A simple example of an Azure Managed Image build using Packer in Azure Pipelines. The pipeline is also simple:

• Triggered on commit to "main" branch of my repository
• Build agent is Windows Server 2019
• DownloadSecureFile@1 used to download my pkrvars.hcl file for variable input, referenced as $(mySecureFGile.secureFilePath)
• Manual execution of Packer as a command instead of using PackerBuild@1 because it expects parameters that aren't needed if they are handled within the definition
• DeleteFiles@1 to cleanup the previous secure file

The image defaults to a Windows Server 2019 image from Azure (2019-datacenter) as the source image. Four PowerShell scripts are executed:

• Wait.ps1 - waits for specific services to be in a running state
• Chocolately.ps1 - installs Chocolatey and adds a private NuGet repo to Chocolatey stored in Azure Artifacts
• Build.ps1 - Installs PowerShell 7, Git, and PuTTy (from the private repo) via Chocolatey, just as an example
• Sysprep.ps1 - Generalizes the install as necessary prior to making the image

A real golden image would have all of the utilities and agents that would be required on all systems and required OS hardening for compliance.

I created a NuGet repository with Azure Artifacts to use as a private Chocolatey repository following Build a Chocolatey Package Repository using Azure DevOps Artifacts Feed. I then added varibles to the variables.pkr.hcl, modified chocolatey.ps1 to access parameters that are supplied by those variables and add the private repo as a Chocolatey source, then modified build.pkr.hcl to set the variables for the PowerShell script to consume.