diff --git a/eng/pipelines/jobs/build-akv-official-job.yml b/eng/pipelines/jobs/build-akv-official-job.yml
index a4374b773b..af8f546eff 100644
--- a/eng/pipelines/jobs/build-akv-official-job.yml
+++ b/eng/pipelines/jobs/build-akv-official-job.yml
@@ -91,6 +91,7 @@ jobs:
assemblyFileVersion: '${{ parameters.assemblyFileVersion }}'
buildConfiguration: '${{ parameters.buildConfiguration }}'
mdsPackageVersion: '${{ parameters.mdsPackageVersion }}'
+ signingKeyPath: '$(Agent.TempDirectory)/netfxKeypair.snk'
- ${{ each targetFramework in parameters.targetFrameworks }}:
- template: ../steps/compound-extract-akv-apiscan-files-step.yml
@@ -105,6 +106,7 @@ jobs:
parameters:
buildConfiguration: '${{ parameters.buildConfiguration }}'
mdsPackageVersion: '${{ parameters.mdsPackageVersion }}'
+ signingKeyPath: '$(Agent.TempDirectory)/netfxKeypair.snk'
- template: ../steps/compound-esrp-code-signing-step.yml@self
parameters:
diff --git a/eng/pipelines/steps/compound-build-akv-step.yml b/eng/pipelines/steps/compound-build-akv-step.yml
index 906dcfaf72..fb6b0e2a06 100644
--- a/eng/pipelines/steps/compound-build-akv-step.yml
+++ b/eng/pipelines/steps/compound-build-akv-step.yml
@@ -19,6 +19,9 @@ parameters:
- name: mdsPackageVersion
type: string
+ - name: signingKeyPath
+ type: string
+
steps:
- task: DownloadSecureFile@1
displayName: 'Download Signing Key'
@@ -48,7 +51,7 @@ steps:
-p:AssemblyFileVersion=${{ parameters.assemblyFileVersion }}
-p:NugetPackageVersion=${{ parameters.mdsPackageVersion }}
-p:ReferenceType=Package
- -p:SigningKeyPath=$(Agent.TempDirectory)/netfxKeypair.snk
+ -p:SigningKeyPath=${{ parameters.signingKeyPath }}
- script: tree /a /f $(BUILD_OUTPUT)
displayName: Output Build Output Tree
diff --git a/eng/pipelines/steps/roslyn-analyzers-akv-step.yml b/eng/pipelines/steps/roslyn-analyzers-akv-step.yml
index 0e05177d5a..d65ec57ca4 100644
--- a/eng/pipelines/steps/roslyn-analyzers-akv-step.yml
+++ b/eng/pipelines/steps/roslyn-analyzers-akv-step.yml
@@ -4,9 +4,13 @@
# See the LICENSE file in the project root for more information. #
#################################################################################
-# @TODO: This can probably be made generic and pass in the command lines for msbuild
-# BUT, they should be kept separate by now as we rebuild build.proj in parallel, we won't
-# affect >1 project at a time.
+# NOTE: Because Roslyn analyzers run with the build process, this step must happen within our
+# build in order to generate logs that Guardian/SDL can consume. HOWEVER - this step will rebuild
+# the project and overwrite any previously build output! Therefore, the command line params in
+# this step and the build step must be the same to avoid packaging invalid binaries!
+# There is a way to avoid using this task and have analyzers run during the main build, but this
+# task will ensure we are using the latest analyzers as per SDL.
+# For more info, please see: https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-mohanb/security-integration/guardian-wiki/sdl-azdo-extension/roslyn-analyzers-build-task
parameters:
- name: buildConfiguration
@@ -15,6 +19,9 @@ parameters:
- name: mdsPackageVersion
type: string
+ - name: signingKeyPath
+ type: string
+
steps:
- task: securedevelopmentteam.vss-secure-development-tools.build-task-roslynanalyzers.RoslynAnalyzers@3
displayName: 'Roslyn Analyzers'
@@ -27,5 +34,6 @@ steps:
-p:Configuration=${{ parameters.buildConfiguration }}
-p:NugetPackageVersion=${{ parameters.mdsPackageVersion }}
-p:ReferenceType=Package
+ -p:SigningKeyPath=${{ parameters.signingKeyPath }}
msBuildVersion: 17.0
setupCommandLinePicker: vs2022
diff --git a/eng/pipelines/variables/akv-official-variables.yml b/eng/pipelines/variables/akv-official-variables.yml
index 8e602cb8f9..30176ac98b 100644
--- a/eng/pipelines/variables/akv-official-variables.yml
+++ b/eng/pipelines/variables/akv-official-variables.yml
@@ -30,7 +30,7 @@ variables:
- name: versionMinor
value: '1'
- name: versionPatch
- value: '1'
+ value: '2'
- name: versionPreview
value: '-preview1'
diff --git a/src/Microsoft.Data.SqlClient.sln b/src/Microsoft.Data.SqlClient.sln
index e4d29d999c..c3a9eeb55b 100644
--- a/src/Microsoft.Data.SqlClient.sln
+++ b/src/Microsoft.Data.SqlClient.sln
@@ -287,6 +287,9 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "variables", "variables", "{
EndProjectSection
EndProject
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "jobs", "jobs", "{09352F1D-878F-4F55-8AA2-6E47F1AD37D5}"
+ ProjectSection(SolutionItems) = preProject
+ ..\eng\pipelines\jobs\build-akv-official-job.yml = ..\eng\pipelines\jobs\build-akv-official-job.yml
+ EndProjectSection
EndProject
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "steps", "steps", "{AD738BD4-6A02-4B88-8F93-FBBBA49A74C8}"
ProjectSection(SolutionItems) = preProject
diff --git a/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.csproj b/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.csproj
index 51af5632e3..dcd2e49477 100644
--- a/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.csproj
+++ b/src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.csproj
@@ -18,14 +18,14 @@
true
true
+
-
+
true
$(SigningKeyPath)
-
-
$(SigningKeyPath)
+
$([System.IO.Path]::Combine('$(IntermediateOutputPath)','$(GeneratedSourceFileName)'))