windows: add Windows release build for AzPipelines

Add an incomplete build stage for Windows. ESRP is not yet enabled.

Signed-off-by: Matthew John Cheetham <mjcheetham@outlook.com>

Author: mjcheetham

.azure-pipelines/release.yml

@@ -15,9 +15,31 @@ parameters:
     default: false
     displayName: 'Enable ESRP code signing'
 
+variables:
+  - name: 'esrpConnectionName'
+    value: 'ESRP-1ESGitClient'
+  - name: 'esrpEndpointUrl'
+    value: 'https://api.esrp.microsoft.com/api/v2'
+  - name: 'esrpClientId'
+    value: 'TODO'
+  - name: 'esrpTenantId'
+    value: 'TODO'
+  - name: 'esrpAuthAkvName'
+    value: 'TODO'
+  - name: 'esrpAuthCertName'
+    value: 'TODO'
+  - name: 'esrpAuthSignCertName'
+    value: 'TODO'
+
 extends:
   template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelines
   parameters:
+    sdl:
+      # SDL source analysis tasks only run on Windows images
+      sourceAnalysisPool:
+        name: GitClient-1ESHostedPool-intel-pc
+        image: win-x86_64-ado1es
+        os: windows
     stages:
       - stage: windows
         displayName: 'Windows'
@@ -28,5 +50,114 @@ extends:
               name: GitClient-1ESHostedPool-intel-pc
               image: win-x86_64-ado1es
               os: windows
+            templateContext:
+              outputs:
+                - output: pipelineArtifact
+                  targetPath: '$(Build.ArtifactStagingDirectory)/payload'
+                  artifactName: 'win-x86_payload'
+                - output: pipelineArtifact
+                  targetPath: '$(Build.ArtifactStagingDirectory)/installers'
+                  artifactName: 'win-x86_installers'
             steps:
               - checkout: self
+              - task: UseDotNet@2
+                displayName: 'Use .NET 8 SDK'
+                inputs:
+                  packageType: sdk
+                  version: '8.x'
+              - task: PowerShell@2
+                displayName: 'Build payload'
+                inputs:
+                  pwsh: true
+                  targetType: filePath
+                  filePath: '.\src\windows\Installer.Windows\layout.ps1'
+                  arguments: |
+                    -Configuration Release `
+                    -Output $(Build.ArtifactStagingDirectory)\payload `
+                    -SymbolOutput $(Build.ArtifactStagingDirectory)\symbols
+              # - task: EsrpCodeSigning@5
+              #   condition: and(succeeded(), eq('${{ parameters.esrp }}', true))
+              #   displayName: 'Sign payload'
+              #   inputs:
+              #     connectedServiceName: '$(esrpConnectionName)'
+              #     appRegistrationClientId: '$(esrpClientId)'
+              #     appRegistrationTenantId: '$(esrpTenantId)'
+              #     authAkvName: '$(esrpAuthAkvName)'
+              #     authCertName: '$(esrpAuthCertName)'
+              #     authSignCertName: '$(esrpAuthSignCertName)'
+              #     serviceEndpointUrl: '$(esrpEndpointUrl)'
+              #     folderPath: '$(Build.ArtifactStagingDirectory)\payload'
+              #     pattern: '**\*.exe;**\*.dll'
+              #     signConfigType: inlineSignParams
+              #     inlineOperation: |
+              #       [
+              #         {
+              #            "keyCode": "TODO",
+              #            "operationCode": "SigntoolSign"
+              #            "parameters": {
+              #               "OpusName": "Microsoft",
+              #               "OpusInfo": "http://microsoft.com",
+              #               "FileDigest": "/fd \"SHA256\"",
+              #               "PageHash": "/NPH",
+              #               "Timestamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
+              #            },
+              #            "toolName": "sign",
+              #            "toolVersion": "1.0"
+              #         },
+              #         {
+              #           "keyCode": "TODO",
+              #           "operationCode": "SigntoolVerify",
+              #           "parameters": {},
+              #           "toolName": "sign",
+              #           "toolVersion": "1.0"
+              #         }
+              #       ]
+              - task: PowerShell@2
+                displayName: 'Build installers'
+                inputs:
+                  pwsh: true
+                  targetType: inline
+                  script: |
+                    dotnet build '.\src\windows\Installer.Windows\Installer.Windows.csproj' `
+                      --configuration Release `
+                      --no-dependencies `
+                      -p:NoLayout=true `
+                      -p:PayloadPath="$(Build.ArtifactStagingDirectory)\payload"
+                      -p:OutputPath="$(Build.ArtifactStagingDirectory)\installers"
+              # - task: EsrpCodeSigning@5
+              #   condition: and(succeeded(), eq('${{ parameters.esrp }}', true))
+              #   displayName: 'Sign installers'
+              #   inputs:
+              #     connectedServiceName: '$(esrpConnectionName)'
+              #     appRegistrationClientId: '$(esrpClientId)'
+              #     appRegistrationTenantId: '$(esrpTenantId)'
+              #     authAkvName: '$(esrpAuthAkvName)'
+              #     authCertName: '$(esrpAuthCertName)'
+              #     authSignCertName: '$(esrpAuthSignCertName)'
+              #     serviceEndpointUrl: '$(esrpEndpointUrl)'
+              #     folderPath: '$(Build.ArtifactStagingDirectory)\installers'
+              #     pattern: '**\*.exe'
+              #     signConfigType: inlineSignParams
+              #     inlineOperation: |
+              #       [
+              #         {
+              #            "keyCode": "TODO",
+              #            "operationCode": "SigntoolSign"
+              #            "parameters": {
+              #               "OpusName": "Microsoft",
+              #               "OpusInfo": "http://microsoft.com",
+              #               "FileDigest": "/fd \"SHA256\"",
+              #               "PageHash": "/NPH",
+              #               "Timestamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
+              #            },
+              #            "toolName": "sign",
+              #            "toolVersion": "1.0"
+              #         },
+              #         {
+              #           "keyCode": "TODO",
+              #           "operationCode": "SigntoolVerify",
+              #           "parameters": {},
+              #           "toolName": "sign",
+              #           "toolVersion": "1.0"
+              #         }
+              #       ]