Add ADO package release pipeline (#1187)

* initial commit to add ado release pipeline

* remove nuget auth task that was not used

* use internal feed for pulling

.azdo/release.yaml

@@ -0,0 +1,104 @@
+# A new tag is created when a GitHub release is published
+trigger:
+  branches:
+    include:
+      - refs/tags/*
+
+resources:
+  repositories:
+  - repository: 'component-detection'
+    type: github
+    endpoint: GitHub_OSE
+    name: microsoft/component-detection
+  - repository: 1ESPipelineTemplates
+    type: git
+    name: 1ESPipelineTemplates/1ESPipelineTemplates
+    ref: refs/tags/release
+
+variables:
+- name: RELEASE_TAG
+  value: ${{ replace(variables['Build.SourceBranch'], 'refs/tags/', '') }}
+- name: COMPONENT_DETECTION_SLN
+  value: ./ComponentDetection.sln
+- name: NUGET_PUSH_SERVICE_CONNECTION
+  value: '1ES-CG-Nuget-Push'
+- name: PACKAGE_PUSH_MI_SERVICE_CONNECTION
+  value: 'ComponentGovernance msengMI'
+
+extends:
+  template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
+  parameters:
+    pool:
+      name: '1ES-OSE-Pool'
+      os: linux
+      image: 1es-pt-ubuntu22.04
+
+    sdl:
+      sourceAnalysisPool:
+        name: 1ES-OSE-Pool
+        image: 1ES-OSE-Hosted-Pool-windows
+        os: windows
+
+    stages:
+    - stage: PublishCD
+      displayName: Publish Component Detection
+
+      jobs:
+      - job: build_push_cd
+        displayName: Build and push CD packages
+
+        steps:
+        - checkout: self
+
+        - task: UseDotNet@2
+          displayName: Install .NET
+          inputs:
+            packageType: 'sdk'
+            version: '6.0.x'
+
+        # https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-security-configuration/configuration-guides/pat-burndown-guidance#workarounds-for-tasks-that-do-not-yet-support-wif-service-connection
+        - task: AzureCLI@2
+          displayName: Override Nuget PAT
+          inputs:
+            azureSubscription: $(PACKAGE_PUSH_MI_SERVICE_CONNECTION)
+            scriptType: 'pscore'
+            scriptLocation: 'inlineScript'
+            inlineScript: |
+              $accessToken = az account get-access-token --query accessToken --resource 499b84ac-1321-427f-aa17-267ca6975798 -o tsv
+
+              # Set the access token as a secret, so it doesn't get leaked in the logs
+              Write-Host "##vso[task.setsecret]$accessToken"
+
+              # Override the apitoken of the nuget service connection, for the duration of this stage
+              Write-Host "##vso[task.setendpoint id=$(NUGET_PUSH_SERVICE_CONNECTION);field=authParameter;key=apitoken]$accessToken"
+        
+        - task: NuGetAuthenticate@1
+          displayName: Authenticate with Nuget
+          inputs:
+            nuGetServiceConnections: $(NUGET_PUSH_SERVICE_CONNECTION) # use the service connection who's apitoken was overridden
+
+        - task: DotNetCoreCLI@2
+          displayName: .NET Restore
+          inputs:
+            command: 'restore'
+            projects: $(COMPONENT_DETECTION_SLN)
+            feedsToUse: config
+            externalFeedCredentials: $(NUGET_PUSH_SERVICE_CONNECTION)
+
+        - task: DotNetCoreCLI@2
+          displayName: .NET Pack
+          env:
+            RELEASE_TAG: $(RELEASE_TAG)
+          inputs:
+            packagesToPack: '**/*.csproj'
+            configuration: 'Release'
+            packDirectory: '$(Build.ArtifactStagingDirectory)/out'
+            versioningScheme: byEnvVar
+            versionEnvVar: RELEASE_TAG
+
+        - task: DotNetCoreCLI@2
+          displayName: .NET Publish to Azure Artifacts
+          inputs:
+            packagesToPush: '$(Build.ArtifactStagingDirectory)/out/*.nupkg'
+            nugetFeedType: 'external'
+            externalEndPoint: $(NUGET_PUSH_SERVICE_CONNECTION)