Add a Github workflow for Prefast (#15763)

This commit is contained in:
Changming Sun 2023-05-03 11:42:51 -07:00 коммит произвёл GitHub
Родитель d53324d4a7
Коммит 41c082fdde
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
3 изменённых файлов: 63 добавлений и 6 удалений

51
.github/workflows/sca.yml поставляемый Normal file
Просмотреть файл

@ -0,0 +1,51 @@
name: Windows_SCA
on:
push:
branches:
- main
pull_request:
concurrency:
group: ${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
AZCOPY_AUTO_LOGIN_TYPE: MSI
AZCOPY_MSI_CLIENT_ID: 63b63039-6328-442f-954b-5a64d124e5b4
jobs:
Onnxruntime-SCA:
runs-on: ["self-hosted", "1ES.Pool=onnxruntime-github-vs2022-mms"]
steps:
- uses: actions/checkout@v3
with:
submodules: false
- uses: actions/setup-python@v3
with:
python-version: '3.11.x'
architecture: 'x64'
- uses: actions/setup-node@v3
with:
node-version: 18
- name: Download cuda
run: azcopy.exe cp --recursive "https://lotusscus.blob.core.windows.net/models/cuda_sdk/v11.8" cuda_sdk
# The build machine doesn't have a GPU. So the value of CMAKE_CUDA_ARCHITECTURES doesn't matter.
- name: Build code
env:
CAExcludePath: 'C:\Program Files;D:\b;${{ github.workspace }}\cmake'
run: python tools\ci_build\build.py --enable_training --build_java --compile_no_warning_as_error --config Debug --build_dir D:\b --skip_submodule_sync --build_csharp --update --build --parallel --cmake_generator "Visual Studio 17 2022" --build_shared_lib --enable_pybind --cmake_extra_defines onnxruntime_USE_CUSTOM_STATIC_ANALYSIS_RULES=ON --cmake_extra_defines onnxruntime_ENABLE_STATIC_ANALYSIS=ON --cmake_extra_defines onnxruntime_REDIRECT_STATIC_ANALYSIS_OUTPUTS_TO_FILE=ON --use_cuda --cuda_home=${{ github.workspace }}\cuda_sdk\v11.8 --enable_cuda_profiling --cmake_extra_defines CMAKE_CUDA_ARCHITECTURES=75
- name: Generate sarif
working-directory: D:\b
run: npx @microsoft/sarif-multitool merge *.sarif --recurse --output-directory=${{ github.workspace }}\output --output-file=MergeResult.sarif --merge-runs && dir ${{ github.workspace }}\output
- name: Upload SARIF to GitHub
uses: github/codeql-action/upload-sarif@v2
continue-on-error: true
with:
sarif_file: ${{ github.workspace }}\output\MergeResult.sarif
category: VS_SCA

Просмотреть файл

@ -64,6 +64,8 @@ endif()
option(onnxruntime_RUN_ONNX_TESTS "Enable ONNX Compatibility Testing" OFF)
option(onnxruntime_GENERATE_TEST_REPORTS "Enable test report generation" OFF)
option(onnxruntime_ENABLE_STATIC_ANALYSIS "Enable static analysis" OFF)
option(onnxruntime_USE_CUSTOM_STATIC_ANALYSIS_RULES "Use a custom SDL Rule. It is mainly for our CI build" OFF)
option(onnxruntime_REDIRECT_STATIC_ANALYSIS_OUTPUTS_TO_FILE "Use a custom SDL Rule. It is mainly for our CI build" OFF)
option(onnxruntime_ENABLE_PYTHON "Enable python buildings" OFF)
# Enable it may cause LNK1169 error
option(onnxruntime_ENABLE_MEMLEAK_CHECKER "Experimental: Enable memory leak checker in Windows debug build" OFF)
@ -834,8 +836,14 @@ function(onnxruntime_set_compile_flags target_name)
target_compile_options(${target_name} PRIVATE "$<$<COMPILE_LANGUAGE:CXX,C>:/external:I${CMAKE_CURRENT_BINARY_DIR}>" "$<$<COMPILE_LANGUAGE:CUDA>:SHELL:--compiler-options /external:I${CMAKE_CURRENT_BINARY_DIR}>")
if (onnxruntime_ENABLE_STATIC_ANALYSIS)
target_compile_options(${target_name} PRIVATE "$<$<COMPILE_LANGUAGE:CUDA>:SHELL:--compiler-options /analyze>" "$<$<COMPILE_LANGUAGE:CXX,C>:/analyze>")
if (onnxruntime_REDIRECT_STATIC_ANALYSIS_OUTPUTS_TO_FILE)
target_compile_options(${target_name} PRIVATE "$<$<COMPILE_LANGUAGE:CUDA>:SHELL:--compiler-options /analyze:autolog:ext.sarif>" "$<$<COMPILE_LANGUAGE:CXX,C>:/analyze:autolog:ext.sarif>")
endif()
target_compile_options(${target_name} PRIVATE "$<$<COMPILE_LANGUAGE:CUDA>:SHELL:--compiler-options /analyze:external->" "$<$<COMPILE_LANGUAGE:CXX,C>:/analyze:external->")
target_compile_options(${target_name} PRIVATE "$<$<COMPILE_LANGUAGE:CUDA>:SHELL:--compiler-options /wd6385>" )
# There are many such warnings from STL:
# include\list(148): warning C6011: Dereferencing NULL pointer '_Mycont'. : Lines: 146, 147, 148
target_compile_options(${target_name} PRIVATE "$<$<COMPILE_LANGUAGE:CUDA>:SHELL:--compiler-options /wd6011>" )
endif()
else()
# Enable warning
@ -902,11 +910,10 @@ endfunction()
function(onnxruntime_configure_target target_name)
target_link_directories(${target_name} PRIVATE ${onnxruntime_LINK_DIRS})
onnxruntime_set_compile_flags(${target_name})
onnxruntime_set_source_file_properties(${target_name})
#Uncomment the following three lines to reproduce static analysis errors locally
#if(WIN32 AND onnxruntime_ENABLE_STATIC_ANALYSIS)
# set_target_properties(${target_name} PROPERTIES VS_USER_PROPS ${PROJECT_SOURCE_DIR}/EnableVisualStudioCodeAnalysis.props)
#endif()
onnxruntime_set_source_file_properties(${target_name})
if(WIN32 AND onnxruntime_ENABLE_STATIC_ANALYSIS AND onnxruntime_USE_CUSTOM_STATIC_ANALYSIS_RULES)
set_target_properties(${target_name} PROPERTIES VS_USER_PROPS ${PROJECT_SOURCE_DIR}/EnableVisualStudioCodeAnalysis.props)
endif()
target_include_directories(${target_name} PRIVATE ${CMAKE_CURRENT_BINARY_DIR} ${ONNXRUNTIME_ROOT} ${abseil_cpp_SOURCE_DIR})
if (onnxruntime_ENABLE_TRAINING_APIS)
target_include_directories(${target_name} PRIVATE ${ORTTRAINING_ROOT})

Просмотреть файл

@ -184,7 +184,6 @@
<Rule Id="C33020" Action="Error" />
<Rule Id="C33022" Action="Error" />
<Rule Id="C6001" Action="Error" />
<Rule Id="C6011" Action="Error" />
<Rule Id="C6029" Action="Error" />
<Rule Id="C6031" Action="Error" />
<Rule Id="C6053" Action="Error" />