mirror of
https://github.com/saymrwulf/onnxruntime.git
synced 2026-05-29 23:06:41 +00:00
9b755dce9f
### Description Delete all Prefast tasks because the new VS 17.7 version crashes every time when we run the task on our CI build servers. However, we cannot reproduce it locally. And this problem blocks us installing security patches to our CI build machines. Will use [CodeQL](https://codeql.github.com/) instead. ### Motivation and Context Address some security alerts.
173 lines
5.9 KiB
YAML
173 lines
5.9 KiB
YAML
parameters:
|
|
|
|
- name: MACHINE_POOL
|
|
type: string
|
|
|
|
- name: EP_NAME
|
|
type: string
|
|
|
|
- name: PYTHON_VERSION
|
|
type: string
|
|
|
|
- name: EP_BUILD_FLAGS
|
|
type: string
|
|
|
|
- name: ENV_SETUP_SCRIPT
|
|
type: string
|
|
|
|
- name: BUILD_PY_PARAMETERS
|
|
displayName: >
|
|
Extra parameters to pass to build.py. Don't put newlines in here.
|
|
type: string
|
|
default: ''
|
|
|
|
jobs:
|
|
- job: Win_py_${{ parameters.EP_NAME }}_Wheels_${{ replace(parameters.PYTHON_VERSION,'.','_') }}
|
|
timeoutInMinutes: 240
|
|
workspace:
|
|
clean: all
|
|
pool: ${{ parameters.MACHINE_POOL }}
|
|
variables:
|
|
VSGenerator: 'Visual Studio 17 2022'
|
|
steps:
|
|
- checkout: self
|
|
clean: true
|
|
submodules: recursive
|
|
|
|
- template: telemetry-steps.yml
|
|
|
|
- task: UsePythonVersion@0
|
|
inputs:
|
|
versionSpec: ${{ parameters.PYTHON_VERSION }}
|
|
addToPath: true
|
|
architecture: 'x64'
|
|
|
|
- task: onebranch.pipeline.tsaoptions@1
|
|
displayName: 'OneBranch TSAOptions'
|
|
inputs:
|
|
tsaConfigFilePath: '$(Build.SourcesDirectory)\.config\tsaoptions.json'
|
|
appendSourceBranchName: false
|
|
|
|
- task: PythonScript@0
|
|
inputs:
|
|
scriptSource: inline
|
|
script: |
|
|
import sys
|
|
np_version = 'numpy==1.21.6' if sys.version_info < (3, 11) else 'numpy==1.24.2'
|
|
import subprocess
|
|
subprocess.call(['pip', 'install', '-q', 'setuptools', 'wheel', np_version])
|
|
workingDirectory: '$(Build.BinariesDirectory)'
|
|
displayName: 'Install python modules'
|
|
|
|
- template: download-deps.yml
|
|
|
|
- template: jobs/set-winenv.yml
|
|
parameters:
|
|
EnvSetupScript: ${{ parameters.ENV_SETUP_SCRIPT }}
|
|
DownloadCUDA: true
|
|
|
|
- task: PythonScript@0
|
|
displayName: 'Update deps.txt'
|
|
inputs:
|
|
scriptPath: $(Build.SourcesDirectory)/tools/ci_build/replace_urls_in_deps.py
|
|
arguments: --new_dir $(Build.BinariesDirectory)/deps
|
|
workingDirectory: $(Build.BinariesDirectory)
|
|
|
|
- task: PowerShell@2
|
|
displayName: 'Install ONNX'
|
|
inputs:
|
|
filePath: '$(Build.SourcesDirectory)/tools/ci_build/github/windows/install_third_party_deps.ps1'
|
|
workingDirectory: '$(Build.BinariesDirectory)'
|
|
arguments: -cpu_arch x64 -install_prefix $(Build.BinariesDirectory)\RelWithDebInfo\installed -build_config RelWithDebInfo
|
|
|
|
- template: set-nightly-build-option-variable-step.yml
|
|
|
|
|
|
- task: PythonScript@0
|
|
displayName: 'Generate cmake config'
|
|
inputs:
|
|
scriptPath: '$(Build.SourcesDirectory)\tools\ci_build\build.py'
|
|
arguments: >
|
|
--config RelWithDebInfo
|
|
--build_dir $(Build.BinariesDirectory)
|
|
--skip_submodule_sync
|
|
--cmake_generator "$(VSGenerator)"
|
|
--enable_pybind
|
|
--enable_onnx_tests
|
|
--parallel --update
|
|
$(TelemetryOption) ${{ parameters.BUILD_PY_PARAMETERS }} ${{ parameters.EP_BUILD_FLAGS }}
|
|
workingDirectory: '$(Build.BinariesDirectory)'
|
|
|
|
- task: VSBuild@1
|
|
displayName: 'Build'
|
|
inputs:
|
|
solution: '$(Build.BinariesDirectory)\RelWithDebInfo\onnxruntime.sln'
|
|
platform: x64
|
|
configuration: RelWithDebInfo
|
|
msbuildArchitecture: $(buildArch)
|
|
maximumCpuCount: true
|
|
logProjectEvents: true
|
|
workingFolder: '$(Build.BinariesDirectory)\RelWithDebInfo'
|
|
createLogFile: true
|
|
|
|
# Esrp signing
|
|
- template: win-esrp-dll.yml
|
|
parameters:
|
|
FolderPath: '$(Build.BinariesDirectory)\RelWithDebInfo\RelWithDebInfo\onnxruntime\capi'
|
|
DisplayName: 'ESRP - Sign Native dlls'
|
|
DoEsrp: true
|
|
Pattern: '*.pyd,*.dll'
|
|
|
|
- task: PythonScript@0
|
|
displayName: 'Build wheel'
|
|
inputs:
|
|
scriptPath: '$(Build.SourcesDirectory)\setup.py'
|
|
arguments: 'bdist_wheel ${{ parameters.BUILD_PY_PARAMETERS }} $(NightlyBuildOption) --wheel_name_suffix=${{ parameters.EP_NAME }}'
|
|
workingDirectory: '$(Build.BinariesDirectory)\RelWithDebInfo\RelWithDebInfo'
|
|
|
|
- task: CopyFiles@2
|
|
displayName: 'Copy Python Wheel to: $(Build.ArtifactStagingDirectory)'
|
|
inputs:
|
|
SourceFolder: '$(Build.BinariesDirectory)\RelWithDebInfo\RelWithDebInfo\dist'
|
|
Contents: '*.whl'
|
|
TargetFolder: '$(Build.ArtifactStagingDirectory)'
|
|
|
|
- task: PublishBuildArtifacts@1
|
|
displayName: 'Publish Artifact: ONNXRuntime python wheel'
|
|
inputs:
|
|
ArtifactName: onnxruntime_${{ parameters.EP_NAME }}
|
|
|
|
- script: |
|
|
7z x *.whl
|
|
workingDirectory: '$(Build.ArtifactStagingDirectory)'
|
|
displayName: 'unzip the package'
|
|
|
|
- task: CredScan@3
|
|
displayName: 'Run CredScan'
|
|
inputs:
|
|
debugMode: false
|
|
continueOnError: true
|
|
|
|
- task: BinSkim@4
|
|
displayName: 'Run BinSkim'
|
|
inputs:
|
|
AnalyzeTargetGlob: '+:file|$(Build.ArtifactStagingDirectory)\**\*.dll;-:file|$(Build.ArtifactStagingDirectory)\**\DirectML.dll'
|
|
|
|
- powershell: |
|
|
python -m pip uninstall -y ort-nightly-gpu ort-nightly onnxruntime onnxruntime-gpu -qq
|
|
Get-ChildItem -Path $(Build.ArtifactStagingDirectory)/*.whl | foreach {pip --disable-pip-version-check install --upgrade $_.fullname tabulate}
|
|
Remove-Item -Recurse -Force onnxruntime
|
|
python onnx_backend_test_series.py
|
|
workingDirectory: '$(Build.BinariesDirectory)\RelWithDebInfo\RelWithDebInfo'
|
|
displayName: 'Run Python Tests'
|
|
|
|
- task: TSAUpload@2
|
|
displayName: 'TSA upload'
|
|
condition: and (succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
|
|
inputs:
|
|
GdnPublishTsaOnboard: false
|
|
GdnPublishTsaConfigFile: '$(Build.sourcesDirectory)\.gdn\.gdntsa'
|
|
|
|
- template: component-governance-component-detection-steps.yml
|
|
parameters:
|
|
condition: 'succeeded'
|