Update OneLocBuildToken (#141)

* Update OneLocBuildToken
* Force loc task pool image to windows

Author: MSylvia

azure-pipelines.yml

@@ -343,7 +343,10 @@ extends:
         jobs:
         - job: OneLocBuild
           displayName: OneLocBuild
-          pool: $(MicroBuildPoolName)
+          pool:
+            name: AzurePipelines-EO
+            demands:
+            - ImageOverride -equals 1ESPT-Windows2022
           timeoutInMinutes: 30
           variables:
           - group: Xamarin-Secrets
@@ -360,6 +363,22 @@ extends:
           - checkout: self
             clean: true
 
+          # https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-security-configuration/configuration-guides/pat-burndown-guidance#authentication-from-pipelines
+          # Requires Azure client 2.x
+          - task: AzureCLI@2
+            displayName: 'Set AzDO.OneLocBuildToken'
+            enabled: true
+            inputs:
+              azureSubscription: 'VSEng-AzureDevOps-ceapex-OneLocBuild'   # Azure DevOps service connection
+              scriptType: 'pscore'
+              scriptLocation: 'inlineScript'
+              inlineScript: |
+                # if this fails, check out this bash script that includes diagnostics:
+                # https://gist.github.com/johnterickson/19f80a3e969e39f1000d118739176e62
+                # Note that the resource is specified to limit the token to Azure DevOps
+                $token = az account get-access-token --query accessToken --resource 499b84ac-1321-427f-aa17-267ca6975798 -o tsv
+                Write-Host "##vso[task.setvariable variable=AzDO.OneLocBuildToken;issecret=true]${token}"
+
           - task: OneLocBuild@2
             displayName: OneLocBuild
             env:
@@ -368,7 +387,7 @@ extends:
               locProj: Localize/LocProject.json
               outDir: $(Build.StagingDirectory)
               packageSourceAuth: patAuth
-              patVariable: $(OneLocBuild--PAT)
+              patVariable: $(AzDO.OneLocBuildToken)
               isCreatePrSelected: true
               repoType: gitHub
               gitHubPatVariable: $(github--pat--vs-mobiletools-engineering-service2)