From 062b44e7e6e46eb86cb70d0db5376c3da01f60a1 Mon Sep 17 00:00:00 2001
From: Drew Skwiers-Koballa <drew.koballa@gmail.com>
Date: Thu, 7 Dec 2023 19:45:07 -0800
Subject: [PATCH] release prep

---
 CONNECTION.md | 19 ++++++++++++++++---
 README.md     | 23 ++++++++++++++---------
 2 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/CONNECTION.md b/CONNECTION.md
index 0927d7cb..202f02d9 100644
--- a/CONNECTION.md
+++ b/CONNECTION.md
@@ -26,11 +26,24 @@ Azure SQL Action for GitHub is supported for the Azure public cloud as well as A
 - If the Azure/login action is not included, then the sql action would fail with a firewall exception and appropriate messaging.
 - Alternatively, if enough permissions are not granted on the service principal or login action is not included, then the firewall rules have to be explicitly managed by user using CLI/PS scripts.
 
-## Azure SQL Managed Instance and SQL Server
+## Azure SQL Managed Instance
 
-GitHub sql-action requires that prior to running the action against Azure SQL Managed Instance or SQL Server, the workflow must have network access to the SQL instance. For network architectures where public access is not available, [self-hosted runners](https://docs.github.com/actions/hosting-your-own-runners/about-self-hosted-runners) can be leveraged.
+GitHub sql-action requires that prior to running the action against Azure SQL Managed Instance, the workflow must have network access to the SQL instance. An overview of Azure SQL Managed Instance [networking](https://learn.microsoft.com/azure/azure-sql/managed-instance/connectivity-architecture-overview#high-level-connectivity-architecture) is available to assist in identifying the appropriate network access for your environment.
 
-An overview of Azure SQL Managed Instance [networking](https://learn.microsoft.com/azure/azure-sql/managed-instance/connectivity-architecture-overview#high-level-connectivity-architecture) is available to assist in identifying the appropriate network access.
+Note that the public endpoint for Azure SQL Managed Instance utilizes a non-standard port (`Server=<mi_name>.public.<dns_zone>.database.windows.net,3342;Initial Catalog=<database>;...`), which should be included in the connection string. Azure SQL Managed Instance Public Endpoint requires enabling specific traffic in the network security group, detailed in the [public endpoint documentation](https://learn.microsoft.com/azure/azure-sql/managed-instance/public-endpoint-configure).
+
+For network architectures where public access is not available, [self-hosted runners](https://docs.github.com/actions/hosting-your-own-runners/about-self-hosted-runners) can be leveraged to connect to the private endpoints.
+
+> [!IMPORTANT]
+> A failure to connect to the Azure SQL Managed Instance will result in the action attempting to add a firewall rule as if the endpoint with Azure SQL Database, which will fail.  The action will then fail with an error message indicating that the firewall rule could not be added.  If the included error message does not provide enough context for you to further troubleshoot your connectivity, rerun the workflow with [debug logs enabled](https://docs.github.com/actions/managing-workflow-runs/enabling-debug-logging#enabling-runner-diagnostic-logging) to get more detailed logging.
+
+
+## SQL Server
+
+GitHub sql-action requires that prior to running the action against SQL Server, the workflow must have network access to the SQL instance. For network architectures where public access is not available, [self-hosted runners](https://docs.github.com/actions/hosting-your-own-runners/about-self-hosted-runners) can be leveraged.  The SQL Server instance may be hosted in Azure, other public clouds, or on-premises and connect to this action.
+
+> [!IMPORTANT]
+> A failure to connect to the Azure SQL Managed Instance will result in the action attempting to add a firewall rule as if the endpoint with Azure SQL Database, which will fail.  The action will then fail with an error message indicating that the firewall rule could not be added.  If the included error message does not provide enough context for you to further troubleshoot your connectivity, rerun the workflow with [debug logs enabled](https://docs.github.com/actions/managing-workflow-runs/enabling-debug-logging#enabling-runner-diagnostic-logging) to get more detailed logging.
 
 # 🔑 Authentication
 
diff --git a/README.md b/README.md
index 5cf7598b..e13e9577 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Azure SQL Deploy
 
-This repository contains the sql-action GitHub Action for deploying changes to Azure SQL or SQL Server in a dacpac, SQL scripts, or an SDK-style SQL project. With the Azure SQL Action for GitHub, you can automate your workflow to deploy updates to Azure SQL or SQL Server.
+This repository contains the sql-action GitHub Action for deploying changes to Azure SQL Database, Azure SQL Managed Instance, or SQL Server in a dacpac, SQL scripts, or an SDK-style SQL project. With the Azure SQL Action for GitHub, you can automate your workflow to deploy updates to Azure SQL or SQL Server.
 
 
 
@@ -14,7 +14,7 @@ Looking to develop with SQL for free, locally and offline, before deploying with
 The definition of this GitHub Action is in [action.yml](https://github.com/Azure/sql-action/blob/master/action.yml).  Learn more in the [user guide](#📓-user-guide).
 
 ```yaml
-- uses: azure/sql-action@v2.2
+- uses: azure/sql-action@v2.2.1
   with:
     # required, connection string incl the database and user authentication information
     connection-string:
@@ -48,7 +48,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
-    - uses: azure/sql-action@v2.2
+    - uses: azure/sql-action@v2.2.1
       with:        
         connection-string: ${{ secrets.AZURE_SQL_CONNECTION_STRING }}
         path: './Database.sqlproj'
@@ -71,7 +71,7 @@ jobs:
     - uses: azure/login@v1                            # Azure login required to add a temporary firewall rule
       with:
         creds: ${{ secrets.AZURE_CREDENTIALS }}
-    - uses: azure/sql-action@v2.2
+    - uses: azure/sql-action@v2.2.1
       with:        
         connection-string: ${{ secrets.AZURE_SQL_CONNECTION_STRING }}
         path: './sqlscripts/*.sql'
@@ -88,7 +88,7 @@ jobs:
     runs-on: windows-latest
     steps:
     - uses: actions/checkout@v3
-    - uses: azure/sql-action@v2.2
+    - uses: azure/sql-action@v2.2.1
       with:
         connection-string: ${{ secrets.AZURE_SQL_CONNECTION_STRING }}
         path: './Database.dacpac'
@@ -119,9 +119,14 @@ sql-action is supported on both Windows and Linux environments.  The [default im
 
 ### Firewall Rules/Access
 
-If you *can* use the option [Allow Azure Services and resources to access this server](https://docs.microsoft.com/en-us/azure/azure-sql/database/firewall-configure#connections-from-inside-azure), you are all set and you don't need to to anything else to allow GitHub Action to connect to your Azure SQL database.
+> [!NOTE]
+> This Firewall Rules section of the document is specific to Azure SQL Database. For Azure SQL Managed Instance and SQL Server it is recommended to review the [connection](CONNECTION.md) guide.
+
+If you *can* use the option [Allow Azure Services and resources to access this server](https://docs.microsoft.com/en-us/azure/azure-sql/database/firewall-configure#connections-from-inside-azure) on Azure SQL Database, you are all set and you don't need to to anything else to allow GitHub Action to connect to your Azure SQL Database.
+
+If you *cannot* use the aforementioned option on Azure SQL Database, the action can automatically add and remove a [SQL server firewall rule](https://docs.microsoft.com/azure/sql-database/sql-database-server-level-firewall-rule) specific to the GitHub Action runner's IP address. Without the firewall rule, the runner cannot communicate with Azure SQL Database. Read more about this in the [connection](CONNECTION.md) guide.
+
 
-If you *cannot* use the aforementioned option, the action can automatically add and remove a [SQL server firewall rule](https://docs.microsoft.com/azure/sql-database/sql-database-server-level-firewall-rule) specific to the GitHub Action runner's IP address. Without the firewall rule, the runner cannot communicate with Azure SQL Database. Read more about this in the [connection](CONNECTION.md) guide.
 
 
 #### Azure Credentials for Login (quickstart)
@@ -169,7 +174,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
-    - uses: azure/sql-action@v2.2
+    - uses: azure/sql-action@v2.2.1
       with:        
         connection-string: ${{ secrets.AZURE_SQL_CONNECTION_STRING }}
         path: './Database.sqlproj'
@@ -222,7 +227,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
-    - uses: azure/sql-action@v2.2
+    - uses: azure/sql-action@v2.2.1
       with:        
         connection-string: ${{ secrets.AZURE_SQL_CONNECTION_STRING }}
         path: './PreviousDatabase.dacpac'