name: orttraining-linux-ci-pipeline
on:
  push:
    branches:
      - main
      - rel-*
  pull_request:

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
  
jobs:
  orttraining-linux-ci-pipeline:
    runs-on: ["self-hosted", "1ES.Pool=onnxruntime-github-Ubuntu2204-AMD-CPU"]
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
      - uses: actions/checkout@v4
      - run: |
         python3 -m pip install --user -r tools/ci_build/github/linux/python/requirements.txt
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v3
        with:
          config-file: ./.github/codeql/codeql-config.yml
          languages: 'cpp'
      - run: |
         set -e -x
         rm -rf build
         python3 tools/ci_build/build.py --build_dir build --config Release --enable_training --skip_submodule_sync --parallel --update --build
         
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v3
        with:
          category: "/language:cpp"
          output: sarif-results
          upload: failure-only
        
      - name: filter-sarif
        uses: advanced-security/filter-sarif@v1
        with:
          patterns: |
            +**/*.cc
            +**/*.h
            -tests/**/*.*
            -build/**/*.*
          input: sarif-results/cpp.sarif
          output: sarif-results/cpp.sarif

      - name: Upload SARIF
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: sarif-results/cpp.sarif