to emit debugging steps and messages.
@@ -40,7 +45,7 @@ stages:
         displayName: Generate Secrets
         pool:
           # We don't need anything special, so use the standard Microsoft-hosted Ubuntu image, which
-          # is typcally very fast to spin up.
+          # is typically very fast to spin up.
           vmImage: ubuntu-latest
 
         steps:
@@ -62,4 +67,4 @@ stages:
           - ${{ if eq(parameters.debug, true) }}:
             - bash: |
                 echo "SA password: $(SaPassword.Value)"
-              displayName: Emit SA password
+              displayName: '[Debug] Emit SA password'