Add a Github workflow for Prefast (#15763)
This commit is contained in:
Родитель
d53324d4a7
Коммит
41c082fdde
|
@ -0,0 +1,51 @@
|
|||
name: Windows_SCA
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
pull_request:
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.head_ref || github.run_id }}
|
||||
cancel-in-progress: true
|
||||
|
||||
env:
|
||||
AZCOPY_AUTO_LOGIN_TYPE: MSI
|
||||
AZCOPY_MSI_CLIENT_ID: 63b63039-6328-442f-954b-5a64d124e5b4
|
||||
|
||||
jobs:
|
||||
Onnxruntime-SCA:
|
||||
runs-on: ["self-hosted", "1ES.Pool=onnxruntime-github-vs2022-mms"]
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
submodules: false
|
||||
- uses: actions/setup-python@v3
|
||||
with:
|
||||
python-version: '3.11.x'
|
||||
architecture: 'x64'
|
||||
|
||||
- uses: actions/setup-node@v3
|
||||
with:
|
||||
node-version: 18
|
||||
|
||||
- name: Download cuda
|
||||
run: azcopy.exe cp --recursive "https://lotusscus.blob.core.windows.net/models/cuda_sdk/v11.8" cuda_sdk
|
||||
|
||||
|
||||
# The build machine doesn't have a GPU. So the value of CMAKE_CUDA_ARCHITECTURES doesn't matter.
|
||||
- name: Build code
|
||||
env:
|
||||
CAExcludePath: 'C:\Program Files;D:\b;${{ github.workspace }}\cmake'
|
||||
run: python tools\ci_build\build.py --enable_training --build_java --compile_no_warning_as_error --config Debug --build_dir D:\b --skip_submodule_sync --build_csharp --update --build --parallel --cmake_generator "Visual Studio 17 2022" --build_shared_lib --enable_pybind --cmake_extra_defines onnxruntime_USE_CUSTOM_STATIC_ANALYSIS_RULES=ON --cmake_extra_defines onnxruntime_ENABLE_STATIC_ANALYSIS=ON --cmake_extra_defines onnxruntime_REDIRECT_STATIC_ANALYSIS_OUTPUTS_TO_FILE=ON --use_cuda --cuda_home=${{ github.workspace }}\cuda_sdk\v11.8 --enable_cuda_profiling --cmake_extra_defines CMAKE_CUDA_ARCHITECTURES=75
|
||||
|
||||
- name: Generate sarif
|
||||
working-directory: D:\b
|
||||
run: npx @microsoft/sarif-multitool merge *.sarif --recurse --output-directory=${{ github.workspace }}\output --output-file=MergeResult.sarif --merge-runs && dir ${{ github.workspace }}\output
|
||||
|
||||
- name: Upload SARIF to GitHub
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
continue-on-error: true
|
||||
with:
|
||||
sarif_file: ${{ github.workspace }}\output\MergeResult.sarif
|
||||
category: VS_SCA
|
|
@ -64,6 +64,8 @@ endif()
|
|||
option(onnxruntime_RUN_ONNX_TESTS "Enable ONNX Compatibility Testing" OFF)
|
||||
option(onnxruntime_GENERATE_TEST_REPORTS "Enable test report generation" OFF)
|
||||
option(onnxruntime_ENABLE_STATIC_ANALYSIS "Enable static analysis" OFF)
|
||||
option(onnxruntime_USE_CUSTOM_STATIC_ANALYSIS_RULES "Use a custom SDL Rule. It is mainly for our CI build" OFF)
|
||||
option(onnxruntime_REDIRECT_STATIC_ANALYSIS_OUTPUTS_TO_FILE "Use a custom SDL Rule. It is mainly for our CI build" OFF)
|
||||
option(onnxruntime_ENABLE_PYTHON "Enable python buildings" OFF)
|
||||
# Enable it may cause LNK1169 error
|
||||
option(onnxruntime_ENABLE_MEMLEAK_CHECKER "Experimental: Enable memory leak checker in Windows debug build" OFF)
|
||||
|
@ -834,8 +836,14 @@ function(onnxruntime_set_compile_flags target_name)
|
|||
target_compile_options(${target_name} PRIVATE "$<$<COMPILE_LANGUAGE:CXX,C>:/external:I${CMAKE_CURRENT_BINARY_DIR}>" "$<$<COMPILE_LANGUAGE:CUDA>:SHELL:--compiler-options /external:I${CMAKE_CURRENT_BINARY_DIR}>")
|
||||
if (onnxruntime_ENABLE_STATIC_ANALYSIS)
|
||||
target_compile_options(${target_name} PRIVATE "$<$<COMPILE_LANGUAGE:CUDA>:SHELL:--compiler-options /analyze>" "$<$<COMPILE_LANGUAGE:CXX,C>:/analyze>")
|
||||
if (onnxruntime_REDIRECT_STATIC_ANALYSIS_OUTPUTS_TO_FILE)
|
||||
target_compile_options(${target_name} PRIVATE "$<$<COMPILE_LANGUAGE:CUDA>:SHELL:--compiler-options /analyze:autolog:ext.sarif>" "$<$<COMPILE_LANGUAGE:CXX,C>:/analyze:autolog:ext.sarif>")
|
||||
endif()
|
||||
target_compile_options(${target_name} PRIVATE "$<$<COMPILE_LANGUAGE:CUDA>:SHELL:--compiler-options /analyze:external->" "$<$<COMPILE_LANGUAGE:CXX,C>:/analyze:external->")
|
||||
target_compile_options(${target_name} PRIVATE "$<$<COMPILE_LANGUAGE:CUDA>:SHELL:--compiler-options /wd6385>" )
|
||||
# There are many such warnings from STL:
|
||||
# include\list(148): warning C6011: Dereferencing NULL pointer '_Mycont'. : Lines: 146, 147, 148
|
||||
target_compile_options(${target_name} PRIVATE "$<$<COMPILE_LANGUAGE:CUDA>:SHELL:--compiler-options /wd6011>" )
|
||||
endif()
|
||||
else()
|
||||
# Enable warning
|
||||
|
@ -902,11 +910,10 @@ endfunction()
|
|||
function(onnxruntime_configure_target target_name)
|
||||
target_link_directories(${target_name} PRIVATE ${onnxruntime_LINK_DIRS})
|
||||
onnxruntime_set_compile_flags(${target_name})
|
||||
onnxruntime_set_source_file_properties(${target_name})
|
||||
#Uncomment the following three lines to reproduce static analysis errors locally
|
||||
#if(WIN32 AND onnxruntime_ENABLE_STATIC_ANALYSIS)
|
||||
# set_target_properties(${target_name} PROPERTIES VS_USER_PROPS ${PROJECT_SOURCE_DIR}/EnableVisualStudioCodeAnalysis.props)
|
||||
#endif()
|
||||
onnxruntime_set_source_file_properties(${target_name})
|
||||
if(WIN32 AND onnxruntime_ENABLE_STATIC_ANALYSIS AND onnxruntime_USE_CUSTOM_STATIC_ANALYSIS_RULES)
|
||||
set_target_properties(${target_name} PROPERTIES VS_USER_PROPS ${PROJECT_SOURCE_DIR}/EnableVisualStudioCodeAnalysis.props)
|
||||
endif()
|
||||
target_include_directories(${target_name} PRIVATE ${CMAKE_CURRENT_BINARY_DIR} ${ONNXRUNTIME_ROOT} ${abseil_cpp_SOURCE_DIR})
|
||||
if (onnxruntime_ENABLE_TRAINING_APIS)
|
||||
target_include_directories(${target_name} PRIVATE ${ORTTRAINING_ROOT})
|
||||
|
|
|
@ -184,7 +184,6 @@
|
|||
<Rule Id="C33020" Action="Error" />
|
||||
<Rule Id="C33022" Action="Error" />
|
||||
<Rule Id="C6001" Action="Error" />
|
||||
<Rule Id="C6011" Action="Error" />
|
||||
<Rule Id="C6029" Action="Error" />
|
||||
<Rule Id="C6031" Action="Error" />
|
||||
<Rule Id="C6053" Action="Error" />
|
||||
|
|
Загрузка…
Ссылка в новой задаче