onnxruntime/tools/ci_build/github/azure-pipelines/templates/compliance.yml
Changming Sun 4161758058
Remove openmp related packaging pipeline (#6991)
1. Remove openmp related packaging pipelines and build jobs.
2. Set continueOnError to true for the TSAUpload tasks. Their service is unstable recently.
3. Update Ubuntu 16 docker images to Ubuntu 18, in prepare for getting C++17 support
4. Cherry-pick the changes in 1.7.1 to the master: updating CFLAGS/CXXFLAGS to strip out debug symbols
2021-03-12 10:02:59 -08:00

58 lines
No EOL
2.2 KiB
YAML

parameters:
- name: msbuildPlatform
displayName: msbuildPlatform
type: string
default: x64
steps:
- task: CredScan@2
displayName: 'Run CredScan'
inputs:
toolMajorVersion: V2
debugMode: false
continueOnError: true
- task: BinSkim@3
displayName: 'Run BinSkim'
inputs:
arguments: 'analyze $(Build.BinariesDirectory)\RelWithDebInfo\RelWithDebInfo\*.dll --recurse --verbose'
continueOnError: true
- task: DeleteFiles@1
displayName: 'Delete files from $(Build.BinariesDirectory)\RelWithDebInfo'
inputs:
SourceFolder: '$(Build.BinariesDirectory)\RelWithDebInfo'
Contents: |
**/*.obj
**/*.pdb
**/*.dll
#Manually set msBuildCommandline so that we can also set CAExcludePath
- task: securedevelopmentteam.vss-secure-development-tools.build-task-prefast.SDLNativeRules@2
displayName: 'Run the PREfast SDL Native Rules for MSBuild'
inputs:
userProvideBuildInfo: msBuildInfo
msBuildVersion: 16.0
msBuildArchitecture: x64
msBuildCommandline: '"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Current\Bin\amd64\msbuild.exe" "$(Build.BinariesDirectory)\RelWithDebInfo\onnxruntime.sln" /p:platform="${{parameters.msbuildPlatform}}" /p:configuration="RelWithDebInfo" /p:CAExcludePath="$(Build.BinariesDirectory);$(Build.SourcesDirectory)\cmake;C:\program files (x86)" /p:VisualStudioVersion="16.0" /m /p:PreferredToolArchitecture=x64'
continueOnError: true
- task: securedevelopmentteam.vss-secure-development-tools.build-task-report.SdtReport@1
displayName: 'Create Security Analysis Report'
inputs:
BinSkim: true
BinSkimBreakOn: WarningAbove
CredScan: true
SDLNativeRules: true
- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
displayName: 'Publish Security Analysis Logs'
continueOnError: true
- task: securedevelopmentteam.vss-secure-development-tools.build-task-uploadtotsa.TSAUpload@1
condition: and (succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/master'))
displayName: 'TSA Upload'
inputs:
tsaVersion: TsaV2
codeBaseName: 'onnxruntime_master'
continueOnError: true