[ORT 1.20.1 Release] Cherry pick 2nd round #11767
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Windows_SCA | |
on: | |
push: | |
branches: | |
- main | |
- rel-* | |
pull_request: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
env: | |
AZCOPY_AUTO_LOGIN_TYPE: MSI | |
AZCOPY_MSI_CLIENT_ID: 63b63039-6328-442f-954b-5a64d124e5b4 | |
jobs: | |
Onnxruntime-SCA-training-CUDA: | |
permissions: | |
security-events: write | |
runs-on: ["self-hosted", "1ES.Pool=onnxruntime-github-vs2022-mms"] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: false | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11.x' | |
architecture: 'x64' | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- name: Download cuda | |
run: azcopy.exe cp --recursive "https://lotusscus.blob.core.windows.net/models/cuda_sdk/v11.8" cuda_sdk | |
- name: Install ONNX | |
run: | | |
&tools\ci_build\github\windows\install_third_party_deps.ps1 -cpu_arch x64 -install_prefix D:\b\Debug\installed -build_config Debug | |
# The build machine doesn't have a GPU. So the value of CMAKE_CUDA_ARCHITECTURES doesn't matter. | |
- name: Build code | |
env: | |
CAExcludePath: 'C:\Program Files;D:\b;${{ github.workspace }}\cmake' | |
run: python tools\ci_build\build.py --windows_sdk_version 10.0.22621.0 --enable_training --build_java --compile_no_warning_as_error --config Debug --build_dir D:\b --skip_submodule_sync --build_csharp --update --build --parallel --cmake_generator "Visual Studio 17 2022" --build_shared_lib --enable_pybind --cmake_extra_defines onnxruntime_USE_CUSTOM_STATIC_ANALYSIS_RULES=ON --cmake_extra_defines onnxruntime_ENABLE_STATIC_ANALYSIS=ON --cmake_extra_defines onnxruntime_REDIRECT_STATIC_ANALYSIS_OUTPUTS_TO_FILE=ON --use_cuda --cuda_home=${{ github.workspace }}\cuda_sdk\v11.8 --use_binskim_compliant_compile_flags --enable_cuda_profiling --cmake_extra_defines CMAKE_CUDA_ARCHITECTURES=75 | |
- name: Generate sarif | |
working-directory: D:\b | |
run: npx @microsoft/sarif-multitool merge *.sarif --recurse --output-directory=${{ github.workspace }}\output --output-file=MergeResult.sarif --merge-runs && dir ${{ github.workspace }}\output | |
- name: Upload SARIF to GitHub | |
uses: github/codeql-action/upload-sarif@v3 | |
continue-on-error: true | |
with: | |
sarif_file: ${{ github.workspace }}\output\MergeResult.sarif | |
category: VS_SCA | |
# No python | |
Onnxruntime-SCA-win32-WINML-x64: | |
permissions: | |
security-events: write | |
runs-on: ["self-hosted", "1ES.Pool=onnxruntime-github-vs2022-mms"] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: false | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11.x' | |
architecture: 'x64' | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- name: Delete build folder | |
run: | | |
if (Test-Path D:\b) { Remove-Item -Recurse -Force D:\b } | |
&tools\ci_build\github\windows\install_third_party_deps.ps1 -cpu_arch x64 -install_prefix D:\b\Debug\installed -build_config Debug | |
# The build machine doesn't have a GPU. So the value of CMAKE_CUDA_ARCHITECTURES doesn't matter. | |
- name: Build code | |
env: | |
CAExcludePath: 'C:\Program Files;D:\b;${{ github.workspace }}\cmake' | |
run: python tools\ci_build\build.py --build_java --compile_no_warning_as_error --config Debug --build_dir D:\b --skip_submodule_sync --build_csharp --update --build --parallel --cmake_generator "Visual Studio 17 2022" --build_shared_lib --cmake_extra_defines onnxruntime_USE_CUSTOM_STATIC_ANALYSIS_RULES=ON --cmake_extra_defines onnxruntime_ENABLE_STATIC_ANALYSIS=ON --cmake_extra_defines onnxruntime_REDIRECT_STATIC_ANALYSIS_OUTPUTS_TO_FILE=ON --ms_experimental --use_dml --use_winml --disable_rtti --enable_wcos --build_shared_lib | |
- name: Generate sarif | |
working-directory: D:\b | |
run: npx @microsoft/sarif-multitool merge *.sarif --recurse --output-directory=${{ github.workspace }}\output --output-file=MergeResult.sarif --merge-runs && dir ${{ github.workspace }}\output | |
- name: Upload SARIF to GitHub | |
uses: github/codeql-action/upload-sarif@v3 | |
continue-on-error: true | |
with: | |
sarif_file: ${{ github.workspace }}\output\MergeResult.sarif | |
category: VS_SCA_WIN32_WINML_X64 | |
# No java, No python | |
Onnxruntime-SCA-win32-WINML-x86: | |
permissions: | |
security-events: write | |
runs-on: ["self-hosted", "1ES.Pool=onnxruntime-github-vs2022-mms"] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: false | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11.x' | |
architecture: 'x86' | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- name: Delete build folder | |
run: | | |
if (Test-Path D:\b) { Remove-Item -Recurse -Force D:\b } | |
&tools\ci_build\github\windows\install_third_party_deps.ps1 -cpu_arch x86 -install_prefix D:\b\Debug\installed -build_config Debug | |
# The build machine doesn't have a GPU. So the value of CMAKE_CUDA_ARCHITECTURES doesn't matter. | |
- name: Build code | |
env: | |
CAExcludePath: 'C:\Program Files;D:\b;${{ github.workspace }}\cmake' | |
run: python tools\ci_build\build.py --compile_no_warning_as_error --config Debug --build_dir D:\b --skip_submodule_sync --build_csharp --update --build --parallel --cmake_generator "Visual Studio 17 2022" --build_shared_lib --cmake_extra_defines onnxruntime_USE_CUSTOM_STATIC_ANALYSIS_RULES=ON --cmake_extra_defines onnxruntime_ENABLE_STATIC_ANALYSIS=ON --cmake_extra_defines onnxruntime_REDIRECT_STATIC_ANALYSIS_OUTPUTS_TO_FILE=ON --ms_experimental --use_dml --use_winml --disable_rtti --enable_wcos --build_shared_lib | |
- name: Generate sarif | |
working-directory: D:\b | |
run: npx @microsoft/sarif-multitool merge *.sarif --recurse --output-directory=${{ github.workspace }}\output --output-file=MergeResult.sarif --merge-runs && dir ${{ github.workspace }}\output | |
- name: Upload SARIF to GitHub | |
uses: github/codeql-action/upload-sarif@v3 | |
continue-on-error: true | |
with: | |
sarif_file: ${{ github.workspace }}\output\MergeResult.sarif | |
category: VS_SCA_WIN32_WINML_X86 |