Implementation:Microsoft Onnxruntime WindowsAI NuGet Pipeline
| Knowledge Sources | |
|---|---|
| Domains | CI/CD, Packaging, Windows |
| Last Updated | 2026-02-10 04:00 GMT |
Overview
An Azure DevOps OneBranch pipeline definition that builds, packages, signs, and publishes the Microsoft.AI.MachineLearning NuGet package for Windows (x64, x86, arm64) with both dynamic and static runtime variants.
Description
The `OneBranch.Nuget-WindowsAI-Pipeline.Official.yml` defines the official CI/CD pipeline for producing the Windows AI (Microsoft.AI.MachineLearning) NuGet package. Key aspects:
- Parameters: `UploadSymbols` (boolean, default false) controls whether symbols are uploaded to Microsoft's symbol server.
- Triggers: Manually triggered (`trigger: none`).
- Global SDL settings: Configures TSA (enabled), prefast (disabled), CG alerting (non-blocking), and PoliCheck (breaking on issues with exclusions file).
- Build stage (Windows_Build): Contains multiple jobs using the `windowsai-steps.yml` template:
- Six build jobs for all combinations of architecture (x64, x86, arm64) and runtime (dynamic, static). - x86 builds use `pythonx86` package name.
- NuGet_Packaging job: Depends on all six build jobs. Downloads all architecture-specific NuGet artifacts, then:
- Extracts all `.nupkg` files.
- Copies native binaries (onnxruntime.dll, onnxruntime.lib, microsoft.ai.machinelearning.dll/lib) from each architecture into a unified package structure including `runtimes/win-{arch}/_native/` and `runtimes/win-{arch}/_native/static/` directories.
- Copies UAP build files for UWP support.
- Repacks into a merged NuGet package using 7z.
- Similarly merges symbol packages (`.snupkg`) with PDB files.
- Signs the final NuGet package using ESRP code signing (NuGetSign + NuGetVerify operations).
- NuGet_Publishing job: Depends on packaging. Downloads the merged artifact and publishes to the `PublicPackages/ORT-Nightly` feed when building from the `main` branch.
- NuGet publishing configuration: Publishes `.nupkg` files (excluding `.symbols.nupkg`) with `continueOnConflict: true`.
Usage
This pipeline is used by the ONNX Runtime team to produce official Windows AI NuGet packages. It is triggered manually and publishes nightly builds to the public ORT-Nightly feed.
Code Reference
Source Location
- Repository: Microsoft_Onnxruntime
- File: .pipelines/OneBranch.Nuget-WindowsAI-Pipeline.Official.yml
- Lines: 1-355
Signature
parameters:
- name: UploadSymbols
displayName: Upload Symbols to Microsoft symbol server?
type: boolean
default: false
trigger: none
extends:
template: v2/OneBranch.Official.CrossPlat.yml@templates
parameters:
nugetPublishing:
feeds:
- name: PublicPackages/ORT-Nightly
files_to_publish: '*.nupkg;!*.symbols.nupkg'
continueOnConflict: true
stages:
- stage: Windows_Build
jobs:
- template: .pipelines/windowsai-steps.yml@self
parameters:
BuildArch: x64
# ... x86, arm64, static variants ...
- job: NuGet_Packaging
# ... merge and sign NuGet packages ...
- job: NuGet_Publishing
# ... publish to feed ...
Import
# Referenced templates:
resources:
repositories:
- repository: templates
type: git
name: OneBranch.Pipelines/GovernedTemplates
ref: refs/heads/main
I/O Contract
| Stage/Job | Inputs | Outputs | Description |
|---|---|---|---|
| Windows_Build (x64/x86/arm64 dynamic+static) | Source code, build parameters | Per-arch NuGet packages | Builds native binaries and per-arch NuGet packages |
| NuGet_Packaging | All per-arch artifacts | Merged + signed NuGet package | Merges architectures and signs the package |
| NuGet_Publishing | Signed NuGet package | Published to ORT-Nightly feed | Publishes to public NuGet feed (main branch only) |
Usage Examples
# Trigger the pipeline manually in Azure DevOps
# Set UploadSymbols to true if symbol server upload is needed
# The pipeline produces:
# - Microsoft.AI.MachineLearning.{version}.nupkg (merged, signed)
# - Microsoft.AI.MachineLearning.{version}.snupkg (symbols)
Related Pages
Page Connections
Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment