diff --git a/eng/pipelines/common/templates/steps/esrp-code-signing-step.yml b/eng/pipelines/common/templates/steps/esrp-code-signing-step.yml index e9d62ad074..b2f6261f32 100644 --- a/eng/pipelines/common/templates/steps/esrp-code-signing-step.yml +++ b/eng/pipelines/common/templates/steps/esrp-code-signing-step.yml @@ -52,7 +52,7 @@ steps: EsrpClientId: '${{parameters.EsrpClientId }}' UseMSIAuthentication: true FolderPath: '${{parameters.sourceRoot }}' - Pattern: '*.dll' + Pattern: 'Microsoft.Data.SqlClient*.dll' CleanupTempStorage: 1 VerboseLogin: 1 - task: EsrpCodeSigning@5 @@ -66,7 +66,7 @@ steps: AuthAKVName: '${{parameters.AuthAKVName }}' AuthSignCertName: '${{parameters.AuthSignCertName }}' FolderPath: '${{parameters.sourceRoot }}' - Pattern: '*.dll' + Pattern: 'Microsoft.Data.SqlClient*.dll' signConfigType: inlineSignParams inlineOperation: | [ diff --git a/eng/pipelines/jobs/build-akv-official-job.yml b/eng/pipelines/jobs/build-akv-official-job.yml index 5ce8376845..5ccf032d32 100644 --- a/eng/pipelines/jobs/build-akv-official-job.yml +++ b/eng/pipelines/jobs/build-akv-official-job.yml @@ -109,15 +109,15 @@ jobs: buildConfiguration: '${{ parameters.buildConfiguration }}' mdsPackageVersion: '${{ parameters.mdsPackageVersion }}' - - template: ../steps/compound-esrp-code-signing-step.yml@self + - template: /eng/pipelines/steps/compound-esrp-dll-signing-step.yml@self parameters: appRegistrationClientId: '${{ parameters.signingAppRegistrationClientId }}' appRegistrationTenantId: '${{ parameters.signingAppRegistrationTenantId }}' - artifactType: 'dll' authAkvName: '${{ parameters.signingAuthAkvName }}' authSignCertName: '${{ parameters.signingAuthSignCertName }}' esrpClientId: '${{ parameters.signingEsrpClientId }}' esrpConnectedServiceName: '${{ parameters.signingEsrpConnectedServiceName }}' + pattern: 'Microsoft.Data.SqlClient.AlwaysEncrypted.*.dll' - template: ../steps/compound-nuget-pack-step.yml@self parameters: @@ -128,11 +128,10 @@ jobs: outputDirectory: '$(ARTIFACT_PATH)' referenceType: 'Package' - - template: ../steps/compound-esrp-code-signing-step.yml@self + - template: /eng/pipelines/steps/compound-esrp-nuget-signing-step.yml@self parameters: appRegistrationClientId: '${{ parameters.signingAppRegistrationClientId }}' appRegistrationTenantId: '${{ parameters.signingAppRegistrationTenantId }}' - artifactType: 'pkg' authAkvName: '${{ parameters.signingAuthAkvName }}' authSignCertName: '${{ parameters.signingAuthSignCertName }}' esrpClientId: '${{ parameters.signingEsrpClientId }}' diff --git a/eng/pipelines/steps/compound-esrp-code-signing-step.yml b/eng/pipelines/steps/compound-esrp-code-signing-step.yml deleted file mode 100644 index 1eedc78c48..0000000000 --- a/eng/pipelines/steps/compound-esrp-code-signing-step.yml +++ /dev/null @@ -1,145 +0,0 @@ -################################################################################# -# Licensed to the .NET Foundation under one or more agreements. # -# The .NET Foundation licenses this file to you under the MIT license. # -# See the LICENSE file in the project root for more information. # -################################################################################# - -parameters: - - name: appRegistrationClientId - type: string - - - name: appRegistrationTenantId - type: string - - - # Name of the Azure Key Vault to retrieve certificates from. - # note: This has nothing to do with the AKV provider package. - name: authAkvName - type: string - - - name: authSignCertName - type: string - - - name: artifactType - type: string - values: - - dll - - pkg - - - name: esrpConnectedServiceName - type: string - - - name: esrpClientId - type: string - -steps: - - ${{ if eq(parameters.artifactType, 'dll') }}: - - task: EsrpMalwareScanning@5 - displayName: 'ESRP Malware Scanning Code' - inputs: - AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' - AppRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}' - CleanupTempStorage: 1 - ConnectedServiceName: '${{ parameters.esrpConnectedServiceName }}' - EsrpClientId: '${{ parameters.esrpClientId }}' - FolderPath: '$(BUILD_OUTPUT)' - Pattern: '*.dll' - UseMSIAuthentication: true - VerboseLogin: 1 - - - task: EsrpCodeSigning@5 - displayName: 'ESRP Signing Code' - inputs: - AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' - AppRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}' - AuthAKVName: '${{ parameters.authAkvName }}' - AuthSignCertName: '${{ parameters.authSignCertName }}' - ConnectedServiceName: '${{ parameters.esrpConnectedServiceName }}' - EsrpClientId: '${{ parameters.esrpClientId }}' - FolderPath: '$(BUILD_OUTPUT)' - Pattern: '*.dll' - signConfigType: 'inlineSignParams' - UseMSIAuthentication: true - inlineOperation: | - [ - { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolSign", - "parameters": - [ - { - "parameterName": "OpusName", - "parameterValue": "Microsoft Data SqlClient Data Provider for SQL Server" - }, - { - "parameterName": "OpusInfo", - "parameterValue": "http://www.microsoft.com" - }, - { - "parameterName": "FileDigest", - "parameterValue": "/fd \"SHA256\"" - }, - { - "parameterName": "PageHash", - "parameterValue": "/NPH" - }, - { - "parameterName": "TimeStamp", - "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" - } - ], - "toolName": "sign", - "toolVersion": "1.0" - }, - { - "keyCode": "CP-230012", - "operationSetCode": "SigntoolVerify", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - } - ] - - - ${{ else }}: - - task: EsrpMalwareScanning@5 - displayName: 'ESRP Malware Scanning NuGet Package' - inputs: - AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' - AppRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}' - CleanupTempStorage: 1 - ConnectedServiceName: '${{ parameters.esrpConnectedServiceName }}' - EsrpClientId: '${{ parameters.esrpClientId }}' - FolderPath: '$(ARTIFACT_PATH)' - Pattern: '*.*nupkg' - UseMSIAuthentication: true - VerboseLogin: 1 - - - task: EsrpCodeSigning@5 - displayName: 'ESRP Signing NuGet Package' - inputs: - AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' - AppRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}' - ConnectedServiceName: '${{ parameters.esrpConnectedServiceName }}' - EsrpClientId: '${{ parameters.esrpClientId }}' - AuthAKVName: '${{ parameters.authAkvName }}' - AuthSignCertName: '${{ parameters.authSignCertName }}' - FolderPath: '$(ARTIFACT_PATH)' - Pattern: '*.*nupkg' - signConfigType: 'inlineSignParams' - UseMSIAuthentication: true - inlineOperation: | - [ - { - "keyCode": "CP-401405", - "operationSetCode": "NuGetSign", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - }, - { - "keyCode": "CP-401405", - "operationSetCode": "NuGetVerify", - "parameters": [ ], - "toolName": "sign", - "toolVersion": "1.0" - } - ] diff --git a/eng/pipelines/steps/compound-esrp-dll-signing-step.yml b/eng/pipelines/steps/compound-esrp-dll-signing-step.yml new file mode 100644 index 0000000000..866ca15ee5 --- /dev/null +++ b/eng/pipelines/steps/compound-esrp-dll-signing-step.yml @@ -0,0 +1,98 @@ +################################################################################# +# Licensed to the .NET Foundation under one or more agreements. # +# The .NET Foundation licenses this file to you under the MIT license. # +# See the LICENSE file in the project root for more information. # +################################################################################# + +parameters: + - name: appRegistrationClientId + type: string + + - name: appRegistrationTenantId + type: string + + - # Name of the Azure Key Vault to retrieve certificates from. + # note: This has nothing to do with the AKV provider package. + name: authAkvName + type: string + + - name: authSignCertName + type: string + + - name: esrpConnectedServiceName + type: string + + - name: esrpClientId + type: string + + - # Globbing pattern for the files to sign. All files in $(BUILD_OUTPUT) and all subdirectories + # that match this pattern will be scanned and signed. This should end with ".dll". + name: pattern + type: string + +steps: + - task: EsrpMalwareScanning@5 + displayName: 'ESRP DLL Malware Scanning' + inputs: + AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' + AppRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}' + CleanupTempStorage: 1 + ConnectedServiceName: '${{ parameters.esrpConnectedServiceName }}' + EsrpClientId: '${{ parameters.esrpClientId }}' + FolderPath: '$(BUILD_OUTPUT)' + Pattern: '${{ parameters.pattern }}' + UseMSIAuthentication: true + VerboseLogin: 1 + + - task: EsrpCodeSigning@5 + displayName: 'ESRP DLL Signing' + inputs: + AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' + AppRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}' + AuthAKVName: '${{ parameters.authAkvName }}' + AuthSignCertName: '${{ parameters.authSignCertName }}' + ConnectedServiceName: '${{ parameters.esrpConnectedServiceName }}' + EsrpClientId: '${{ parameters.esrpClientId }}' + FolderPath: '$(BUILD_OUTPUT)' + Pattern: '${{ parameters.pattern }}' + signConfigType: 'inlineSignParams' + UseMSIAuthentication: true + inlineOperation: | + [ + { + "keyCode": "CP-230012", + "operationSetCode": "SigntoolSign", + "parameters": + [ + { + "parameterName": "OpusName", + "parameterValue": "Microsoft Data SqlClient Data Provider for SQL Server" + }, + { + "parameterName": "OpusInfo", + "parameterValue": "http://www.microsoft.com" + }, + { + "parameterName": "FileDigest", + "parameterValue": "/fd \"SHA256\"" + }, + { + "parameterName": "PageHash", + "parameterValue": "/NPH" + }, + { + "parameterName": "TimeStamp", + "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256" + } + ], + "toolName": "sign", + "toolVersion": "1.0" + }, + { + "keyCode": "CP-230012", + "operationSetCode": "SigntoolVerify", + "parameters": [ ], + "toolName": "sign", + "toolVersion": "1.0" + } + ] diff --git a/eng/pipelines/steps/compound-esrp-nuget-signing-step.yml b/eng/pipelines/steps/compound-esrp-nuget-signing-step.yml new file mode 100644 index 0000000000..0d47b1f087 --- /dev/null +++ b/eng/pipelines/steps/compound-esrp-nuget-signing-step.yml @@ -0,0 +1,71 @@ +################################################################################# +# Licensed to the .NET Foundation under one or more agreements. # +# The .NET Foundation licenses this file to you under the MIT license. # +# See the LICENSE file in the project root for more information. # +################################################################################# + +parameters: + - name: appRegistrationClientId + type: string + + - name: appRegistrationTenantId + type: string + + - # Name of the Azure Key Vault to retrieve certificates from. + # note: This has nothing to do with the AKV provider package. + name: authAkvName + type: string + + - name: authSignCertName + type: string + + - name: esrpConnectedServiceName + type: string + + - name: esrpClientId + type: string + +steps: + - task: EsrpMalwareScanning@5 + displayName: 'ESRP Nuget Malware Scanning' + inputs: + AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' + AppRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}' + CleanupTempStorage: 1 + ConnectedServiceName: '${{ parameters.esrpConnectedServiceName }}' + EsrpClientId: '${{ parameters.esrpClientId }}' + FolderPath: '$(ARTIFACT_PATH)' + Pattern: '*.*nupkg' + UseMSIAuthentication: true + VerboseLogin: 1 + + - task: EsrpCodeSigning@5 + displayName: 'ESRP Signing NuGet Package' + inputs: + AppRegistrationClientId: '${{ parameters.appRegistrationClientId }}' + AppRegistrationTenantId: '${{ parameters.appRegistrationTenantId }}' + ConnectedServiceName: '${{ parameters.esrpConnectedServiceName }}' + EsrpClientId: '${{ parameters.esrpClientId }}' + AuthAKVName: '${{ parameters.authAkvName }}' + AuthSignCertName: '${{ parameters.authSignCertName }}' + FolderPath: '$(ARTIFACT_PATH)' + Pattern: '*.*nupkg' + signConfigType: 'inlineSignParams' + UseMSIAuthentication: true + inlineOperation: | + [ + { + "keyCode": "CP-401405", + "operationSetCode": "NuGetSign", + "parameters": [ ], + "toolName": "sign", + "toolVersion": "1.0" + }, + { + "keyCode": "CP-401405", + "operationSetCode": "NuGetVerify", + "parameters": [ ], + "toolName": "sign", + "toolVersion": "1.0" + } + ] diff --git a/eng/pipelines/variables/akv-official-variables.yml b/eng/pipelines/variables/akv-official-variables.yml index aaf8de7c5e..5a4aea73bc 100644 --- a/eng/pipelines/variables/akv-official-variables.yml +++ b/eng/pipelines/variables/akv-official-variables.yml @@ -22,17 +22,17 @@ variables: # Base Variables ------------------------------------------------------- - name: mdsPackageVersion - value: '6.1.1' + value: '7.0.0-preview3.25342.7' # @TODO: Version should ideally be pulled from one location (versions.props?) - name: versionMajor - value: '6' + value: '7' - name: versionMinor - value: '1' + value: '0' - name: versionPatch - value: '1' + value: '0' - name: versionPreview - value: '-preview1' + value: '-preview3' # Compound Variables --------------------------------------------------- - name: assemblyFileVersion diff --git a/src/Microsoft.Data.SqlClient.sln b/src/Microsoft.Data.SqlClient.sln index 526eb4c06b..d07bffd4c4 100644 --- a/src/Microsoft.Data.SqlClient.sln +++ b/src/Microsoft.Data.SqlClient.sln @@ -286,11 +286,14 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "variables", "variables", "{ EndProjectSection EndProject Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "jobs", "jobs", "{09352F1D-878F-4F55-8AA2-6E47F1AD37D5}" + ProjectSection(SolutionItems) = preProject + ..\eng\pipelines\jobs\build-akv-official-job.yml = ..\eng\pipelines\jobs\build-akv-official-job.yml + ..\eng\pipelines\jobs\stress-tests-ci-job.yml = ..\eng\pipelines\jobs\stress-tests-ci-job.yml + EndProjectSection EndProject Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "steps", "steps", "{AD738BD4-6A02-4B88-8F93-FBBBA49A74C8}" ProjectSection(SolutionItems) = preProject ..\eng\pipelines\steps\compound-build-akv-step.yml = ..\eng\pipelines\steps\compound-build-akv-step.yml - ..\eng\pipelines\steps\compound-esrp-code-signing-step.yml = ..\eng\pipelines\steps\compound-esrp-code-signing-step.yml ..\eng\pipelines\steps\compound-extract-akv-apiscan-files-step.yml = ..\eng\pipelines\steps\compound-extract-akv-apiscan-files-step.yml ..\eng\pipelines\steps\compound-nuget-pack-step.yml = ..\eng\pipelines\steps\compound-nuget-pack-step.yml ..\eng\pipelines\steps\compound-publish-symbols-step.yml = ..\eng\pipelines\steps\compound-publish-symbols-step.yml @@ -298,6 +301,8 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "steps", "steps", "{AD738BD4 ..\eng\pipelines\steps\script-output-environment-variables-step.yml = ..\eng\pipelines\steps\script-output-environment-variables-step.yml ..\eng\pipelines\steps\install-dotnet.yml = ..\eng\pipelines\steps\install-dotnet.yml ..\eng\pipelines\steps\install-dotnet-arm64.ps1 = ..\eng\pipelines\steps\install-dotnet-arm64.ps1 + ..\eng\pipelines\steps\compound-esrp-dll-signing-step.yml = ..\eng\pipelines\steps\compound-esrp-dll-signing-step.yml + ..\eng\pipelines\steps\compound-esrp-nuget-signing-step.yml = ..\eng\pipelines\steps\compound-esrp-nuget-signing-step.yml EndProjectSection EndProject Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.Data.SqlClient.UnitTests", "Microsoft.Data.SqlClient\tests\UnitTests\Microsoft.Data.SqlClient.UnitTests.csproj", "{4461063D-2F2B-274C-7E6F-F235119D258E}"