Conversation
- Updated makepfxcert.ps1 to use improved FQCN lookup, and only install OpenSSL module it if isn't installed already. - Improved diatnostigs when running powershell scripts as part of certificate tests.
paulmedynski
added
the
Area\Engineering
paulmedynski
left a comment
paulmedynski
left a comment
There was a problem hiding this comment.
Commentary for reviewers.
| try { | ||
| # Get FQDN of the machine | ||
| Write-Output "Get FQDN of the machine..." | ||
| $fqdn = [System.Net.Dns]::GetHostByName(($env:computerName)).HostName |
There was a problem hiding this comment.
GetHostByName is deprecated, and $env:computerName isn't always populated on Linux.
| RedirectStandardError = true, | ||
| RedirectStandardOutput = true, | ||
| UseShellExecute = false, | ||
| Arguments = $"{script} -OutDir {currentDirectory} > result.txt", |
There was a problem hiding this comment.
No longer redirecting stdout to a file that we never inspect or emit.
| if (! File.Exists(script)) | ||
| { | ||
| powerShellCommand = "pwsh"; | ||
| throw new Exception($"Script {script} does not exist"); |
There was a problem hiding this comment.
Early return to avoid large nested blocks.
| output.AppendLine(e.Data); | ||
| } | ||
| }); | ||
| output.AppendLine($"[OUT] {e.Data}"); |
There was a problem hiding this comment.
Prefixing the stdout and stderr so it's obvious which stream they came from.
There was a problem hiding this comment.
Pull request overview
This PR updates the manual certificate-generation flow used by CertificateTestWithTdsServer on Ubuntu/Linux, aiming to reduce hangs and improve diagnostics when running the PowerShell-based certificate scripts in CI.
Changes:
- Update
makepfxcert.ps1FQDN lookup logic and avoid reinstalling the OpenSSL PowerShell module when already present. - Improve PowerShell script execution diagnostics by capturing and labeling stdout/stderr output in the manual test harness.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
src/Microsoft.Data.SqlClient/tests/ManualTests/makepfxcert.ps1 |
Adjusts host/FQDN resolution and makes OpenSSL module installation conditional; adds PowerShell tracing. |
src/Microsoft.Data.SqlClient/tests/ManualTests/SQL/ConnectionTestWithSSLCert/CertificateTestWithTdsServer.cs |
Refactors PowerShell invocation to use pwsh on non-Windows and improves captured output formatting. |
| FileName = powerShellCommand, | ||
| RedirectStandardError = true, | ||
| RedirectStandardOutput = true, | ||
| UseShellExecute = false, | ||
| Arguments = $"{script} -OutDir {currentDirectory}", | ||
| CreateNoWindow = false, | ||
| Verb = "runas" |
There was a problem hiding this comment.
ProcessStartInfo.Arguments = $"{script} -OutDir {currentDirectory}" does not quote/escape either path. If the repo/work directory contains spaces (common in CI), PowerShell will parse this incorrectly and the script won’t run. Build the arguments using -File and quote/escape the script path and -OutDir value (or use ArgumentList when available).
| proc.Kill(); | ||
| proc.WaitForExit(2000); | ||
| throw new Exception($"Could not generate certificate; script output: {output}"); | ||
| } |
There was a problem hiding this comment.
After the process exits, the code only fails on timeout and never checks proc.ExitCode. If the script fails quickly (e.g., certificate generation errors), the test will continue with missing/invalid artifacts and later failures will be harder to diagnose. Throw when ExitCode != 0 and include the captured output to surface the root cause immediately.
| } | |
| } | |
| if (proc.ExitCode != 0) | |
| { | |
| throw new Exception($"Could not generate certificate; exit code {proc.ExitCode}; script output: {output}"); | |
| } |
|
|
||
| Set-PSDebug -Trace 1 | ||
|
|
There was a problem hiding this comment.
Set-PSDebug -Trace 1 is enabled unconditionally, which will massively increase log volume and can slow down or even time out CI runs. Consider making tracing opt-in (e.g., gated by an env var/parameter) and ensure it’s turned back off (e.g., in a finally) so normal runs aren’t impacted.
Description
Code changes:
These changes will help us diagnose what is hanging the script.
In the meantime, I have also updated our 1ES Ubuntu images to install the powershell OpenSSL module, so the script won't have to.
Testing