ci: bump Windows vmImage to 2022 (#12557)

Azure is telling us to stop using 2019, so I've updated the job to be
compatible with 2022. (And future Windows images, too.)

CHANGELOG_BEGIN
CHANGELOG_END

ci/build.yml

@@ -150,15 +150,10 @@ jobs:
         trigger_sha: '$(trigger_sha)'
     - template: report-end.yml
 
-- template: patch_bazel_windows/compile.yml
-  parameters:
-    final_job_name: patch_bazel_windows
-
 - job: Windows
   dependsOn:
     - da_ghc_lib
     - check_for_release
-    - patch_bazel_windows
     - git_sha
   variables:
     - name: release_sha

ci/patch_bazel_windows/compile.yml

@@ -1,121 +0,0 @@
-# Copyright (c) 2022 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
-# SPDX-License-Identifier: Apache-2.0
-
-parameters:
-- name: final_job_name
-
-jobs:
-
-- job: patch_bazel_pre_check
-  pool:
-    name: ubuntu_20_04
-  steps:
-  - checkout: self
-  - template: ../bash-lib.yml
-    parameters:
-      var_name: bash-lib
-  - bash: |
-      set -euo pipefail
-      source $(bash-lib)
-
-      CACHE_KEY="$(find ci/patch_bazel_windows -type f -print0 | sort -z | xargs -r0 md5sum | md5sum | awk '{print $1}')"
-      TARGET="patch_bazel_windows/bazel-$CACHE_KEY.zip"
-      TARGET_URL="https://daml-binaries.da-ext.net/$TARGET"
-      STATUS="$(curl -Is "$TARGET_URL" | head -1 | awk '{print $2}')"
-
-      if [ "200" = "$STATUS" ]; then
-          SHOULD_RUN=false
-      else
-          SHOULD_RUN=true
-      fi
-      setvar cache_key $CACHE_KEY
-      setvar should_run $SHOULD_RUN
-      setvar target $TARGET
-      setvar target_url $TARGET_URL
-
-      echo "Final hash and URL will be printed by the ${{parameters.final_job_name}} job."
-    name: out
-
-- job: patch_bazel_compile
-  dependsOn:
-    - patch_bazel_pre_check
-  variables:
-    cache_key: $[ dependencies.patch_bazel_pre_check.outputs['out.cache_key'] ]
-    should_run: $[ dependencies.patch_bazel_pre_check.outputs['out.should_run'] ]
-    bazel_base_version: 4.2.1
-  pool:
-    vmImage: windows-2019
-  steps:
-  - checkout: self
-    condition: eq(variables.should_run, 'true')
-  - bash: |
-      git clone https://github.com/bazelbuild/bazel.git
-      cd bazel
-      git checkout $(bazel_base_version)
-    condition: eq(variables.should_run, 'true')
-  - powershell: |
-      choco install msys2 --noprogress --yes
-      choco install zip --noprogress --yes
-    condition: eq(variables.should_run, 'true')
-  - powershell: |
-      C:\tools\msys64\usr\bin\pacman -S zip --noconfirm
-    condition: eq(variables.should_run, 'true')
-  - bash: |
-      set -euo pipefail
-      BAZEL=$(mktemp)
-      curl -sL https://github.com/bazelbuild/bazel/releases/download/$(bazel_base_version)/bazel-$(bazel_base_version)-windows-x86_64.exe > $BAZEL
-      cd bazel
-      $BAZEL build src/main/cpp:client src:package-zip_jdk_minimal -c opt --stamp --embed_label $(bazel_base_version)-patched-$(cache_key)
-      # Note (MK) For some reason, the `zip` from chocolatey seems to result in
-      # a “zip file structure invalid” error. I’ve tried adding msys to PATH so the Bazel
-      # rules pick up `zip` from msys but that broke other things. So for now
-      # we skip the final Bazel rule to build the self-extracting exe and instead
-      # call `zip` from msys separately.
-      /c/tools/msys64/msys2_shell.cmd -defterm -no-start -here -c "cat bazel-bin/src/main/cpp/client.exe bazel-bin/src/package_jdk_minimal.zip > bazel.exe && zip -A bazel.exe"
-      mkdir '$(Build.StagingDirectory)\patched-bazel'
-      zip bazel.zip bazel.exe
-      cp bazel.zip '$(Build.StagingDirectory)\patched-bazel'
-      echo "Final hash and URL will be printed by the ${{parameters.final_job_name}} job."
-    condition: eq(variables.should_run, 'true')
-  - task: PublishPipelineArtifact@1
-    inputs:
-      targetPath: $(Build.StagingDirectory)/patched-bazel
-      artifactName: patched-bazel
-    condition: eq(variables.should_run, 'true')
-
-- job: ${{ parameters.final_job_name }}
-  dependsOn:
-    - patch_bazel_compile
-    - patch_bazel_pre_check
-  variables:
-    cache_key: $[ dependencies.patch_bazel_pre_check.outputs['out.cache_key'] ]
-    target: $[ dependencies.patch_bazel_pre_check.outputs['out.target'] ]
-    target_url: $[ dependencies.patch_bazel_pre_check.outputs['out.target_url'] ]
-    should_run: $[ dependencies.patch_bazel_pre_check.outputs['out.should_run'] ]
-  pool:
-    name: ubuntu_20_04
-  steps:
-  - task: DownloadPipelineArtifact@2
-    inputs:
-      artifact: patched-bazel
-      path: $(Build.StagingDirectory)/patched-bazel
-    condition: eq(variables.should_run, 'true')
-  - bash: |
-      set -euo pipefail
-
-      SOURCE='$(Build.StagingDirectory)/patched-bazel/bazel.zip'
-
-      GCS_KEY=$(mktemp)
-      cleanup() {
-          rm -rf $GCS_KEY
-      }
-      trap cleanup EXIT
-      # This will break on external PRs.
-      echo "$GOOGLE_APPLICATION_CREDENTIALS_CONTENT" > $GCS_KEY
-      gcloud auth activate-service-account --key-file=$GCS_KEY
-      BOTO_CONFIG=/dev/null gsutil cp "$SOURCE" "gs://daml-binaries/$(target)"
-      echo "url: $(target_url)"
-      echo "hash: $(sha256sum "$(Build.StagingDirectory)/patched-bazel/bazel.zip" | awk '{print $1}')"
-    env:
-      GOOGLE_APPLICATION_CREDENTIALS_CONTENT: $(GOOGLE_APPLICATION_CREDENTIALS_CONTENT)
-    condition: eq(variables.should_run, 'true')

dev-env/windows/manifests/bazel.json

@@ -1,12 +1,12 @@
 {
   "homepage": "https://bazel.build",
-  "version": "4.1.0",
+  "version": "4.2.0",
   "license": "Apache-2.0",
   "bin": "bazel.exe",
   "architecture": {
     "64bit": {
-      "url": "https://daml-binaries.da-ext.net/patch_bazel_windows/bazel-be46798f67a4437875bfe23efb51935a.zip",
-      "hash": "670afb47f1b1a50747e90b570780ca54cfd29d9e5bf338a711c7f7d4758c9029"
+      "url": "https://github.com/bazelbuild/bazel/releases/download/4.2.0/bazel-4.2.0-windows-x86_64.zip",
+      "hash": "56c29f850677a7aaf9b59cbd762d0d41d9f9e158bf96c5b6022af123fd52db7f"
     }
   },
   "depends": [