diff --git a/.azure-devops/release.yaml b/.azure-devops/release.yaml
new file mode 100644
index 0000000..e5d8ae1
--- /dev/null
+++ b/.azure-devops/release.yaml
@@ -0,0 +1,80 @@
+pr: none
+trigger:
+  - main
+variables:
+  - group: InfoSec-SecurityResults
+  - name: tags
+    value: production,externalfacing
+  - name: serviceTreeID
+    value: 21f0b890-e3a8-4c0b-b9e7-2f764f8b799c
+
+resources:
+  repositories:
+    - repository: 1ESPipelineTemplates
+      type: git
+      name: 1ESPipelineTemplates/1ESPipelineTemplates
+      ref: refs/tags/release
+
+extends:
+  template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
+
+  parameters:
+    sdl:
+      sourceAnalysisPool:
+        name: Azure-Pipelines-1ESPT-ExDShared
+        image: windows-2022
+        os: windows
+    stages:
+      - stage: release
+        variables:
+          # OPTIONAL: Set this varibale to 'true' to enable signing in a target stage.
+          # Remove if signing is not required.
+          Build.ESRP.CodeSign.Enabled: false
+          # OPTIONAL: To disable required tools not applicable in the pipeline set to false.
+          # Supported values: BinSkim, Roslyn, ESLint, PREFast.
+          Build.SDL.<Roslyn>.Enabled: false
+          Build.SDL.<ESLint>.Enabled: true
+        jobs:
+          - job: Release
+            pool:
+              name: Azure-Pipelines-1ESPT-ExDShared
+              image: ubuntu-latest
+              os: linux
+            steps:
+              - checkout: self
+              - script: yarn --frozen-lockfile
+                displayName: yarn
+              - script: yarn ci-test
+                displayName: build and test [test]
+
+              - task: 1ES.PublishPipelineArtifact@1
+                displayName: "Publish built package"
+                inputs:
+                  artifactName: package-$(Build.BuildNumber)
+                  targetPath: $(System.DefaultWorkingDirectory)/dist
+
+              - script: |
+                  mkdir -p $(System.DefaultWorkingDirectory)/packages
+                  npm pack --pack-destination $(System.DefaultWorkingDirectory)/packages
+                displayName: "Generate npm package (.tgz)"
+
+              # - task: EsrpRelease@9
+              #   displayName: "ESRP Release to npm"
+              #   inputs:
+              #     connectedservicename: $(Release.ConnectedServiceName)
+              #     usemanagedidentity: true
+              #     keyvaultname: $(Release.KeyVaultName)
+              #     signcertname: $(Release.SignCertName)
+              #     clientid: $(Release.ClientId)
+              #     contenttype: "npm"
+              #     folderlocation: $(System.DefaultWorkingDirectory)/packages
+              #     owners: $(Release.Owners)
+              #     approvers: $(Release.Approvers)
+              #     mainpublisher: ESRPRELPACMAN
+              #     domaintenantid: $(Release.DomainTenantId)
+
+              - task: 1ES.PublishPipelineArtifact@1
+                displayName: 📒 Publish Manifest
+                inputs:
+                  artifactName: SBom-$(System.JobAttempt)
+                  targetPath: $(System.DefaultWorkingDirectory)/_manifest