Enable InternalsVisibleTo for UnitTests in Package mode

[paulmedynski]

Summary

Enables InternalsVisibleTo for SqlClient UnitTests across package/project reference modes with an explicit signing policy. This supports the upcoming sqlclient-test pipeline that will use package mode to run all tests. It will also be signing assemblies when it runs in the ADO.Net project - a gap in our current CI pipelines.

Behavior

Signing	ReferenceType	IVT Granted?
Unsigned	Project	Yes
Unsigned	Package	Yes
Signed	Package	Yes (with PublicKey)
Signed	Project	No

Changes

• SqlClient.csproj: Added unsigned IVT (InternalsVisibleTo("UnitTests")) and signed+Package IVT block with test key public key
• UnitTests.csproj: Removed ValidateReferenceType error target; added conditional ProjectReference/PackageReference with ExcludeAssets="compile" and explicit Reference to the runtime DLL; added TestSigningKeyPath signing
• TestCommon.csproj: Made SqlClient reference conditional on ReferenceType; added TestSigningKeyPath signing
• TestUtilities.csproj: Added TestSigningKeyPath signing (prevents CS8002 when referenced by signed tests)
• TDS projects: Added TestSigningKeyPath signing blocks
• build.proj: Declared TestSigningKeyPath property and plumbed it into TestSqlClientUnit target

Pipeline Changes

• run-all-tests-step.yml: Unit test steps now pass -p:ReferenceType, -p:PackageVersionSqlClient, and -p:PackageVersionSqlServer directly (matching the Functional/Manual test pattern) instead of conditionally gating on Project mode

Relates to

AB#45126, AB#45162

Testing

• PR runs will ensure no regressions in Project mode, and will confirm the new Package mode paths.
• CI runs will do the same. These never perform assembly signing, so the Package+Signing mode isn't tested here.
• Package+Signing:
  • I will manually run the new sqlclient-package pipeline (based on this PR) to produce artifacts that are signed and include the new InternalsVisibleTo via public key.
  • Then, I will build, sign, and run the tests locally.
  • We will fully prove these changes out via the forthcoming sqlclient-test pipeline.

[Copilot]

Pull request overview

This PR updates the build/test infrastructure so test projects can access internals (via InternalsVisibleTo) when running against Package references, including the signed package scenario by introducing a separate test signing key (TestSigningKeyPath) and wiring it through build.proj.

Changes:

• Add InternalsVisibleTo entries for signed + ReferenceType=Package builds (with an explicit public key) in SqlClient, Abstractions, and Azure projects.
• Update test projects to conditionally use ProjectReference vs PackageReference based on ReferenceType, and sign test/helper assemblies when TestSigningKeyPath is provided.
• Plumb TestSigningKeyPath and ReferenceType into build.proj test targets; add a new CI pipeline YAML for packing all packages in Package mode.

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
src/Microsoft.Data.SqlClient/tests/UnitTests/Microsoft.Data.SqlClient.UnitTests.csproj	Conditional project/package references; optional test signing to satisfy IVT with signed packages.
src/Microsoft.Data.SqlClient/tests/tools/Microsoft.Data.SqlClient.TestUtilities/Microsoft.Data.SqlClient.TestUtilities.csproj	Optional signing so signed tests can reference this helper assembly.
src/Microsoft.Data.SqlClient/tests/Common/Microsoft.Data.SqlClient.TestCommon.csproj	Conditional SqlClient reference (project vs package) and optional signing for signed-test compatibility.
src/Microsoft.Data.SqlClient/src/Microsoft.Data.SqlClient.csproj	Add signed+Package IVT (with PublicKey) while keeping unsigned IVT behavior.
src/Microsoft.Data.SqlClient.Extensions/Azure/test/Azure.Test.csproj	Conditional project/package reference to Azure extension; optional signing for IVT fulfillment.
src/Microsoft.Data.SqlClient.Extensions/Azure/src/Azure.csproj	Add signed+Package IVT entry for Azure tests (with PublicKey).
src/Microsoft.Data.SqlClient.Extensions/Abstractions/test/Abstractions.Test.csproj	Conditional project/package reference to Abstractions; optional signing for IVT fulfillment.
src/Microsoft.Data.SqlClient.Extensions/Abstractions/src/Abstractions.csproj	Add signed+Package IVT entry for Abstractions tests (with PublicKey).
eng/pipelines/sqlclient-pr-project-ref-pipeline.yml	Exclude eng/pipelines/ci/* from PR trigger path filters.
eng/pipelines/sqlclient-pr-package-ref-pipeline.yml	Exclude eng/pipelines/ci/* from PR trigger path filters.
eng/pipelines/ci/package/sqlclient-package.yml	New CI pipeline to pack all packages using build.proj in ReferenceType=Package mode.
build.proj	Add TestSigningKeyPath plumbing and pass reference/signing/package-version args into test targets.

[paulmedynski]

Any projects used by a signed test project must also be signed.

[Copilot]

Pull request overview

Copilot reviewed 17 out of 17 changed files in this pull request and generated no new comments.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.

[paulmedynski]

Now we will see unit test runs in the PR/CI Package mode pipelines. Neither of those perform signing, so InternalsVisibleTo will be granted by the SqlClient project.

There is no new risk here. Apps can already access everything via reflection. If we ever publish unsigned assemblies, we have much bigger problems than IVT.

[paulmedynski]

I created a new signing key specifically for tests. It lives in the ADO.Net project as a secure file. This is its public key.

[paulmedynski]

Note that if/when our other test projects (i.e. Azure.Test) adopt this Package+Signing approach, those projects won't need this foo since they don't produce and package ref assemblies.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 65.95%. Comparing base (b700269) to head (1499698).
⚠️ Report is 20 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4300      +/-   ##
==========================================
- Coverage   66.04%   65.95%   -0.10%     
==========================================
  Files         275      279       +4     
  Lines       42976    66211   +23235     
==========================================
+ Hits        28383    43667   +15284     
- Misses      14593    22544    +7951     

Flag	Coverage Δ
CI-SqlClient	?
PR-SqlClient-Project	65.95% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated no new comments.