From dbe4588809066c830688ba3e6dd0d6dc2400fdc0 Mon Sep 17 00:00:00 2001 From: Sanaa Hamel Date: Wed, 15 Apr 2026 11:05:16 -0400 Subject: [PATCH 01/14] fix: use internal feed for NPM on ADO --- .../setup-feeds-and-python-steps.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tools/ci_build/github/azure-pipelines/templates/setup-feeds-and-python-steps.yml b/tools/ci_build/github/azure-pipelines/templates/setup-feeds-and-python-steps.yml index c074270ce5949..1ff4fc89610bc 100644 --- a/tools/ci_build/github/azure-pipelines/templates/setup-feeds-and-python-steps.yml +++ b/tools/ci_build/github/azure-pipelines/templates/setup-feeds-and-python-steps.yml @@ -26,6 +26,25 @@ steps: - pwsh: if (Test-Path ~/.m2/settings.xml) { Remove-Item ~/.m2/settings.xml } displayName: Maven - remove existing ~/.m2/settings.xml +# use `PowerShell@2` instead of `pwsh` as it is available on arm64 agents, whereas `pwsh` is not. (2026-04-15) +- task: PowerShell@2 + displayName: 'NPM - set NPM_CONFIG_USERCONFIG to agent temp config' + inputs: + targetType: 'inline' + script: | + # ensure we have a clean/empty npm config. config file must exist prior to `npmAuthenticate`. + $npmrcPath = "${env:AGENT_TEMPDIRECTORY}/.npmrc" + + if (Test-Path $npmrcPath) { Remove-Item $npmrcPath } + New-Item $npmrcPath -ItemType File -Force + + echo "##vso[task.setvariable variable=NPM_CONFIG_USERCONFIG]${npmrcPath}" + +# FUTURE WORK: use `Npm@1` task in pipelines and specify the feed there? +- task: npmAuthenticate@0 + inputs: + workingFile: $(NPM_CONFIG_USERCONFIG) + - task: NuGetAuthenticate@1 # just auth w/ internal feeds # Creates/touches ~/.m2/settings.xml From 0f987643912024264a967f054fc4a013b798d16b Mon Sep 17 00:00:00 2001 From: Erik Date: Wed, 15 Apr 2026 20:50:25 -0400 Subject: [PATCH 02/14] Push fix --- .../templates/setup-feeds-and-python-steps.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/ci_build/github/azure-pipelines/templates/setup-feeds-and-python-steps.yml b/tools/ci_build/github/azure-pipelines/templates/setup-feeds-and-python-steps.yml index 1ff4fc89610bc..1ec464fcb197e 100644 --- a/tools/ci_build/github/azure-pipelines/templates/setup-feeds-and-python-steps.yml +++ b/tools/ci_build/github/azure-pipelines/templates/setup-feeds-and-python-steps.yml @@ -36,7 +36,10 @@ steps: $npmrcPath = "${env:AGENT_TEMPDIRECTORY}/.npmrc" if (Test-Path $npmrcPath) { Remove-Item $npmrcPath } - New-Item $npmrcPath -ItemType File -Force + Set-Content -Path $npmrcPath -Value @" + registry=https://aiinfra.pkgs.visualstudio.com/Lotus/_packaging/${{parameters.artifactFeeds}}/npm/registry/ + always-auth=true + "@ echo "##vso[task.setvariable variable=NPM_CONFIG_USERCONFIG]${npmrcPath}" From 17f97700f7fcfbd1d0ef1a98b647785845bb82c8 Mon Sep 17 00:00:00 2001 From: Erik Date: Wed, 15 Apr 2026 22:52:27 -0400 Subject: [PATCH 03/14] Fix2? --- .../templates/setup-feeds-and-python-steps.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/tools/ci_build/github/azure-pipelines/templates/setup-feeds-and-python-steps.yml b/tools/ci_build/github/azure-pipelines/templates/setup-feeds-and-python-steps.yml index 1ec464fcb197e..b3a9c8353a4bf 100644 --- a/tools/ci_build/github/azure-pipelines/templates/setup-feeds-and-python-steps.yml +++ b/tools/ci_build/github/azure-pipelines/templates/setup-feeds-and-python-steps.yml @@ -35,12 +35,19 @@ steps: # ensure we have a clean/empty npm config. config file must exist prior to `npmAuthenticate`. $npmrcPath = "${env:AGENT_TEMPDIRECTORY}/.npmrc" - if (Test-Path $npmrcPath) { Remove-Item $npmrcPath } + if (Test-Path $npmrcPath) + { + Remove-Item $npmrcPath + } + Set-Content -Path $npmrcPath -Value @" - registry=https://aiinfra.pkgs.visualstudio.com/Lotus/_packaging/${{parameters.artifactFeeds}}/npm/registry/ + registry=https://aiinfra.pkgs.visualstudio.com/_packaging/${{parameters.artifactFeeds}}/npm/registry/ always-auth=true "@ + Write-Host "Generated npmrc contents:" + Get-Content $npmrcPath | Write-Host + echo "##vso[task.setvariable variable=NPM_CONFIG_USERCONFIG]${npmrcPath}" # FUTURE WORK: use `Npm@1` task in pipelines and specify the feed there? From 5996256e8a48a88ae7710edfab1868af74b8c388 Mon Sep 17 00:00:00 2001 From: Erik Date: Wed, 15 Apr 2026 23:22:19 -0400 Subject: [PATCH 04/14] Fix docker context --- .../github/azure-pipelines/templates/c-api-linux-cpu.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml b/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml index f22527bb2bd51..50728953d5ee5 100644 --- a/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml +++ b/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml @@ -74,6 +74,7 @@ jobs: set -e -x mkdir -p $HOME/.onnx docker run -e SYSTEM_COLLECTIONURI --rm --volume /data/onnx:/data/onnx:ro --volume $(Build.SourcesDirectory):/onnxruntime_src --volume $(Build.BinariesDirectory):/build \ + -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $(AGENT_TEMPDIRECTORY)/.npmrc:/tmp/.npmrc:ro \ --volume $HOME/.onnx:/home/onnxruntimedev/.onnx -e NIGHTLY_BUILD onnxruntimecpubuildcentos8${{parameters.OnnxruntimeArch}}_packaging /bin/bash -c "python3 \ /onnxruntime_src/tools/ci_build/build.py --enable_lto --build_java --build_nodejs --build_dir /build --config Release \ --skip_submodule_sync --parallel --use_vcpkg --use_vcpkg_ms_internal_asset_cache --use_binskim_compliant_compile_flags --use_vcpkg --use_vcpkg_ms_internal_asset_cache --build_shared_lib ${{ parameters.AdditionalBuildFlags }} && cd /build/Release && make install DESTDIR=/build/installed" From 07977a3025ec4d54567beb459aa2e57210e7f548 Mon Sep 17 00:00:00 2001 From: Erik Date: Wed, 15 Apr 2026 23:43:56 -0400 Subject: [PATCH 05/14] Maven auth now --- .../github/azure-pipelines/templates/c-api-linux-cpu.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml b/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml index 50728953d5ee5..82702b4df5b41 100644 --- a/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml +++ b/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml @@ -75,6 +75,7 @@ jobs: mkdir -p $HOME/.onnx docker run -e SYSTEM_COLLECTIONURI --rm --volume /data/onnx:/data/onnx:ro --volume $(Build.SourcesDirectory):/onnxruntime_src --volume $(Build.BinariesDirectory):/build \ -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $(AGENT_TEMPDIRECTORY)/.npmrc:/tmp/.npmrc:ro \ + --volume $HOME/.m2:/home/onnxruntimedev/.m2:ro \ --volume $HOME/.onnx:/home/onnxruntimedev/.onnx -e NIGHTLY_BUILD onnxruntimecpubuildcentos8${{parameters.OnnxruntimeArch}}_packaging /bin/bash -c "python3 \ /onnxruntime_src/tools/ci_build/build.py --enable_lto --build_java --build_nodejs --build_dir /build --config Release \ --skip_submodule_sync --parallel --use_vcpkg --use_vcpkg_ms_internal_asset_cache --use_binskim_compliant_compile_flags --use_vcpkg --use_vcpkg_ms_internal_asset_cache --build_shared_lib ${{ parameters.AdditionalBuildFlags }} && cd /build/Release && make install DESTDIR=/build/installed" From 5b2db17acd424798d2f71390634c0a8fcc3aa6d5 Mon Sep 17 00:00:00 2001 From: Erik Date: Wed, 15 Apr 2026 23:59:03 -0400 Subject: [PATCH 06/14] . --- .../github/azure-pipelines/templates/c-api-linux-cpu.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml b/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml index 82702b4df5b41..2cc66081121af 100644 --- a/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml +++ b/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml @@ -74,7 +74,7 @@ jobs: set -e -x mkdir -p $HOME/.onnx docker run -e SYSTEM_COLLECTIONURI --rm --volume /data/onnx:/data/onnx:ro --volume $(Build.SourcesDirectory):/onnxruntime_src --volume $(Build.BinariesDirectory):/build \ - -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $(AGENT_TEMPDIRECTORY)/.npmrc:/tmp/.npmrc:ro \ + -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $(Agent.TempDirectory)/.npmrc:/tmp/.npmrc:ro \ --volume $HOME/.m2:/home/onnxruntimedev/.m2:ro \ --volume $HOME/.onnx:/home/onnxruntimedev/.onnx -e NIGHTLY_BUILD onnxruntimecpubuildcentos8${{parameters.OnnxruntimeArch}}_packaging /bin/bash -c "python3 \ /onnxruntime_src/tools/ci_build/build.py --enable_lto --build_java --build_nodejs --build_dir /build --config Release \ From 14c7d863a81955fc5c6f48d27619f2460602a984 Mon Sep 17 00:00:00 2001 From: Erik Date: Thu, 16 Apr 2026 00:22:46 -0400 Subject: [PATCH 07/14] Gradle --- .../github/azure-pipelines/templates/c-api-linux-cpu.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml b/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml index 2cc66081121af..f21ce0311afaf 100644 --- a/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml +++ b/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml @@ -76,6 +76,7 @@ jobs: docker run -e SYSTEM_COLLECTIONURI --rm --volume /data/onnx:/data/onnx:ro --volume $(Build.SourcesDirectory):/onnxruntime_src --volume $(Build.BinariesDirectory):/build \ -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $(Agent.TempDirectory)/.npmrc:/tmp/.npmrc:ro \ --volume $HOME/.m2:/home/onnxruntimedev/.m2:ro \ + --volume $HOME/.gradle:/home/onnxruntimedev/.gradle:ro \ --volume $HOME/.onnx:/home/onnxruntimedev/.onnx -e NIGHTLY_BUILD onnxruntimecpubuildcentos8${{parameters.OnnxruntimeArch}}_packaging /bin/bash -c "python3 \ /onnxruntime_src/tools/ci_build/build.py --enable_lto --build_java --build_nodejs --build_dir /build --config Release \ --skip_submodule_sync --parallel --use_vcpkg --use_vcpkg_ms_internal_asset_cache --use_binskim_compliant_compile_flags --use_vcpkg --use_vcpkg_ms_internal_asset_cache --build_shared_lib ${{ parameters.AdditionalBuildFlags }} && cd /build/Release && make install DESTDIR=/build/installed" From 4ace374ae69fb96bfb754f813570a456c0f3c42a Mon Sep 17 00:00:00 2001 From: Erik Date: Thu, 16 Apr 2026 09:13:32 -0400 Subject: [PATCH 08/14] Allow writes to gradle directory --- .../github/azure-pipelines/templates/c-api-linux-cpu.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml b/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml index f21ce0311afaf..593355a7cc017 100644 --- a/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml +++ b/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml @@ -76,7 +76,7 @@ jobs: docker run -e SYSTEM_COLLECTIONURI --rm --volume /data/onnx:/data/onnx:ro --volume $(Build.SourcesDirectory):/onnxruntime_src --volume $(Build.BinariesDirectory):/build \ -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $(Agent.TempDirectory)/.npmrc:/tmp/.npmrc:ro \ --volume $HOME/.m2:/home/onnxruntimedev/.m2:ro \ - --volume $HOME/.gradle:/home/onnxruntimedev/.gradle:ro \ + --volume $HOME/.gradle:/home/onnxruntimedev/.gradle \ --volume $HOME/.onnx:/home/onnxruntimedev/.onnx -e NIGHTLY_BUILD onnxruntimecpubuildcentos8${{parameters.OnnxruntimeArch}}_packaging /bin/bash -c "python3 \ /onnxruntime_src/tools/ci_build/build.py --enable_lto --build_java --build_nodejs --build_dir /build --config Release \ --skip_submodule_sync --parallel --use_vcpkg --use_vcpkg_ms_internal_asset_cache --use_binskim_compliant_compile_flags --use_vcpkg --use_vcpkg_ms_internal_asset_cache --build_shared_lib ${{ parameters.AdditionalBuildFlags }} && cd /build/Release && make install DESTDIR=/build/installed" From e0e7474f971924ed3974857dbc8313b3b3b5ad0b Mon Sep 17 00:00:00 2001 From: Erik Date: Thu, 16 Apr 2026 10:32:42 -0400 Subject: [PATCH 09/14] CUDA builds --- tools/ci_build/github/linux/build_cuda_c_api_package.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/ci_build/github/linux/build_cuda_c_api_package.sh b/tools/ci_build/github/linux/build_cuda_c_api_package.sh index a1a2d347414c7..40ff62968f594 100755 --- a/tools/ci_build/github/linux/build_cuda_c_api_package.sh +++ b/tools/ci_build/github/linux/build_cuda_c_api_package.sh @@ -12,6 +12,9 @@ fi docker run -e SYSTEM_COLLECTIONURI --rm --volume \ $BUILD_SOURCESDIRECTORY:/onnxruntime_src --volume $BUILD_BINARIESDIRECTORY:/build \ +-e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $AGENT_TEMPDIRECTORY/.npmrc:/tmp/.npmrc:ro \ +--volume $HOME/.m2:/home/onnxruntimedev/.m2:ro \ +--volume $HOME/.gradle:/home/onnxruntimedev/.gradle \ -e NIGHTLY_BUILD onnxruntimecuda${CUDA_VERSION_MAJOR}build \ /bin/bash -c "/usr/bin/python3 /onnxruntime_src/tools/ci_build/build.py --enable_lto --build_java --build_nodejs \ --build_dir /build --config Release --skip_submodule_sync --parallel --use_binskim_compliant_compile_flags --build_shared_lib \ From 22949b655fc1c6503fb3fcf0e8a1fb90b079ba29 Mon Sep 17 00:00:00 2001 From: Erik Date: Thu, 16 Apr 2026 11:42:44 -0400 Subject: [PATCH 10/14] More authentication holes --- .../linux-gpu-tensorrt-cuda-minimal-ci-pipeline.yml | 3 +++ tools/ci_build/github/linux/build_nodejs_package.sh | 3 +++ tools/ci_build/github/linux/build_tensorrt_c_api_package.sh | 3 +++ tools/ci_build/github/linux/build_webgpu_plugin_package.sh | 3 +++ tools/ci_build/github/linux/run_python_dockerbuild.sh | 3 +++ tools/ci_build/github/linux/run_python_dockertest.sh | 3 +++ 6 files changed, 18 insertions(+) diff --git a/tools/ci_build/github/azure-pipelines/linux-gpu-tensorrt-cuda-minimal-ci-pipeline.yml b/tools/ci_build/github/azure-pipelines/linux-gpu-tensorrt-cuda-minimal-ci-pipeline.yml index a062a1fce5c1b..ff40249cdeffe 100644 --- a/tools/ci_build/github/azure-pipelines/linux-gpu-tensorrt-cuda-minimal-ci-pipeline.yml +++ b/tools/ci_build/github/azure-pipelines/linux-gpu-tensorrt-cuda-minimal-ci-pipeline.yml @@ -93,6 +93,9 @@ jobs: --volume $(Build.BinariesDirectory):/build \ --volume /data/models:/build/models:ro \ --volume $HOME/.onnx:/home/onnxruntimedev/.onnx \ + -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $(Agent.TempDirectory)/.npmrc:/tmp/.npmrc:ro \ + --volume $HOME/.m2:/home/onnxruntimedev/.m2:ro \ + --volume $HOME/.gradle:/home/onnxruntimedev/.gradle \ -e ALLOW_RELEASED_ONNX_OPSET_ONLY=0 \ -e NIGHTLY_BUILD \ -e BUILD_BUILDNUMBER \ diff --git a/tools/ci_build/github/linux/build_nodejs_package.sh b/tools/ci_build/github/linux/build_nodejs_package.sh index fac12a4342f60..41359aa746bf1 100755 --- a/tools/ci_build/github/linux/build_nodejs_package.sh +++ b/tools/ci_build/github/linux/build_nodejs_package.sh @@ -14,6 +14,9 @@ mkdir -p $HOME/.onnx docker run -e SYSTEM_COLLECTIONURI --rm --volume /data/onnx:/data/onnx:ro --volume $BUILD_SOURCESDIRECTORY:/onnxruntime_src \ --volume $BUILD_BINARIESDIRECTORY:/build --volume /data/models:/build/models:ro \ --volume $HOME/.onnx:/home/onnxruntimedev/.onnx -e NIGHTLY_BUILD onnxruntimecuda${CUDA_VERSION_MAJOR}xtrt86build \ +-e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $AGENT_TEMPDIRECTORY/.npmrc:/tmp/.npmrc:ro \ +--volume $HOME/.m2:/home/onnxruntimedev/.m2:ro \ +--volume $HOME/.gradle:/home/onnxruntimedev/.gradle \ /bin/bash -c "/usr/bin/python3 /onnxruntime_src/tools/ci_build/build.py --build_dir /build --config Release \ --skip_tests --skip_submodule_sync --parallel --use_binskim_compliant_compile_flags --build_shared_lib --build_nodejs \ --use_webgpu --use_tensorrt --cuda_version=$CUDA_VERSION --cuda_home=/usr/local/cuda-$CUDA_VERSION \ diff --git a/tools/ci_build/github/linux/build_tensorrt_c_api_package.sh b/tools/ci_build/github/linux/build_tensorrt_c_api_package.sh index 8c2866bd37833..58fa8048a4874 100755 --- a/tools/ci_build/github/linux/build_tensorrt_c_api_package.sh +++ b/tools/ci_build/github/linux/build_tensorrt_c_api_package.sh @@ -14,6 +14,9 @@ mkdir -p $HOME/.onnx docker run -e SYSTEM_COLLECTIONURI --rm --volume /data/onnx:/data/onnx:ro --volume $BUILD_SOURCESDIRECTORY:/onnxruntime_src \ --volume $BUILD_BINARIESDIRECTORY:/build --volume /data/models:/build/models:ro \ --volume $HOME/.onnx:/home/onnxruntimedev/.onnx -e NIGHTLY_BUILD onnxruntimecuda${CUDA_VERSION_MAJOR}xtrt86build \ + -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $AGENT_TEMPDIRECTORY/.npmrc:/tmp/.npmrc:ro \ + --volume $HOME/.m2:/home/onnxruntimedev/.m2:ro \ + --volume $HOME/.gradle:/home/onnxruntimedev/.gradle \ /bin/bash -c "/usr/bin/python3 /onnxruntime_src/tools/ci_build/build.py --build_dir /build --config Release --skip_tests \ --skip_submodule_sync --parallel --use_binskim_compliant_compile_flags --build_shared_lib --build_java --build_nodejs \ --use_tensorrt --cuda_version=$CUDA_VERSION --cuda_home=/usr/local/cuda-$CUDA_VERSION --cudnn_home=/usr --tensorrt_home=/usr \ diff --git a/tools/ci_build/github/linux/build_webgpu_plugin_package.sh b/tools/ci_build/github/linux/build_webgpu_plugin_package.sh index a3583bf9d17a5..f91a5d59c2ada 100755 --- a/tools/ci_build/github/linux/build_webgpu_plugin_package.sh +++ b/tools/ci_build/github/linux/build_webgpu_plugin_package.sh @@ -25,6 +25,9 @@ docker run --rm \ --volume "${BUILD_BINARIESDIRECTORY}:/build" \ --volume /data/models:/build/models:ro \ --volume "${HOME}/.onnx:/home/onnxruntimedev/.onnx" \ + -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $AGENT_TEMPDIRECTORY/.npmrc:/tmp/.npmrc:ro \ + --volume $HOME/.m2:/home/onnxruntimedev/.m2:ro \ + --volume $HOME/.gradle:/home/onnxruntimedev/.gradle \ -e NIGHTLY_BUILD \ -e BUILD_BUILDNUMBER \ -e SYSTEM_COLLECTIONURI \ diff --git a/tools/ci_build/github/linux/run_python_dockerbuild.sh b/tools/ci_build/github/linux/run_python_dockerbuild.sh index 915f8727f12cb..108b3b49f2f2a 100755 --- a/tools/ci_build/github/linux/run_python_dockerbuild.sh +++ b/tools/ci_build/github/linux/run_python_dockerbuild.sh @@ -33,6 +33,9 @@ docker run -e SYSTEM_COLLECTIONURI --rm \ --volume "${BUILD_BINARIESDIRECTORY}:/build" \ --volume /data/models:/build/models:ro \ --volume "${HOME}/.onnx:/home/onnxruntimedev/.onnx" \ + -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $AGENT_TEMPDIRECTORY/.npmrc:/tmp/.npmrc:ro \ + --volume $HOME/.m2:/home/onnxruntimedev/.m2:ro \ + --volume $HOME/.gradle:/home/onnxruntimedev/.gradle \ -w /onnxruntime_src \ -e NIGHTLY_BUILD \ -e BUILD_BUILDNUMBER \ diff --git a/tools/ci_build/github/linux/run_python_dockertest.sh b/tools/ci_build/github/linux/run_python_dockertest.sh index 1523824f8d05e..9287537c60e58 100755 --- a/tools/ci_build/github/linux/run_python_dockertest.sh +++ b/tools/ci_build/github/linux/run_python_dockertest.sh @@ -22,6 +22,9 @@ docker run -e SYSTEM_COLLECTIONURI --rm \ --volume $BUILD_BINARIESDIRECTORY:/build \ --volume /data/models:/build/models:ro \ --volume $HOME/.onnx:/home/onnxruntimedev/.onnx \ + -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $AGENT_TEMPDIRECTORY/.npmrc:/tmp/.npmrc:ro \ + --volume $HOME/.m2:/home/onnxruntimedev/.m2:ro \ + --volume $HOME/.gradle:/home/onnxruntimedev/.gradle \ -w /onnxruntime_src \ -e NIGHTLY_BUILD \ -e BUILD_BUILDNUMBER \ From 2c628f3c929eadf61acf06167fe7cf97b5bf6d10 Mon Sep 17 00:00:00 2001 From: Erik Date: Thu, 16 Apr 2026 12:35:08 -0400 Subject: [PATCH 11/14] Argument ordering fix --- tools/ci_build/github/linux/build_nodejs_package.sh | 2 +- tools/ci_build/github/linux/build_tensorrt_c_api_package.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/ci_build/github/linux/build_nodejs_package.sh b/tools/ci_build/github/linux/build_nodejs_package.sh index 41359aa746bf1..f012288d66007 100755 --- a/tools/ci_build/github/linux/build_nodejs_package.sh +++ b/tools/ci_build/github/linux/build_nodejs_package.sh @@ -13,10 +13,10 @@ fi mkdir -p $HOME/.onnx docker run -e SYSTEM_COLLECTIONURI --rm --volume /data/onnx:/data/onnx:ro --volume $BUILD_SOURCESDIRECTORY:/onnxruntime_src \ --volume $BUILD_BINARIESDIRECTORY:/build --volume /data/models:/build/models:ro \ ---volume $HOME/.onnx:/home/onnxruntimedev/.onnx -e NIGHTLY_BUILD onnxruntimecuda${CUDA_VERSION_MAJOR}xtrt86build \ -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $AGENT_TEMPDIRECTORY/.npmrc:/tmp/.npmrc:ro \ --volume $HOME/.m2:/home/onnxruntimedev/.m2:ro \ --volume $HOME/.gradle:/home/onnxruntimedev/.gradle \ +--volume $HOME/.onnx:/home/onnxruntimedev/.onnx -e NIGHTLY_BUILD onnxruntimecuda${CUDA_VERSION_MAJOR}xtrt86build \ /bin/bash -c "/usr/bin/python3 /onnxruntime_src/tools/ci_build/build.py --build_dir /build --config Release \ --skip_tests --skip_submodule_sync --parallel --use_binskim_compliant_compile_flags --build_shared_lib --build_nodejs \ --use_webgpu --use_tensorrt --cuda_version=$CUDA_VERSION --cuda_home=/usr/local/cuda-$CUDA_VERSION \ diff --git a/tools/ci_build/github/linux/build_tensorrt_c_api_package.sh b/tools/ci_build/github/linux/build_tensorrt_c_api_package.sh index 58fa8048a4874..07414301d814d 100755 --- a/tools/ci_build/github/linux/build_tensorrt_c_api_package.sh +++ b/tools/ci_build/github/linux/build_tensorrt_c_api_package.sh @@ -13,10 +13,10 @@ fi mkdir -p $HOME/.onnx docker run -e SYSTEM_COLLECTIONURI --rm --volume /data/onnx:/data/onnx:ro --volume $BUILD_SOURCESDIRECTORY:/onnxruntime_src \ --volume $BUILD_BINARIESDIRECTORY:/build --volume /data/models:/build/models:ro \ - --volume $HOME/.onnx:/home/onnxruntimedev/.onnx -e NIGHTLY_BUILD onnxruntimecuda${CUDA_VERSION_MAJOR}xtrt86build \ -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $AGENT_TEMPDIRECTORY/.npmrc:/tmp/.npmrc:ro \ --volume $HOME/.m2:/home/onnxruntimedev/.m2:ro \ --volume $HOME/.gradle:/home/onnxruntimedev/.gradle \ + --volume $HOME/.onnx:/home/onnxruntimedev/.onnx -e NIGHTLY_BUILD onnxruntimecuda${CUDA_VERSION_MAJOR}xtrt86build \ /bin/bash -c "/usr/bin/python3 /onnxruntime_src/tools/ci_build/build.py --build_dir /build --config Release --skip_tests \ --skip_submodule_sync --parallel --use_binskim_compliant_compile_flags --build_shared_lib --build_java --build_nodejs \ --use_tensorrt --cuda_version=$CUDA_VERSION --cuda_home=/usr/local/cuda-$CUDA_VERSION --cudnn_home=/usr --tensorrt_home=/usr \ From 15d947874e0486c2ae1fa14891f71d482d98479a Mon Sep 17 00:00:00 2001 From: Sanaa Hamel Date: Thu, 16 Apr 2026 13:41:21 -0400 Subject: [PATCH 12/14] fix: shell lints and injections --- ...-gpu-tensorrt-cuda-minimal-ci-pipeline.yml | 3 +- .../templates/c-api-linux-cpu.yml | 3 +- .../setup-feeds-and-python-steps.yml | 11 ++-- .../github/linux/build_cuda_c_api_package.sh | 3 +- .../github/linux/build_nodejs_package.sh | 3 +- .../linux/build_tensorrt_c_api_package.sh | 3 +- .../linux/build_webgpu_plugin_package.sh | 3 +- .../github/linux/run_python_dockerbuild.sh | 8 +-- .../github/linux/run_python_dockertest.sh | 53 ++++++++++--------- 9 files changed, 50 insertions(+), 40 deletions(-) diff --git a/tools/ci_build/github/azure-pipelines/linux-gpu-tensorrt-cuda-minimal-ci-pipeline.yml b/tools/ci_build/github/azure-pipelines/linux-gpu-tensorrt-cuda-minimal-ci-pipeline.yml index ff40249cdeffe..6cee227b70b2b 100644 --- a/tools/ci_build/github/azure-pipelines/linux-gpu-tensorrt-cuda-minimal-ci-pipeline.yml +++ b/tools/ci_build/github/azure-pipelines/linux-gpu-tensorrt-cuda-minimal-ci-pipeline.yml @@ -93,7 +93,8 @@ jobs: --volume $(Build.BinariesDirectory):/build \ --volume /data/models:/build/models:ro \ --volume $HOME/.onnx:/home/onnxruntimedev/.onnx \ - -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $(Agent.TempDirectory)/.npmrc:/tmp/.npmrc:ro \ + -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc \ + --volume "${NPM_CONFIG_USERCONFIG}:/tmp/.npmrc:ro" \ --volume $HOME/.m2:/home/onnxruntimedev/.m2:ro \ --volume $HOME/.gradle:/home/onnxruntimedev/.gradle \ -e ALLOW_RELEASED_ONNX_OPSET_ONLY=0 \ diff --git a/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml b/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml index 593355a7cc017..c28ad09a7c02d 100644 --- a/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml +++ b/tools/ci_build/github/azure-pipelines/templates/c-api-linux-cpu.yml @@ -74,7 +74,8 @@ jobs: set -e -x mkdir -p $HOME/.onnx docker run -e SYSTEM_COLLECTIONURI --rm --volume /data/onnx:/data/onnx:ro --volume $(Build.SourcesDirectory):/onnxruntime_src --volume $(Build.BinariesDirectory):/build \ - -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $(Agent.TempDirectory)/.npmrc:/tmp/.npmrc:ro \ + -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc \ + --volume "${NPM_CONFIG_USERCONFIG}:/tmp/.npmrc:ro" \ --volume $HOME/.m2:/home/onnxruntimedev/.m2:ro \ --volume $HOME/.gradle:/home/onnxruntimedev/.gradle \ --volume $HOME/.onnx:/home/onnxruntimedev/.onnx -e NIGHTLY_BUILD onnxruntimecpubuildcentos8${{parameters.OnnxruntimeArch}}_packaging /bin/bash -c "python3 \ diff --git a/tools/ci_build/github/azure-pipelines/templates/setup-feeds-and-python-steps.yml b/tools/ci_build/github/azure-pipelines/templates/setup-feeds-and-python-steps.yml index b3a9c8353a4bf..ad3c005e73fc0 100644 --- a/tools/ci_build/github/azure-pipelines/templates/setup-feeds-and-python-steps.yml +++ b/tools/ci_build/github/azure-pipelines/templates/setup-feeds-and-python-steps.yml @@ -29,19 +29,16 @@ steps: # use `PowerShell@2` instead of `pwsh` as it is available on arm64 agents, whereas `pwsh` is not. (2026-04-15) - task: PowerShell@2 displayName: 'NPM - set NPM_CONFIG_USERCONFIG to agent temp config' + env: + artifact_feed: ${{ parameters.artifactFeeds }} inputs: targetType: 'inline' script: | # ensure we have a clean/empty npm config. config file must exist prior to `npmAuthenticate`. $npmrcPath = "${env:AGENT_TEMPDIRECTORY}/.npmrc" - if (Test-Path $npmrcPath) - { - Remove-Item $npmrcPath - } - - Set-Content -Path $npmrcPath -Value @" - registry=https://aiinfra.pkgs.visualstudio.com/_packaging/${{parameters.artifactFeeds}}/npm/registry/ + Set-Content -Force -Path $npmrcPath -Value @" + registry=https://aiinfra.pkgs.visualstudio.com/_packaging/${env:artifact_feed}/npm/registry/ always-auth=true "@ diff --git a/tools/ci_build/github/linux/build_cuda_c_api_package.sh b/tools/ci_build/github/linux/build_cuda_c_api_package.sh index 40ff62968f594..12a03e686d5b1 100755 --- a/tools/ci_build/github/linux/build_cuda_c_api_package.sh +++ b/tools/ci_build/github/linux/build_cuda_c_api_package.sh @@ -12,7 +12,8 @@ fi docker run -e SYSTEM_COLLECTIONURI --rm --volume \ $BUILD_SOURCESDIRECTORY:/onnxruntime_src --volume $BUILD_BINARIESDIRECTORY:/build \ --e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $AGENT_TEMPDIRECTORY/.npmrc:/tmp/.npmrc:ro \ +-e NPM_CONFIG_USERCONFIG=/tmp/.npmrc \ +--volume "${NPM_CONFIG_USERCONFIG}:/tmp/.npmrc:ro" \ --volume $HOME/.m2:/home/onnxruntimedev/.m2:ro \ --volume $HOME/.gradle:/home/onnxruntimedev/.gradle \ -e NIGHTLY_BUILD onnxruntimecuda${CUDA_VERSION_MAJOR}build \ diff --git a/tools/ci_build/github/linux/build_nodejs_package.sh b/tools/ci_build/github/linux/build_nodejs_package.sh index f012288d66007..3d7a7d855ef10 100755 --- a/tools/ci_build/github/linux/build_nodejs_package.sh +++ b/tools/ci_build/github/linux/build_nodejs_package.sh @@ -13,7 +13,8 @@ fi mkdir -p $HOME/.onnx docker run -e SYSTEM_COLLECTIONURI --rm --volume /data/onnx:/data/onnx:ro --volume $BUILD_SOURCESDIRECTORY:/onnxruntime_src \ --volume $BUILD_BINARIESDIRECTORY:/build --volume /data/models:/build/models:ro \ --e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $AGENT_TEMPDIRECTORY/.npmrc:/tmp/.npmrc:ro \ +-e NPM_CONFIG_USERCONFIG=/tmp/.npmrc \ +--volume "${NPM_CONFIG_USERCONFIG}:/tmp/.npmrc:ro" \ --volume $HOME/.m2:/home/onnxruntimedev/.m2:ro \ --volume $HOME/.gradle:/home/onnxruntimedev/.gradle \ --volume $HOME/.onnx:/home/onnxruntimedev/.onnx -e NIGHTLY_BUILD onnxruntimecuda${CUDA_VERSION_MAJOR}xtrt86build \ diff --git a/tools/ci_build/github/linux/build_tensorrt_c_api_package.sh b/tools/ci_build/github/linux/build_tensorrt_c_api_package.sh index 07414301d814d..b6358aa775a24 100755 --- a/tools/ci_build/github/linux/build_tensorrt_c_api_package.sh +++ b/tools/ci_build/github/linux/build_tensorrt_c_api_package.sh @@ -13,7 +13,8 @@ fi mkdir -p $HOME/.onnx docker run -e SYSTEM_COLLECTIONURI --rm --volume /data/onnx:/data/onnx:ro --volume $BUILD_SOURCESDIRECTORY:/onnxruntime_src \ --volume $BUILD_BINARIESDIRECTORY:/build --volume /data/models:/build/models:ro \ - -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $AGENT_TEMPDIRECTORY/.npmrc:/tmp/.npmrc:ro \ + -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc \ + --volume "${NPM_CONFIG_USERCONFIG}:/tmp/.npmrc:ro" \ --volume $HOME/.m2:/home/onnxruntimedev/.m2:ro \ --volume $HOME/.gradle:/home/onnxruntimedev/.gradle \ --volume $HOME/.onnx:/home/onnxruntimedev/.onnx -e NIGHTLY_BUILD onnxruntimecuda${CUDA_VERSION_MAJOR}xtrt86build \ diff --git a/tools/ci_build/github/linux/build_webgpu_plugin_package.sh b/tools/ci_build/github/linux/build_webgpu_plugin_package.sh index f91a5d59c2ada..142f6b86e7443 100755 --- a/tools/ci_build/github/linux/build_webgpu_plugin_package.sh +++ b/tools/ci_build/github/linux/build_webgpu_plugin_package.sh @@ -25,7 +25,8 @@ docker run --rm \ --volume "${BUILD_BINARIESDIRECTORY}:/build" \ --volume /data/models:/build/models:ro \ --volume "${HOME}/.onnx:/home/onnxruntimedev/.onnx" \ - -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $AGENT_TEMPDIRECTORY/.npmrc:/tmp/.npmrc:ro \ + -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc \ + --volume "${NPM_CONFIG_USERCONFIG}:/tmp/.npmrc:ro" \ --volume $HOME/.m2:/home/onnxruntimedev/.m2:ro \ --volume $HOME/.gradle:/home/onnxruntimedev/.gradle \ -e NIGHTLY_BUILD \ diff --git a/tools/ci_build/github/linux/run_python_dockerbuild.sh b/tools/ci_build/github/linux/run_python_dockerbuild.sh index 108b3b49f2f2a..cc79c30969102 100755 --- a/tools/ci_build/github/linux/run_python_dockerbuild.sh +++ b/tools/ci_build/github/linux/run_python_dockerbuild.sh @@ -27,15 +27,17 @@ if [ "${BUILD_EXTR_PAR}" != "" ] ; then DOCKER_SCRIPT_OPTIONS+=("-x" "${BUILD_EXTR_PAR}") fi +# HACK: `ADDITIONAL_DOCKER_PARAMETER` is passed in via env in some pipelines docker run -e SYSTEM_COLLECTIONURI --rm \ --volume /data/onnx:/data/onnx:ro \ --volume "${BUILD_SOURCESDIRECTORY}:/onnxruntime_src" \ --volume "${BUILD_BINARIESDIRECTORY}:/build" \ --volume /data/models:/build/models:ro \ --volume "${HOME}/.onnx:/home/onnxruntimedev/.onnx" \ - -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $AGENT_TEMPDIRECTORY/.npmrc:/tmp/.npmrc:ro \ - --volume $HOME/.m2:/home/onnxruntimedev/.m2:ro \ - --volume $HOME/.gradle:/home/onnxruntimedev/.gradle \ + -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc \ + --volume "${NPM_CONFIG_USERCONFIG}:/tmp/.npmrc:ro" \ + --volume "$HOME/.m2:/home/onnxruntimedev/.m2:ro" \ + --volume "$HOME/.gradle:/home/onnxruntimedev/.gradle" \ -w /onnxruntime_src \ -e NIGHTLY_BUILD \ -e BUILD_BUILDNUMBER \ diff --git a/tools/ci_build/github/linux/run_python_dockertest.sh b/tools/ci_build/github/linux/run_python_dockertest.sh index 9287537c60e58..993ea3b20d18f 100755 --- a/tools/ci_build/github/linux/run_python_dockertest.sh +++ b/tools/ci_build/github/linux/run_python_dockertest.sh @@ -1,32 +1,37 @@ #!/bin/bash -set -e -x +set -xeuo pipefail BUILD_CONFIG="Release" -while getopts "i:d:x:c:" parameter_Option -do case "${parameter_Option}" -in -i) DOCKER_IMAGE=${OPTARG};; -d) DEVICE=${OPTARG};; -c) BUILD_CONFIG=${OPTARG};; -esac +while getopts "i:d:c:" parameter_Option; do + case "${parameter_Option}" in + i) DOCKER_IMAGE=${OPTARG} ;; + d) DEVICE=${OPTARG} ;; + c) BUILD_CONFIG=${OPTARG} ;; + *) + echo "Usage: $0 -i -d [-c ]" + exit 1 + ;; + esac done -if [ $DEVICE = "GPU" ]; then - ADDITIONAL_DOCKER_PARAMETER="--gpus all" +ADDITIONAL_DOCKER_PARAMETERS=() +if [ "$DEVICE" = "GPU" ]; then + ADDITIONAL_DOCKER_PARAMETERS+=("--gpus" "all") fi -mkdir -p $HOME/.onnx +mkdir -p "$HOME/.onnx" docker run -e SYSTEM_COLLECTIONURI --rm \ - --volume /data/onnx:/data/onnx:ro \ - --volume $BUILD_SOURCESDIRECTORY:/onnxruntime_src \ - --volume $BUILD_BINARIESDIRECTORY:/build \ - --volume /data/models:/build/models:ro \ - --volume $HOME/.onnx:/home/onnxruntimedev/.onnx \ - -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc --volume $AGENT_TEMPDIRECTORY/.npmrc:/tmp/.npmrc:ro \ - --volume $HOME/.m2:/home/onnxruntimedev/.m2:ro \ - --volume $HOME/.gradle:/home/onnxruntimedev/.gradle \ - -w /onnxruntime_src \ - -e NIGHTLY_BUILD \ - -e BUILD_BUILDNUMBER \ - $ADDITIONAL_DOCKER_PARAMETER \ - $DOCKER_IMAGE tools/ci_build/github/linux/run_python_tests.sh -d $DEVICE -c $BUILD_CONFIG + --volume /data/onnx:/data/onnx:ro \ + --volume "$BUILD_SOURCESDIRECTORY:/onnxruntime_src" \ + --volume "$BUILD_BINARIESDIRECTORY:/build" \ + --volume /data/models:/build/models:ro \ + --volume "$HOME/.onnx:/home/onnxruntimedev/.onnx" \ + -e NPM_CONFIG_USERCONFIG=/tmp/.npmrc \ + --volume "${NPM_CONFIG_USERCONFIG}:/tmp/.npmrc:ro" \ + --volume "$HOME/.m2:/home/onnxruntimedev/.m2:ro" \ + --volume "$HOME/.gradle:/home/onnxruntimedev/.gradle" \ + -w /onnxruntime_src \ + -e NIGHTLY_BUILD \ + -e BUILD_BUILDNUMBER \ + "${ADDITIONAL_DOCKER_PARAMETERS[@]}" \ + "$DOCKER_IMAGE" tools/ci_build/github/linux/run_python_tests.sh -d "$DEVICE" -c "$BUILD_CONFIG" From 37a1a97822b7db8715265c0cd7882bbd14947cbc Mon Sep 17 00:00:00 2001 From: Sanaa Hamel Date: Thu, 16 Apr 2026 14:42:43 -0400 Subject: [PATCH 13/14] doc: update feed list --- .../azure-pipelines/templates/setup-feeds-and-python-steps.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/ci_build/github/azure-pipelines/templates/setup-feeds-and-python-steps.yml b/tools/ci_build/github/azure-pipelines/templates/setup-feeds-and-python-steps.yml index ad3c005e73fc0..e02f0a3a854df 100644 --- a/tools/ci_build/github/azure-pipelines/templates/setup-feeds-and-python-steps.yml +++ b/tools/ci_build/github/azure-pipelines/templates/setup-feeds-and-python-steps.yml @@ -1,8 +1,9 @@ # Template for setting up the package feeds and installing python. # Feeds configured: -# - pip # - maven & gradle +# - npm # - nuget +# - pip # # n.b. This template writes to user profile files. From f1477830ea4cb8d429b1e38344f4d46f55b205ac Mon Sep 17 00:00:00 2001 From: Sanaa Hamel Date: Thu, 16 Apr 2026 14:43:32 -0400 Subject: [PATCH 14/14] fix: missing feed auth --- .../azure-pipelines/stages/nodejs-linux-packaging-stage.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/ci_build/github/azure-pipelines/stages/nodejs-linux-packaging-stage.yml b/tools/ci_build/github/azure-pipelines/stages/nodejs-linux-packaging-stage.yml index ff35d3e35ef6c..1a326e9dbd584 100644 --- a/tools/ci_build/github/azure-pipelines/stages/nodejs-linux-packaging-stage.yml +++ b/tools/ci_build/github/azure-pipelines/stages/nodejs-linux-packaging-stage.yml @@ -33,6 +33,9 @@ stages: - checkout: self clean: true submodules: recursive + + - template: ../templates/setup-feeds-and-python-steps.yml + - template: ../templates/get-docker-image-steps.yml parameters: Dockerfile: tools/ci_build/github/linux/docker/inference/x86_64/default/cuda${{ variables.CUDA_VERSION_MAJOR }}/Dockerfile