Sign the Azure extension assembly and tests

[paulmedynski]

Summary

Signs the Microsoft.Data.SqlClient.Extensions.Azure assembly and its test assembly, and wires the Azure package CI stage/job for signed internal builds.

What's included

• Signed InternalsVisibleTo for the Azure test assembly in Package mode (kept unsigned in Project mode and when signing is disabled).
• Signing comment aligned with assembly-signing terminology.
• Azure pack/test CI job + stage wired for signed internal builds.

🔗 PR Stack

Part of a 5-PR stack — current PR marked 👉. Indentation shows the branch base.

• 🏗️ #4382 — Sign CI Package pipeline assemblies & tests · base: main
  • 🏷️ #4383 — Rename STRONG_NAME_SIGNING → ASSEMBLY_SIGNING
    • 🪵 #4384 — Add Logging test package & CI
    • ☁️ 👉 #4385 — Sign Azure extension assembly & tests
    • 🧩 #4386 — Sign Microsoft.SqlServer.Server assembly & CI

flowchart TD
    main([main])
    PR1["🏗️ #4382<br/>signing-core"]
    PR2["🏷️ #4383<br/>rename"]
    PR3["🪵 #4384<br/>logging-tests"]
    PR4["☁️ #4385<br/>azure-signing"]
    PR5["🧩 #4386<br/>sqlserver.server"]
    main --> PR1 --> PR2
    PR2 --> PR3
    PR2 --> PR4
    PR2 --> PR5
    click PR1 "https://github.com/dotnet/SqlClient/pull/4382" _blank
    click PR2 "https://github.com/dotnet/SqlClient/pull/4383" _blank
    click PR3 "https://github.com/dotnet/SqlClient/pull/4384" _blank
    click PR4 "https://github.com/dotnet/SqlClient/pull/4385" _blank
    click PR5 "https://github.com/dotnet/SqlClient/pull/4386" _blank
    classDef current fill:#1f6feb,stroke:#1f6feb,color:#fff;
    class PR4 current;

Loading

Azure.csproj retains main's Microsoft.Identity.Client.Broker package reference; only the signing block is added.

Checklist

• Tests added or updated (Azure: 22 passed / 10 integration-skipped)
• Public API changes documented (none)
• No breaking changes

[Copilot]

Pull request overview

This PR extends the repo’s assembly-signing workflow to the Microsoft.Data.SqlClient.Extensions.Azure package by ensuring the Azure extension assembly and its test assembly can be signed for internal (ADO.Net) Package-mode CI builds, including the correct InternalsVisibleTo configuration for signed test access.

Changes:

• Added conditional signing to the Azure test project when TestSigningKeyPath is provided.
• Updated Azure extension project InternalsVisibleTo to support signed Package-mode builds (public key specified) while keeping Project-mode behavior intentionally unsigned.
• Wired isInternalBuild through the Azure CI stage/job templates and added signing key download + MSBuild properties for internal Package-mode builds.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
src/Microsoft.Data.SqlClient.Extensions/Azure/test/Azure.Test.csproj	Conditionally signs the Azure test assembly via TestSigningKeyPath so signed IVT works in internal CI.
src/Microsoft.Data.SqlClient.Extensions/Azure/src/Azure.csproj	Updates IVT rules to include a signed test assembly (public key) only for signed + Package mode; aligns signing terminology.
eng/pipelines/stages/build-azure-package-ci-stage.yml	Adds isInternalBuild parameter and threads it through all Azure test legs and the pack job.
eng/pipelines/jobs/test-azure-package-ci-job.yml	Adds isInternalBuild, downloads signing keys for internal Package-mode builds, and passes signing properties to dotnet build.
eng/pipelines/jobs/pack-azure-package-ci-job.yml	Adds isInternalBuild and conditionally signs the Azure package in internal Package-mode builds (incl. key download + SigningKeyPath).
eng/pipelines/dotnet-sqlclient-ci-core.yml	Threads isInternalBuild into the Azure package stage invocation.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (dev/paul/assembly-signing-rename@c5532b2). Learn more about missing BASE report.

Additional details and impacted files

@@                         Coverage Diff                         @@
##             dev/paul/assembly-signing-rename    #4385   +/-   ##
===================================================================
  Coverage                                    ?   63.51%           
===================================================================
  Files                                       ?      280           
  Lines                                       ?    66257           
  Branches                                    ?        0           
===================================================================
  Hits                                        ?    42086           
  Misses                                      ?    24171           
  Partials                                    ?        0           

Flag	Coverage Δ
PR-SqlClient-Project	63.51% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.