Add SQL Server installation steps to Copilot setup workflow #2285
Conversation
WalkthroughAdds SQL Server installation, SQL tools setup, and environment configuration steps to the Copilot GitHub Actions workflow. These blocks run after the DSCv3 verification and are duplicated again before the .NET Tools step. CHANGELOG updated to note the new workflow supporting SQL Server 2022 on Ubuntu for integration tests. Changes
Sequence Diagram(s)sequenceDiagram
autonumber
actor GH as GitHub Actions Runner (Ubuntu)
participant WF as Workflow: copilot-setup-steps
participant SQL as SQL Server Service
participant Tools as mssql-tools18 / unixODBC
participant PS as PowerShell SqlServer Module
GH->>WF: Start job
Note over WF: After DSCv3 verification
WF->>GH: Import MS GPG keys & add repo
WF->>SQL: apt install mssql-server
WF->>SQL: mssql-conf setup (unattended)
WF->>SQL: systemctl status check
WF->>Tools: apt install mssql-tools18, unixODBC
WF->>GH: Update PATH (/opt/mssql-tools18/bin)
WF->>SQL: sqlcmd connectivity test
alt Connectivity fails
WF-->>GH: Fail job
end
WF->>PS: Configure env vars for integration tests
WF->>SQL: Test connection via PowerShell SqlServer
alt Connectivity fails
WF-->>GH: Fail job
end
Note over WF: The install/tools/env-config block is duplicated
WF->>GH: Proceed to .NET Tools step
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Pre-merge checks✅ Passed checks (3 passed)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 5
🧹 Nitpick comments (3)
.github/workflows/copilot-setup-steps.yml (3)
241-242: Fix hardcoded Ubuntu version in tools repository configuration.Similar to the SQL Server repository, this step also hardcodes Ubuntu 20.04 instead of using dynamic detection.
Use dynamic version detection for consistency:
- curl -fsSL https://packages.microsoft.com/config/ubuntu/20.04/prod.list | sudo tee /etc/apt/sources.list.d/mssql-release.list + DISTRO_VERSION=$(lsb_release -rs) + curl -fsSL "https://packages.microsoft.com/config/ubuntu/${DISTRO_VERSION}/prod.list" | sudo tee /etc/apt/sources.list.d/mssql-release.list
280-283: Clarify SQL Server instance configuration for Linux.The comments mention that "SQL Server on Linux does not support named instances" but this is not entirely accurate. While SQL Server on Linux doesn't support multiple named instances like Windows, it does support configuring the default instance name.
Update the comments for accuracy:
- Write-Host "SQL Server will use the default instance (MSSQLSERVER)" - Write-Host "This is because SQL Server on Linux does not support named instances" + Write-Host "SQL Server will use the default instance on Linux" + Write-Host "Linux installations use a single instance model unlike Windows named instances"
192-313: Consider adding error handling and recovery for SQL Server installation.The SQL Server installation steps lack robust error handling. If any step fails, subsequent steps may fail in unexpected ways. Adding proper error checking would improve reliability.
Add error handling and verification between installation steps:
# Example for the installation step if ! sudo apt-get install -y mssql-server; then echo "::error::Failed to install SQL Server package" exit 1 fi # Verify installation before proceeding to configuration if ! dpkg -l | grep -q mssql-server; then echo "::error::SQL Server package not found after installation" exit 1 fi
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
.github/workflows/copilot-setup-steps.yml(1 hunks)CHANGELOG.md(1 hunks)
🧰 Additional context used
📓 Path-based instructions (3)
**/*.md
📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-markdown.instructions.md)
**/*.md: Wrap lines at word boundaries when over 80 characters (except tables/code blocks)
Use 2 spaces for indentation in Markdown documents
Use '1.' for all items in ordered lists (1/1/1 numbering style)
Disable MD013 for tables/code blocks exceeding 80 characters via an inline comment
Require empty lines before and after code blocks and headings (except before line 1)
Escape backslashes in file paths only, not inside code blocks
All fenced code blocks must specify a language identifier
Format parameter names as bold
Format values/literals as inline code
Format resource/module/product names as italic
Format commands, file names, and paths as inline code
Files:
CHANGELOG.md
⚙️ CodeRabbit configuration file
**/*.md: # Markdown Style Guidelines
- Wrap lines at word boundaries when over 80 characters (except tables/code blocks)
- Use 2 spaces for indentation
- Use '1.' for all items in ordered lists (1/1/1 numbering style)
- Disable
MD013rule by adding a comment for tables/code blocks exceeding 80 characters- Empty lines required before/after code blocks and headings (except before line 1)
- Escape backslashes in file paths only (not in code blocks)
- Code blocks must specify language identifiers
Text Formatting
- Parameters: bold
- Values/literals:
inline code- Resource/module/product names: italic
- Commands/files/paths:
inline code
Files:
CHANGELOG.md
CHANGELOG.md
📄 CodeRabbit inference engine (.github/instructions/dsc-community-style-guidelines-changelog.instructions.md)
CHANGELOG.md: Always update the Unreleased section in CHANGELOG.md
Use Keep a Changelog format
Describe notable changes briefly, with no more than 2 items per change type
Reference issues using the format issue #<issue_number>
No empty lines between list items in the same section
Skip adding an entry if the same change already exists in the Unreleased section
No duplicate sections or items in the Unreleased sectionAlways update the Unreleased section of CHANGELOG.md
Files:
CHANGELOG.md
⚙️ CodeRabbit configuration file
CHANGELOG.md: # Changelog Guidelines
- Always update the Unreleased section in CHANGELOG.md
- Use Keep a Changelog format
- Describe notable changes briefly, ≤2 items per change type
- Reference issues using format issue #<issue_number>
- No empty lines between list items in same section
- Skip adding entry if same change already exists in Unreleased section
- No duplicate sections or items in Unreleased section
Files:
CHANGELOG.md
**
⚙️ CodeRabbit configuration file
**: # DSC Community GuidelinesTerminology
- Command: Public command
- Function: Private function
- Resource: DSC class-based resource
Build & Test Workflow Requirements
- Run PowerShell script files from repository root
- Setup build and test environment (once per
pwshsession):./build.ps1 -Tasks noop- Build project before running tests:
./build.ps1 -Tasks build- Always run tests in new
pwshsession:Invoke-Pester -Path @({test paths}) -Output DetailedFile Organization
- Public commands:
source/Public/{CommandName}.ps1- Private functions:
source/Private/{FunctionName}.ps1- Unit tests:
tests/Unit/{Classes|Public|Private}/{Name}.Tests.ps1- Integration tests:
tests/Integration/Commands/{CommandName}.Integration.Tests.ps1Requirements
- Follow instructions over existing code patterns
- Follow PowerShell style and test guideline instructions strictly
- Always update CHANGELOG.md Unreleased section
- Localize all strings using string keys; remove any orphaned string keys
- Check DscResource.Common before creating private functions
- Separate reusable logic into private functions
- DSC resources should always be created as class-based resources
- Add unit tests for all commands/functions/resources
- Add integration tests for all public commands and resources
Files:
CHANGELOG.md
🧠 Learnings (2)
📚 Learning: 2025-09-14T19:16:56.215Z
Learnt from: CR
PR: dsccommunity/SqlServerDsc#0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-09-14T19:16:56.215Z
Learning: Applies to tests/Integration/**/*.ps1 : Integration tests must use Connect-SqlDscDatabaseEngine with correct CI credentials to create SQL Server DB sessions
Applied to files:
.github/workflows/copilot-setup-steps.yml
📚 Learning: 2025-09-14T19:16:56.215Z
Learnt from: CR
PR: dsccommunity/SqlServerDsc#0
File: .github/instructions/SqlServerDsc-guidelines.instructions.md:0-0
Timestamp: 2025-09-14T19:16:56.215Z
Learning: Applies to tests/**/*.ps1 : When referencing CI SQL instances in tests, use: Database Engine=DSCSQLTEST, Reporting Services=SSRS, Power BI Report Server=PBIRS
Applied to files:
.github/workflows/copilot-setup-steps.yml
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
- GitHub Check: dsccommunity.SqlServerDsc (Build Package Module)
- GitHub Check: PSScriptAnalyzer
- GitHub Check: Setup PowerShell Development Environment
🔇 Additional comments (2)
CHANGELOG.md (1)
10-11: CHANGELOG incorrectly claims duplicate SQL Server steps; workflow contains only one sequence..github/workflows/copilot-setup-steps.yml shows "Install SQL Server on Ubuntu" at line 192, "Install SQL Server Command Line Tools" at 229, and "Configure SQL Server Environment for Integration Tests" at 264 (".NET Tools" is at 315) — no duplicated SQL Server installation steps found.
Likely an incorrect or invalid review comment.
.github/workflows/copilot-setup-steps.yml (1)
204-205: Don't hardcode Ubuntu 20.04 for the MS SQL apt repo — detect codename or pin the runner.The workflow adds the Microsoft SQL Server repo using Ubuntu 20.04 (.github/workflows/copilot-setup-steps.yml lines 204–205). ubuntu-latest can map to a different Ubuntu release; replace the hardcoded '20.04' with a runtime distro codename (e.g., lsb_release -cs or parsing /etc/os-release) when adding the repository, or pin the job to ubuntu-20.04 to avoid package compatibility issues.
| - name: Install SQL Server on Ubuntu | ||
| shell: bash | ||
| run: | | ||
| echo "Installing SQL Server 2022 on Ubuntu..." | ||
| # Import the public repository GPG keys | ||
| echo "::group::Import Microsoft GPG keys" | ||
| curl -fsSL https://packages.microsoft.com/keys/microsoft.asc | sudo tee /etc/apt/trusted.gpg.d/microsoft.asc > /dev/null | ||
| echo "::endgroup::" | ||
| # Register the SQL Server Ubuntu repository | ||
| echo "::group::Register SQL Server repository" | ||
| sudo add-apt-repository "$(wget -qO- https://packages.microsoft.com/config/ubuntu/20.04/mssql-server-2022.list)" -y | ||
| echo "::endgroup::" | ||
| # Update package list and install SQL Server | ||
| echo "::group::Install SQL Server package" | ||
| sudo apt-get update | ||
| sudo apt-get install -y mssql-server | ||
| echo "::endgroup::" | ||
| # Configure SQL Server with mssql-conf (unattended setup) | ||
| echo "::group::Configure SQL Server" | ||
| sudo MSSQL_SA_PASSWORD='P@ssw0rd1' \ | ||
| MSSQL_PID='Developer' \ | ||
| MSSQL_TCP_PORT=1433 \ | ||
| ACCEPT_EULA='Y' \ | ||
| /opt/mssql/bin/mssql-conf -n setup | ||
| echo "::endgroup::" | ||
| # Verify SQL Server is running | ||
| echo "::group::Verify SQL Server status" | ||
| sudo systemctl status mssql-server --no-pager --lines=5 | ||
| echo "::endgroup::" | ||
| echo "SQL Server 2022 installation completed successfully" |
There was a problem hiding this comment.
🧩 Analysis chain
Verify SQL Server 2022 compatibility with Ubuntu in GitHub Actions runners.
The workflow hardcodes the Ubuntu 20.04 repository URLs and configuration (lines 204, 241) while GitHub Actions ubuntu-latest runners typically use Ubuntu 22.04 or newer. This mismatch could cause installation failures or use of incompatible packages.
🌐 Web query:
Ubuntu version used by GitHub Actions ubuntu-latest runners 2024
💡 Result:
Short answer: ubuntu-latest pointed to Ubuntu 22.04 for most of 2024. Ubuntu 24.04 was published as an image in May 2024 and GitHub began rolling the ubuntu-latest label to 24.04 on Dec 5, 2024 (rollout completed Jan 17, 2025). [1][2][3]
Sources:
- GitHub-hosted runners reference (labels include ubuntu-latest, ubuntu-24.04, ubuntu-22.04). [1]
- "Ubuntu 24.04 is now available" announcement (May 14, 2024). [2]
- Issue announcing rollout of ubuntu-latest → Ubuntu‑24.04 (rollout Dec 5, 2024 → Jan 17, 2025). [3]
Fix hardcoded Microsoft SQL Server apt repo (ubuntu/20.04) — ensure runner OS and repo match
The workflow registers packages.microsoft.com/config/ubuntu/20.04/... but github's ubuntu-latest was 22.04 for most of 2024 and rolled to 24.04 (rollout started Dec 5, 2024; completed Jan 17, 2025). Using a 20.04 repo on 22.04/24.04 runners can break apt and mssql-server installation.
- Action: either pin the job to runs-on: ubuntu-20.04, or make the repo URL match the runner OS (e.g., use $(lsb_release -rs) or a small mapping to select the correct packages.microsoft.com/config/ubuntu//mssql-server-2022.list).
Location: .github/workflows/copilot-setup-steps.yml lines 192-227 (add-apt-repository wget for packages.microsoft.com/config/ubuntu/20.04/...).
| sudo MSSQL_SA_PASSWORD='P@ssw0rd1' \ | ||
| MSSQL_PID='Developer' \ | ||
| MSSQL_TCP_PORT=1433 \ | ||
| ACCEPT_EULA='Y' \ | ||
| /opt/mssql/bin/mssql-conf -n setup | ||
| echo "::endgroup::" |
There was a problem hiding this comment.
Security concern: Hardcoded SA password in workflow.
The SQL Server SA password is hardcoded as 'P@ssw0rd1' directly in the workflow file. This creates several security issues:
- The password is visible in the repository and logs
- It uses a common, predictable pattern
- No password rotation capability
Consider using GitHub secrets or environment variables for sensitive credentials:
- sudo MSSQL_SA_PASSWORD='P@ssw0rd1' \
+ sudo MSSQL_SA_PASSWORD='${{ secrets.SQL_SA_PASSWORD }}' \Or generate a random password at runtime:
+ # Generate a secure random password
+ SA_PASSWORD=$(openssl rand -base64 16)
+ echo "::add-mask::$SA_PASSWORD"
+ sudo MSSQL_SA_PASSWORD="$SA_PASSWORD" \
- sudo MSSQL_SA_PASSWORD='P@ssw0rd1' \📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| sudo MSSQL_SA_PASSWORD='P@ssw0rd1' \ | |
| MSSQL_PID='Developer' \ | |
| MSSQL_TCP_PORT=1433 \ | |
| ACCEPT_EULA='Y' \ | |
| /opt/mssql/bin/mssql-conf -n setup | |
| echo "::endgroup::" | |
| sudo MSSQL_SA_PASSWORD='${{ secrets.SQL_SA_PASSWORD }}' \ | |
| MSSQL_PID='Developer' \ | |
| MSSQL_TCP_PORT=1433 \ | |
| ACCEPT_EULA='Y' \ | |
| /opt/mssql/bin/mssql-conf -n setup | |
| echo "::endgroup::" |
🤖 Prompt for AI Agents
.github/workflows/copilot-setup-steps.yml around lines 215 to 220: the SA
password is hardcoded as 'P@ssw0rd1' which exposes credentials; replace the
literal with a secure source by reading the password from a GitHub Actions
secret (e.g. use secrets.MSSQL_SA_PASSWORD) or generate a random password at
runtime and store it in an environment variable, pass that variable into
MSSQL_SA_PASSWORD when invoking mssql-conf, ensure the secret value is never
printed to logs, and document/update repository/security guidance to require
setting the secret in the Actions settings.
| /opt/mssql-tools18/bin/sqlcmd -S localhost -U sa -P 'P@ssw0rd1' -Q "SELECT @@VERSION" -b | ||
| echo "::endgroup::" |
There was a problem hiding this comment.
Security concern: Password exposed in command line and logs.
The SA password is passed directly to sqlcmd in the command line, which will be visible in workflow logs and potentially in process lists.
Use environment variables or input redirection to avoid password exposure:
- /opt/mssql-tools18/bin/sqlcmd -S localhost -U sa -P 'P@ssw0rd1' -Q "SELECT @@VERSION" -b
+ # Set password as environment variable to avoid command line exposure
+ export SQLCMDPASSWORD='$SA_PASSWORD'
+ /opt/mssql-tools18/bin/sqlcmd -S localhost -U sa -Q "SELECT @@VERSION" -bCommittable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
.github/workflows/copilot-setup-steps.yml lines 259-260: the SA password is
hardcoded in the sqlcmd command and will be exposed in logs/process lists;
replace the literal password with a secret-based environment variable (e.g., set
SQLCMDPASSWORD or SA_PASSWORD from secrets in the job/env block using ${{
secrets.SA_PASSWORD }}), invoke sqlcmd without exposing the password on the
command line (omit -P and rely on the environment variable or feed the password
via stdin/here-doc), and ensure you do not echo the password or print the
command so it isn’t leaked in workflow logs.
| $env:SQL_SA_PASSWORD = 'P@ssw0rd1' | ||
| echo "SQL_SA_PASSWORD=P@ssw0rd1" >> $env:GITHUB_ENV |
There was a problem hiding this comment.
Security concern: SA password exposed in environment variables.
Setting the SA password as an environment variable (line 279) makes it accessible to all subsequent steps and visible in the GitHub Actions environment, which poses a security risk.
Consider using GitHub secrets or a more secure approach:
- # Set SA password for integration tests
- $env:SQL_SA_PASSWORD = 'P@ssw0rd1'
- echo "SQL_SA_PASSWORD=P@ssw0rd1" >> $env:GITHUB_ENV
+ # Use the same password generated during installation
+ $env:SQL_SA_PASSWORD = $env:SA_PASSWORD
+ echo "::add-mask::$($env:SQL_SA_PASSWORD)"
+ echo "SQL_SA_PASSWORD=$($env:SQL_SA_PASSWORD)" >> $env:GITHUB_ENV📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| $env:SQL_SA_PASSWORD = 'P@ssw0rd1' | |
| echo "SQL_SA_PASSWORD=P@ssw0rd1" >> $env:GITHUB_ENV | |
| # Use the same password generated during installation | |
| $env:SQL_SA_PASSWORD = $env:SA_PASSWORD | |
| echo "::add-mask::$($env:SQL_SA_PASSWORD)" | |
| echo "SQL_SA_PASSWORD=$($env:SQL_SA_PASSWORD)" >> $env:GITHUB_ENV |
| $connectionString = "Server=localhost;Database=master;User Id=sa;Password=P@ssw0rd1;TrustServerCertificate=true;Encrypt=false;" | ||
| $connection = New-Object System.Data.SqlClient.SqlConnection($connectionString) |
There was a problem hiding this comment.
Security concern: Password in connection string.
The connection string contains a hardcoded password that will be visible in logs and potentially stored in memory.
Use integrated authentication or a more secure connection approach:
- $connectionString = "Server=localhost;Database=master;User Id=sa;Password=P@ssw0rd1;TrustServerCertificate=true;Encrypt=false;"
+ $connectionString = "Server=localhost;Database=master;User Id=sa;Password=$($env:SQL_SA_PASSWORD);TrustServerCertificate=true;Encrypt=false;"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| $connectionString = "Server=localhost;Database=master;User Id=sa;Password=P@ssw0rd1;TrustServerCertificate=true;Encrypt=false;" | |
| $connection = New-Object System.Data.SqlClient.SqlConnection($connectionString) | |
| $connectionString = "Server=localhost;Database=master;User Id=sa;Password=$($env:SQL_SA_PASSWORD);TrustServerCertificate=true;Encrypt=false;" | |
| $connection = New-Object System.Data.SqlClient.SqlConnection($connectionString) |
🤖 Prompt for AI Agents
.github/workflows/copilot-setup-steps.yml around lines 288-289: the connection
string currently contains a hardcoded plaintext password; replace this with a
secure approach by reading the password (and other sensitive parts) from a CI
secret (GitHub Actions secret injected as an env var) or using
integrated/managed authentication, build the connection string at runtime using
the secret (or an authentication token) without echoing it to logs, and if using
PowerShell wrap the password as a SecureString/PSCredential so it is not stored
or printed.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #2285 +/- ##
====================================
Coverage 94% 94%
====================================
Files 149 149
Lines 9163 9163
====================================
Hits 8687 8687
Misses 476 476
🚀 New features to boost your workflow:
|
1 participant
Pull Request (PR) description
including SQL Server 2022 on Ubuntu for integration testing support.
This Pull Request (PR) fixes the following issues
Task list
file CHANGELOG.md. Entry should say what was changed and how that
affects users (if applicable), and reference the issue being resolved
(if applicable).
This change is