diff --git a/azure-pipelines-release.yml b/azure-pipelines-release.yml
new file mode 100644
index 0000000..c3ec209
--- /dev/null
+++ b/azure-pipelines-release.yml
@@ -0,0 +1,136 @@
+# .NET Desktop
+# Build and run tests for .NET Desktop or Windows classic desktop solutions.
+# Add steps that publish symbols, save build artifacts, and more:
+# https://docs.microsoft.com/azure/devops/pipelines/apps/windows/dot-net
+
+trigger: none
+pr: none
+
+pool:
+ name: '1ES-Hosted-DurableTaskFramework'
+ demands:
+ - ImageOverride -equals MMS2022TLS
+
+steps:
+# Start by restoring all the dependencies.
+- task: DotNetCoreCLI@2
+ displayName: 'Restore nuget dependencies'
+ inputs:
+ command: restore
+ verbosityRestore: Minimal
+ projects: |
+ src/DurableTask.Netherite/DurableTask.Netherite.csproj
+ src/DurableTask.Netherite.AzureFunctions/DurableTask.Netherite.AzureFunctions.csproj
+
+# Build the filtered solution in release mode, specifying the continuous integration flag.
+- task: VSBuild@1
+ displayName: 'Build (Netherite)'
+ inputs:
+ solution: 'src/DurableTask.Netherite/DurableTask.Netherite.csproj'
+ vsVersion: '16.0'
+ logFileVerbosity: minimal
+ configuration: Release
+ msbuildArgs: /p:GITHUB_RUN_NUMBER=$(Build.BuildId) /p:ContinuousIntegrationBuild=true
+
+- task: VSBuild@1
+ displayName: 'Build (Netherite Azure Functions)'
+ inputs:
+ solution: 'src/DurableTask.Netherite.AzureFunctions/DurableTask.Netherite.AzureFunctions.csproj'
+ vsVersion: '16.0'
+ logFileVerbosity: minimal
+ configuration: Release
+ msbuildArgs: /p:GITHUB_RUN_NUMBER=$(Build.BuildId) /p:ContinuousIntegrationBuild=true
+
+# Manifest Generator Task
+- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
+ displayName: 'Manifest Generator '
+ inputs:
+ BuildDropPath: '$(System.DefaultWorkingDirectory)'
+
+# Authenticode sign all the DLLs with the Microsoft certificate.
+# This appears to be an in-place signing job, which is convenient.
+- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
+ displayName: 'ESRP CodeSigning: Authenticode'
+ inputs:
+ ConnectedServiceName: 'ESRP Service'
+ FolderPath: 'src'
+ Pattern: 'DurableTask.*.dll'
+ signConfigType: inlineSignParams
+ inlineOperation: |
+ [
+ {
+ "KeyCode": "CP-230012",
+ "OperationCode": "SigntoolSign",
+ "Parameters": {
+ "OpusName": "Microsoft",
+ "OpusInfo": "http://www.microsoft.com",
+ "FileDigest": "/fd \"SHA256\"",
+ "PageHash": "/NPH",
+ "TimeStamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
+ },
+ "ToolName": "sign",
+ "ToolVersion": "1.0"
+ },
+ {
+ "KeyCode": "CP-230012",
+ "OperationCode": "SigntoolVerify",
+ "Parameters": {},
+ "ToolName": "sign",
+ "ToolVersion": "1.0"
+ }
+ ]
+
+# Packaging needs to be a separate step from build.
+# This will automatically pick up the signed DLLs.
+
+- task: DotNetCoreCLI@2
+ displayName: Generate nuget packages
+ inputs:
+ command: pack
+ verbosityPack: Minimal
+ configuration: Release
+ nobuild: true
+ packDirectory: $(build.artifactStagingDirectory)
+ packagesToPack: 'src/DurableTask.Netherite/DurableTask.Netherite.csproj'
+
+- task: DotNetCoreCLI@2
+ displayName: Generate nuget packages
+ inputs:
+ command: pack
+ verbosityPack: Minimal
+ configuration: Release
+ nobuild: true
+ packDirectory: $(build.artifactStagingDirectory)
+ packagesToPack: 'src/DurableTask.Netherite.AzureFunctions/DurableTask.Netherite.AzureFunctions.csproj'
+
+# Digitally sign all the nuget packages with the Microsoft certificate.
+# This appears to be an in-place signing job, which is convenient.
+- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
+ displayName: 'ESRP CodeSigning: Nupkg'
+ inputs:
+ ConnectedServiceName: 'ESRP Service'
+ FolderPath: $(build.artifactStagingDirectory)
+ Pattern: '*.nupkg'
+ signConfigType: inlineSignParams
+ inlineOperation: |
+ [
+ {
+ "KeyCode": "CP-401405",
+ "OperationCode": "NuGetSign",
+ "Parameters": {},
+ "ToolName": "sign",
+ "ToolVersion": "1.0"
+ },
+ {
+ "KeyCode": "CP-401405",
+ "OperationCode": "NuGetVerify",
+ "Parameters": {},
+ "ToolName": "sign",
+ "ToolVersion": "1.0"
+ }
+ ]
+
+# Make the nuget packages available for download in the ADO portal UI
+- publish: $(build.artifactStagingDirectory)
+ displayName: 'Publish nuget packages to Artifacts'
+ artifact: PackageOutput
\ No newline at end of file
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 14536e6..23d0256 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -46,4 +46,3 @@ steps:
projects: '**/DurableTask.Netherite*Tests.csproj'
arguments: '--configuration $(buildConfiguration) --verbosity normal --filter "AnyTransport=true"'
testRunTitle: 'Netherite Unit Tests on storageAccount/EventHubs'
-
diff --git a/src/DurableTask.Netherite.AzureFunctions/DurableTask.Netherite.AzureFunctions.csproj b/src/DurableTask.Netherite.AzureFunctions/DurableTask.Netherite.AzureFunctions.csproj
index 2d09cc6..6c6214d 100644
--- a/src/DurableTask.Netherite.AzureFunctions/DurableTask.Netherite.AzureFunctions.csproj
+++ b/src/DurableTask.Netherite.AzureFunctions/DurableTask.Netherite.AzureFunctions.csproj
@@ -37,6 +37,13 @@
+
+
+
+ true
+ content/SBOM
+
+
diff --git a/src/DurableTask.Netherite/DurableTask.Netherite.csproj b/src/DurableTask.Netherite/DurableTask.Netherite.csproj
index cbcffb1..d5a20c4 100644
--- a/src/DurableTask.Netherite/DurableTask.Netherite.csproj
+++ b/src/DurableTask.Netherite/DurableTask.Netherite.csproj
@@ -41,6 +41,13 @@
NU5125;NU5048
+
+
+
+ true
+ content/SBOM
+
+