From 9a6943fe94fe22b3ca3c9e2382a7b3abef54f7e9 Mon Sep 17 00:00:00 2001 From: Aditya Rastogi Date: Wed, 20 May 2026 11:07:18 -0700 Subject: [PATCH 1/4] Initial draft --- cgmanifests/README.md | 5 +- cgmanifests/webgpu/README.md | 42 + cgmanifests/webgpu/cgmanifest.json | 1110 ++++++++++++++++++++ tools/python/validate_webgpu_cgmanifest.py | 168 +++ 4 files changed, 1324 insertions(+), 1 deletion(-) create mode 100644 cgmanifests/webgpu/README.md create mode 100644 cgmanifests/webgpu/cgmanifest.json create mode 100644 tools/python/validate_webgpu_cgmanifest.py diff --git a/cgmanifests/README.md b/cgmanifests/README.md index a7d816a401a95..1da39340d0d28 100644 --- a/cgmanifests/README.md +++ b/cgmanifests/README.md @@ -1,3 +1,6 @@ # CGManifest Files This directory contains CGManifest (cgmanifest.json) files. -See [here](https://docs.opensource.microsoft.com/tools/cg/cgmanifest.html) for details. \ No newline at end of file +See [here](https://docs.opensource.microsoft.com/tools/cg/cgmanifest.html) for details. + +The WebGPU-specific manifest is in `webgpu\cgmanifest.json`. It is scoped to builds that enable the WebGPU +Execution Provider and should be selected explicitly by WebGPU packaging or NOTICE-generation pipelines. diff --git a/cgmanifests/webgpu/README.md b/cgmanifests/webgpu/README.md new file mode 100644 index 0000000000000..8c0248541298d --- /dev/null +++ b/cgmanifests/webgpu/README.md @@ -0,0 +1,42 @@ +# WebGPU Component Governance manifest + +This directory contains the WebGPU-specific Component Governance manifest for ONNX Runtime. It covers Dawn and the +Dawn-derived dependency graph used when building the WebGPU Execution Provider. + +The dependencies in `cgmanifest.json` are optional for ONNX Runtime as a whole. Vanilla ORT builds that do not enable +WebGPU should not treat this manifest as a global dependency list. WebGPU packaging and NOTICE-generation pipelines +should explicitly select this manifest in addition to any global ORT Component Governance metadata they already scan. + +## Classification policy + +The Component Governance manifest schema provides a `developmentDependency` boolean, but it does not provide separate +first-class fields for runtime, build-tool, test-only, or conditional dependencies. This manifest uses: + +- no `developmentDependency` field for components that are redistributed, statically linked, or otherwise part of the + WebGPU package/runtime dependency closure; +- `developmentDependency: true` for Dawn dependencies that are only build tools, tests, disabled optional backends, or + source inputs that current WebGPU packages do not redistribute; +- `comments` to preserve the more precise classification and Dawn `DEPS` path/condition. + +If a WebGPU package starts redistributing a component currently marked as a development dependency, update that +registration and explain the packaging path in `comments` and `detectedComponentLocations`. + +## Maintenance + +When rolling Dawn or changing WebGPU packaging: + +1. Update the Dawn registration to match the `dawn` entry in `cmake\deps.txt`. +2. Re-audit the pinned upstream Dawn `DEPS` file and update Dawn-derived registrations, comments, and + `dependencyRoots`. +3. If the Windows WebGPU plugin pipeline changes the downloaded DXC release, update the DirectXShaderCompiler release + registration to match `tools\ci_build\github\azure-pipelines\stages\plugin-win-webgpu-stage.yml`. +4. Run: + + ```powershell + python tools\python\validate_webgpu_cgmanifest.py + ``` + +Non-git Dawn toolchain packages from CIPD/GCS, such as GN, Ninja, CMake, Go, Siso, reclient, and sysroots, are +intentionally not registered here unless they become redistributed or CG/legal guidance requires build input coverage. +They do not have stable public upstream source identities in the Dawn `DEPS` file and are not part of current WebGPU +package contents. diff --git a/cgmanifests/webgpu/cgmanifest.json b/cgmanifests/webgpu/cgmanifest.json new file mode 100644 index 0000000000000..90448c9b4a68e --- /dev/null +++ b/cgmanifests/webgpu/cgmanifest.json @@ -0,0 +1,1110 @@ +{ + "$schema": "https://json.schemastore.org/component-detection-manifest.json", + "version": 1, + "registrations": [ + { + "component": { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + }, + "comments": "runtime; WebGPU EP root dependency pinned in cmake/deps.txt and patched by cmake/external/onnxruntime_external_deps.cmake.", + "detectedComponentLocations": [ + "{SourceFileRoot}/cmake/deps.txt", + "{SourceFileRoot}/cmake/external/onnxruntime_external_deps.cmake", + "{SourceFileRoot}/cmake/patches/dawn" + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "b4711839eb9a87da7c3436d9b212e0492359fbbd", + "repositoryUrl": "https://github.com/microsoft/DirectXShaderCompiler.git", + "tag": "v1.8.2502" + } + }, + "comments": "runtime; redistributed by Windows WebGPU plugin packages as dxil.dll and dxcompiler.dll. Release zip: https://github.com/microsoft/DirectXShaderCompiler/releases/download/v1.8.2502/dxc_2025_02_20.zip; SHA256: 70B1913A1BFCE4A3E1A5311D16246F4ECDF3A3E613ABEC8AA529E57668426F85.", + "detectedComponentLocations": [ + "{SourceFileRoot}/tools/ci_build/github/azure-pipelines/stages/plugin-win-webgpu-stage.yml", + "{SourceFileRoot}/plugin-ep-webgpu/csharp/pack_nuget.py", + "{SourceFileRoot}/plugin-ep-webgpu/python/build_wheel.py" + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "7ef32bbacabd0d04a6cfac92a542841c531e1b21", + "repositoryUrl": "https://chromium.googlesource.com/chromium/src/third_party/abseil-cpp" + } + }, + "comments": "runtime; Dawn DEPS third_party/abseil-cpp. ORT static WebGPU builds point Dawn at ORT's Abseil source when available.", + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ], + "detectedComponentLocations": [ + "{SourceFileRoot}/cmake/external/onnxruntime_external_deps.cmake" + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "a0f4dc977fa2ef7f47708aec914a4fbfeefc6103", + "repositoryUrl": "https://chromium.googlesource.com/chromium/src/third_party/protobuf" + } + }, + "comments": "runtime; Dawn DEPS third_party/protobuf. ORT static WebGPU builds point Dawn at ORT's Protobuf source when available.", + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ], + "detectedComponentLocations": [ + "{SourceFileRoot}/cmake/external/onnxruntime_external_deps.cmake" + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "f31ca173eff866369e54d35e53375fadbabd58f4", + "repositoryUrl": "https://github.com/KhronosGroup/SPIRV-Headers.git" + } + }, + "comments": "runtime; Dawn DEPS third_party/spirv-headers/src used by Dawn/Tint SPIR-V support.", + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "cb38b2342beedde25bcff582dc3528a135cf6e67", + "repositoryUrl": "https://github.com/KhronosGroup/SPIRV-Tools.git" + } + }, + "comments": "runtime; Dawn DEPS third_party/spirv-tools/src used by Dawn/Tint SPIR-V support.", + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "49f1a381e2aec33ef32adf4a377b5a39ec016ec4", + "repositoryUrl": "https://github.com/KhronosGroup/Vulkan-Headers.git" + } + }, + "comments": "runtime; Dawn DEPS third_party/vulkan-headers/src and ORT Dawn port dependency for Vulkan-enabled WebGPU builds.", + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "50af38b6cd43afb1462f9ad26b8d015382d11a3d", + "repositoryUrl": "https://github.com/KhronosGroup/Vulkan-Utility-Libraries.git" + } + }, + "comments": "runtime; Dawn DEPS third_party/vulkan-utility-libraries/src and ORT Dawn port dependency for Vulkan-enabled WebGPU builds.", + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "cb0597213b0fcb999caa9ed08c2f88dc45eb7d50", + "repositoryUrl": "https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator.git" + } + }, + "comments": "runtime; Dawn DEPS third_party/vulkan_memory_allocator used by Vulkan-enabled Dawn builds.", + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "7eda07b1e067ef3fd7eea0419c88b5af45c9a776", + "repositoryUrl": "https://chromium.googlesource.com/chromium/src/third_party/zlib" + } + }, + "comments": "runtime; Dawn DEPS third_party/zlib.", + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "008e4fdd7e31d9133d028659348e054d350ccc3e", + "repositoryUrl": "https://chromium.googlesource.com/chromium/src/base/allocator/partition_allocator.git" + } + }, + "comments": "runtime; Dawn DEPS third_party/partition_alloc used by Dawn standalone builds.", + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "3e6e148537683c22e3e74977d56516f16f39c7be", + "repositoryUrl": "https://github.com/microsoft/DirectXShaderCompiler.git" + } + }, + "comments": "runtime; Dawn DEPS third_party/dxc used when ORT builds Dawn's built DXC path for Windows WebGPU builds.", + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "980971e835876dc0cde415e8f9bc646e64667bf7", + "repositoryUrl": "https://github.com/microsoft/DirectX-Headers.git" + } + }, + "comments": "runtime; Dawn DEPS third_party/dxheaders and ORT Dawn port dependency for D3D12/DXC-enabled WebGPU builds.", + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "6a18683f555b4ac8b05ac8395c29c84483ac9588", + "repositoryUrl": "https://chromium.googlesource.com/chromium/src/buildtools" + } + }, + "comments": "build-tool; Dawn DEPS buildtools, condition: dawn_standalone.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "c2725e0622e1a86d55f14514f2177a39efea4a0e", + "repositoryUrl": "https://chromium.googlesource.com/external/github.com/llvm/llvm-project/clang/tools/clang-format.git" + } + }, + "comments": "build-tool; Dawn DEPS third_party/clang-format/script, condition: dawn_standalone.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "425882d8c0acaab53bf2f8abbe7efcf5db5b168b", + "repositoryUrl": "https://chromium.googlesource.com/chromium/tools/depot_tools.git" + } + }, + "comments": "build-tool; Dawn DEPS third_party/depot_tools, condition: dawn_standalone.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "7ab65651aed6802d2599dcb7a73b1f82d5179d05", + "repositoryUrl": "https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxx.git" + } + }, + "comments": "build-tool; Dawn DEPS third_party/libc++/src, condition: dawn_standalone.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "8f11bb1d4438d0239d0dfc1bd9456a9f31629dda", + "repositoryUrl": "https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi.git" + } + }, + "comments": "build-tool; Dawn DEPS third_party/libc++abi/src, condition: dawn_standalone.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "d38523b674e26b7c8d61ed2e48d6cfe248b12da0", + "repositoryUrl": "https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libc.git" + } + }, + "comments": "build-tool; Dawn DEPS third_party/llvm-libc/src required by libc++, condition: dawn_standalone.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "369990d9660a387f618d0eedc341eb285016243b", + "repositoryUrl": "https://chromium.googlesource.com/chromiumos/third_party/libdrm.git" + } + }, + "comments": "build-tool; Dawn DEPS third_party/libdrm/src for Linux build support, condition: dawn_standalone and host_os == \"linux\".", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "4c2c31b6776c1fe03a029f66ef530796f0add90d", + "repositoryUrl": "https://chromium.googlesource.com/chromium/src/build" + } + }, + "comments": "build-tool; Dawn DEPS build, condition: dawn_standalone.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "7fd7d7092fa5ee06380f06f66f1b7bd03fca71a8", + "repositoryUrl": "https://chromium.googlesource.com/chromium/src/tools/clang" + } + }, + "comments": "build-tool; Dawn DEPS tools/clang, condition: dawn_standalone.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "b635f27e932356a2e29450e5cfa544cdcc9ea6bb", + "repositoryUrl": "https://chromium.googlesource.com/chromium/src/tools/memory" + } + }, + "comments": "build-tool; Dawn DEPS tools/memory, condition: dawn_standalone.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "da34b95fdbf2032df6cda5f3828c2ba421592644", + "repositoryUrl": "https://chromium.googlesource.com/chromium/src/tools/valgrind" + } + }, + "comments": "build-tool; Dawn DEPS tools/valgrind, condition: dawn_standalone.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "baacfc6d5986b07abe0503216b491e234b94ba79", + "repositoryUrl": "https://chromium.googlesource.com/chromium/src/tools/win" + } + }, + "comments": "build-tool; Dawn DEPS tools/win, condition: checkout_win and not build_with_chromium.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "a975ec0340bd4b7dab6c8e43b15dbc638621a23c", + "repositoryUrl": "https://chromium.googlesource.com/chromium/src/tools/mb" + } + }, + "comments": "build-tool; Dawn DEPS tools/mb, condition: dawn_standalone.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "4d438b31b58e2dc84b592a052b6b97e05ceb6497", + "repositoryUrl": "https://chromium.googlesource.com/chromium/src/testing" + } + }, + "comments": "test-only; Dawn DEPS testing, condition: dawn_standalone.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "bea408a6e01f0f7e6c82a43121fe3af4506c932e", + "repositoryUrl": "https://chromium.googlesource.com/external/github.com/llvm/llvm-project/compiler-rt/lib/fuzzer.git" + } + }, + "comments": "test-only; Dawn DEPS third_party/libFuzzer/src, condition: dawn_standalone.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "4fe3307fb2d9f86d19777c7eb0e4809e9694dde7", + "repositoryUrl": "https://github.com/google/googletest.git" + } + }, + "comments": "test-only; Dawn DEPS third_party/googletest, condition: dawn_standalone.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "59090f1f5e2b3ad9c90e4dc5fc8e79aed9110587", + "repositoryUrl": "https://chromium.googlesource.com/catapult.git" + } + }, + "comments": "test-only; Dawn DEPS third_party/catapult, condition: dawn_standalone.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "188e8278990a9069ffc84441cb5a024fd0bede37", + "repositoryUrl": "https://github.com/google/benchmark.git" + } + }, + "comments": "test-only; Dawn DEPS third_party/google_benchmark/src, condition: dawn_standalone.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "2e683eb7385c54f872acc47b371210d2282bc103", + "repositoryUrl": "https://gitlab.freedesktop.org/mesa/mesa.git" + } + }, + "comments": "test-only; Dawn DEPS third_party/mesa/src, condition: dawn_standalone and checkout_mesa.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "d389906a136c2aac9820ded0f38d1e25ef25fb9a", + "repositoryUrl": "https://github.com/mesonbuild/meson.git" + } + }, + "comments": "build-tool; Dawn DEPS third_party/meson/src, condition: dawn_standalone and checkout_mesa.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "c3027d884967773057bf74b957e3fea87e5df4d7", + "repositoryUrl": "https://chromium.googlesource.com/chromium/src/third_party/jinja2" + } + }, + "comments": "build-tool; Dawn DEPS third_party/jinja2 for code generation, condition: dawn_standalone.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "4256084ae14175d38a3ff7d739dca83ae49ccec6", + "repositoryUrl": "https://chromium.googlesource.com/chromium/src/third_party/markupsafe" + } + }, + "comments": "build-tool; Dawn DEPS third_party/markupsafe for code generation, condition: dawn_standalone.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "b35641f4a3c62aa86a0b3c983d163bc0fe36026d", + "repositoryUrl": "https://github.com/glfw/glfw.git" + } + }, + "comments": "conditional; Dawn DEPS third_party/glfw. ORT disables GLFW unless onnxruntime_ENABLE_PIX_FOR_WEBGPU_EP is enabled.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ], + "detectedComponentLocations": [ + "{SourceFileRoot}/cmake/external/onnxruntime_external_deps.cmake" + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "cce16dfb64c7525c6a417f98c67423330db8f3d7", + "repositoryUrl": "https://chromium.googlesource.com/angle/angle" + } + }, + "comments": "conditional; Dawn DEPS third_party/angle. ORT disables Dawn desktop GL/OpenGLES unless PIX support is enabled.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ], + "detectedComponentLocations": [ + "{SourceFileRoot}/cmake/external/onnxruntime_external_deps.cmake" + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "b7b7fd22e5f28079b92412f47f6da4df43e4cd37", + "repositoryUrl": "https://swiftshader.googlesource.com/SwiftShader" + } + }, + "comments": "conditional; Dawn DEPS third_party/swiftshader. Not redistributed by ORT WebGPU packages.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "a26b8836968dc480ad283234823e6ffc62052489", + "repositoryUrl": "https://chromium.googlesource.com/vulkan-deps" + } + }, + "comments": "build-tool; Dawn DEPS third_party/vulkan-deps roll metadata. Concrete Vulkan components are registered separately.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "022de31e7ffa5230068858d9e6cd85ae11170bda", + "repositoryUrl": "https://github.com/KhronosGroup/glslang.git" + } + }, + "comments": "conditional; Dawn DEPS third_party/glslang/src. ORT disables GLSL writer/validator unless PIX support is enabled.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ], + "detectedComponentLocations": [ + "{SourceFileRoot}/cmake/external/onnxruntime_external_deps.cmake" + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "09a024d4e422f8e603412f582d76c2051ef51cfc", + "repositoryUrl": "https://github.com/KhronosGroup/Vulkan-Loader.git" + } + }, + "comments": "conditional; Dawn DEPS third_party/vulkan-loader/src and ORT Dawn port dependency. Not redistributed by current WebGPU plugin packages.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "39a19dccf79d28951516c3c7c9f1ee4a606fb733", + "repositoryUrl": "https://github.com/KhronosGroup/Vulkan-Tools.git" + } + }, + "comments": "build-tool; Dawn DEPS third_party/vulkan-tools/src.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "145be10eff68bf41f1b556026ecf7da9a7c8d15b", + "repositoryUrl": "https://github.com/KhronosGroup/Vulkan-ValidationLayers.git" + } + }, + "comments": "build-tool; Dawn DEPS third_party/vulkan-validation-layers/src. ORT disables Dawn SPIR-V validation.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ], + "detectedComponentLocations": [ + "{SourceFileRoot}/cmake/external/onnxruntime_external_deps.cmake" + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "5bae8738b23d06968e7c3a41308568120943ae77", + "repositoryUrl": "https://github.com/KhronosGroup/OpenGL-Registry.git" + } + }, + "comments": "conditional; Dawn DEPS third_party/khronos/OpenGL-Registry. ORT disables desktop GL/OpenGLES unless PIX support is enabled.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ], + "detectedComponentLocations": [ + "{SourceFileRoot}/cmake/external/onnxruntime_external_deps.cmake" + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "7dea2ed79187cd13f76183c4b9100159b9e3e071", + "repositoryUrl": "https://github.com/KhronosGroup/EGL-Registry.git" + } + }, + "comments": "conditional; Dawn DEPS third_party/khronos/EGL-Registry. ORT disables desktop GL/OpenGLES unless PIX support is enabled.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ], + "detectedComponentLocations": [ + "{SourceFileRoot}/cmake/external/onnxruntime_external_deps.cmake" + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "dbe37c7d554fd72651510c362cf62992e5f45e1f", + "repositoryUrl": "https://github.com/gpuweb/cts.git" + } + }, + "comments": "test-only; Dawn DEPS third_party/webgpu-cts, condition: build_with_chromium or dawn_standalone.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "b4258c35121c8d0e12f53568ffb22236d7816723", + "repositoryUrl": "https://github.com/emscripten-core/emsdk.git" + } + }, + "comments": "build-tool; Dawn DEPS third_party/emsdk, condition: dawn_wasm.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "d5cfe19da8b974ca35764dd1c73b91d57cd3c4ce", + "repositoryUrl": "https://github.com/nodejs/node-api-headers.git" + } + }, + "comments": "build-tool; Dawn DEPS third_party/node-api-headers, condition: dawn_node.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "1e26dcb52829a74260ec262edb41fc22998669b6", + "repositoryUrl": "https://github.com/nodejs/node-addon-api.git" + } + }, + "comments": "build-tool; Dawn DEPS third_party/node-addon-api, condition: dawn_node.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "b4b5752ff755fe33bf6a67fb6e5964ba9d40dcdc", + "repositoryUrl": "https://github.com/gpuweb/gpuweb.git" + } + }, + "comments": "build-tool; Dawn DEPS third_party/gpuweb, condition: dawn_node.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "0bfcdc4f487023d85e33597de0a94fc523e30fca", + "repositoryUrl": "https://github.com/webgpu-native/webgpu-headers.git" + } + }, + "comments": "test-only; Dawn DEPS third_party/webgpu-headers/src for testing purposes.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "3438d4183bfc7c0d6850e8b970204cc8189f0323", + "repositoryUrl": "https://chromium.googlesource.com/chromium/src/tools/protoc_wrapper" + } + }, + "comments": "build-tool; Dawn DEPS tools/protoc_wrapper, condition: dawn_standalone.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "7bf98f78a30b067e22420ff699348f084f802e12", + "repositoryUrl": "https://github.com/google/libprotobuf-mutator.git" + } + }, + "comments": "test-only; Dawn DEPS third_party/libprotobuf-mutator/src, condition: dawn_standalone.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "42e892d96e47b1f6e29844cc705e148ec4856448", + "repositoryUrl": "https://github.com/open-source-parsers/jsoncpp.git" + } + }, + "comments": "build-tool; Dawn DEPS third_party/jsoncpp, condition: dawn_tintd.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + }, + { + "component": { + "type": "git", + "git": { + "commitHash": "303c526231a90049a3e384549720f3fbd453cf66", + "repositoryUrl": "https://github.com/google/langsvr.git" + } + }, + "comments": "build-tool; Dawn DEPS third_party/langsvr, condition: dawn_tintd.", + "developmentDependency": true, + "dependencyRoots": [ + { + "type": "git", + "git": { + "commitHash": "ec7b457e5bb1fcec6f59733c4f3dd84d2f885a38", + "repositoryUrl": "https://github.com/google/dawn.git" + } + } + ] + } + ] +} diff --git a/tools/python/validate_webgpu_cgmanifest.py b/tools/python/validate_webgpu_cgmanifest.py new file mode 100644 index 0000000000000..88b2408a8df40 --- /dev/null +++ b/tools/python/validate_webgpu_cgmanifest.py @@ -0,0 +1,168 @@ +#!/usr/bin/env python3 + +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. + +"""Validate WebGPU Component Governance manifest drift.""" + +from __future__ import annotations + +import json +import re +import sys +from pathlib import Path +from typing import Any + + +REPO_ROOT = Path(__file__).resolve().parents[2] +WEBGPU_CGMANIFEST = REPO_ROOT / "cgmanifests" / "webgpu" / "cgmanifest.json" +DEPS_TXT = REPO_ROOT / "cmake" / "deps.txt" +PLUGIN_WIN_WEBGPU_STAGE = ( + REPO_ROOT / "tools" / "ci_build" / "github" / "azure-pipelines" / "stages" / "plugin-win-webgpu-stage.yml" +) + +DAWN_REPOSITORY_URL = "https://github.com/google/dawn.git" +DXC_REPOSITORY_URL = "https://github.com/microsoft/DirectXShaderCompiler.git" + + +def _load_manifest() -> dict[str, Any]: + with WEBGPU_CGMANIFEST.open(encoding="utf-8") as manifest_file: + manifest = json.load(manifest_file) + + registrations = manifest.get("registrations") + if not isinstance(registrations, list): + raise ValueError(f"{WEBGPU_CGMANIFEST} must contain a registrations array") + + return manifest + + +def _git_component(registration: dict[str, Any]) -> dict[str, str] | None: + component = registration.get("component") + if not isinstance(component, dict) or component.get("type") != "git": + return None + + git = component.get("git") + if not isinstance(git, dict): + return None + + repository_url = git.get("repositoryUrl") + commit_hash = git.get("commitHash") + if not isinstance(repository_url, str) or not isinstance(commit_hash, str): + return None + + result = {"repositoryUrl": repository_url, "commitHash": commit_hash} + tag = git.get("tag") + if isinstance(tag, str): + result["tag"] = tag + return result + + +def _registrations(manifest: dict[str, Any]) -> list[dict[str, Any]]: + return manifest["registrations"] + + +def _find_git_registration(manifest: dict[str, Any], repository_url: str, *, tag: str | None = None) -> dict[str, Any]: + matches = [] + for registration in _registrations(manifest): + git = _git_component(registration) + if git is None or git["repositoryUrl"] != repository_url: + continue + if tag is not None and git.get("tag") != tag: + continue + matches.append(registration) + + if len(matches) != 1: + suffix = f" with tag {tag}" if tag is not None else "" + raise ValueError(f"expected exactly one registration for {repository_url}{suffix}, found {len(matches)}") + return matches[0] + + +def _dawn_commit_from_deps_txt() -> str: + deps_text = DEPS_TXT.read_text(encoding="utf-8") + match = re.search(r"^dawn;https://github\.com/google/dawn/archive/([0-9a-f]{40})\.zip;", deps_text, re.MULTILINE) + if not match: + raise ValueError(f"could not find Dawn commit in {DEPS_TXT}") + return match.group(1) + + +def _dxc_release_from_pipeline() -> tuple[str, str, str]: + pipeline_text = PLUGIN_WIN_WEBGPU_STAGE.read_text(encoding="utf-8") + url_match = re.search(r'\$dxcZipUrl = "([^"]+)"', pipeline_text) + hash_match = re.search(r'\$expectedHash = "([0-9A-Fa-f]+)"', pipeline_text) + if not url_match or not hash_match: + raise ValueError(f"could not find DXC release URL/hash in {PLUGIN_WIN_WEBGPU_STAGE}") + + tag_match = re.search(r"/download/(v[^/]+)/", url_match.group(1)) + if not tag_match: + raise ValueError(f"could not find DXC release tag in {url_match.group(1)}") + + return tag_match.group(1), url_match.group(1), hash_match.group(1).upper() + + +def _validate_dawn_root(manifest: dict[str, Any]) -> None: + registration = _find_git_registration(manifest, DAWN_REPOSITORY_URL) + git = _git_component(registration) + if git is None: + raise ValueError("Dawn registration must be a git component") + + expected_commit = _dawn_commit_from_deps_txt() + if git["commitHash"] != expected_commit: + raise ValueError( + f"Dawn manifest commit {git['commitHash']} does not match {DEPS_TXT} commit {expected_commit}" + ) + + +def _validate_dxc_release(manifest: dict[str, Any]) -> None: + expected_tag, expected_url, expected_hash = _dxc_release_from_pipeline() + registration = _find_git_registration(manifest, DXC_REPOSITORY_URL, tag=expected_tag) + git = _git_component(registration) + if git is None: + raise ValueError(f"DXC {expected_tag} registration must be a git component") + + comments = registration.get("comments", "") + if expected_url not in comments or expected_hash not in comments: + raise ValueError( + f"DXC {expected_tag} registration comments must contain pipeline URL {expected_url} " + f"and SHA256 {expected_hash}" + ) + + +def _validate_dawn_dependency_roots(manifest: dict[str, Any]) -> None: + dawn_commit = _dawn_commit_from_deps_txt() + + for registration in _registrations(manifest): + comments = registration.get("comments", "") + if not isinstance(comments, str) or "Dawn DEPS" not in comments: + continue + + dependency_roots = registration.get("dependencyRoots") + if not isinstance(dependency_roots, list) or len(dependency_roots) != 1: + raise ValueError(f"Dawn-derived registration is missing one dependencyRoots entry: {comments}") + + root = dependency_roots[0] + if not isinstance(root, dict): + raise ValueError(f"Dawn dependency root must be an object: {comments}") + + root_git = root.get("git") + if root.get("type") != "git" or not isinstance(root_git, dict): + raise ValueError(f"Dawn dependency root must be a git component: {comments}") + if root_git.get("repositoryUrl") != DAWN_REPOSITORY_URL or root_git.get("commitHash") != dawn_commit: + raise ValueError(f"Dawn dependency root does not match {DAWN_REPOSITORY_URL}@{dawn_commit}: {comments}") + + +def main() -> int: + try: + manifest = _load_manifest() + _validate_dawn_root(manifest) + _validate_dxc_release(manifest) + _validate_dawn_dependency_roots(manifest) + except (OSError, ValueError) as ex: + print(f"ERROR: {ex}", file=sys.stderr) + return 1 + + print(f"Validated {WEBGPU_CGMANIFEST}") + return 0 + + +if __name__ == "__main__": + sys.exit(main()) From 5e485730b9608fdbfd90fc860e3b15b709f25ae5 Mon Sep 17 00:00:00 2001 From: Aditya Rastogi Date: Wed, 20 May 2026 20:45:57 -0700 Subject: [PATCH 2/4] PR feedback (relocate files, manifest rename, additional guidance) --- cgmanifests/README.md | 5 +++-- cgmanifests/webgpu/README.md | 20 +++++++++++-------- ...cgmanifest.json => cgmanifest.webgpu.json} | 0 .../webgpu}/validate_webgpu_cgmanifest.py | 3 +-- 4 files changed, 16 insertions(+), 12 deletions(-) rename cgmanifests/webgpu/{cgmanifest.json => cgmanifest.webgpu.json} (100%) rename {tools/python => cgmanifests/webgpu}/validate_webgpu_cgmanifest.py (98%) diff --git a/cgmanifests/README.md b/cgmanifests/README.md index 1da39340d0d28..5e356e4507141 100644 --- a/cgmanifests/README.md +++ b/cgmanifests/README.md @@ -2,5 +2,6 @@ This directory contains CGManifest (cgmanifest.json) files. See [here](https://docs.opensource.microsoft.com/tools/cg/cgmanifest.html) for details. -The WebGPU-specific manifest is in `webgpu\cgmanifest.json`. It is scoped to builds that enable the WebGPU -Execution Provider and should be selected explicitly by WebGPU packaging or NOTICE-generation pipelines. +The WebGPU-specific manifest is in `webgpu/cgmanifest.webgpu.json`. It is intentionally not named `cgmanifest.json` +so default whole-repository Component Governance scans do not pick it up automatically. WebGPU packaging or +NOTICE-generation pipelines should stage it as `cgmanifest.json` in their scan input. diff --git a/cgmanifests/webgpu/README.md b/cgmanifests/webgpu/README.md index 8c0248541298d..b3f0d04c4df2a 100644 --- a/cgmanifests/webgpu/README.md +++ b/cgmanifests/webgpu/README.md @@ -3,9 +3,9 @@ This directory contains the WebGPU-specific Component Governance manifest for ONNX Runtime. It covers Dawn and the Dawn-derived dependency graph used when building the WebGPU Execution Provider. -The dependencies in `cgmanifest.json` are optional for ONNX Runtime as a whole. Vanilla ORT builds that do not enable -WebGPU should not treat this manifest as a global dependency list. WebGPU packaging and NOTICE-generation pipelines -should explicitly select this manifest in addition to any global ORT Component Governance metadata they already scan. +The manifest is named `cgmanifest.webgpu.json`, not `cgmanifest.json`, so default whole-repository Component +Governance scans do not pick it up automatically. WebGPU packaging and NOTICE-generation pipelines should stage or copy +this file as `cgmanifest.json` in the source directory that they scan for WebGPU package notices. ## Classification policy @@ -25,17 +25,21 @@ registration and explain the packaging path in `comments` and `detectedComponent When rolling Dawn or changing WebGPU packaging: -1. Update the Dawn registration to match the `dawn` entry in `cmake\deps.txt`. -2. Re-audit the pinned upstream Dawn `DEPS` file and update Dawn-derived registrations, comments, and - `dependencyRoots`. +1. Update the Dawn registration to match the `dawn` entry in `cmake/deps.txt`. +2. Re-audit the pinned upstream Dawn `DEPS` file. Compare the Dawn dependency list against this manifest, update any + changed commits or repository URLs, and reclassify entries if ORT's WebGPU build starts or stops redistributing + them. 3. If the Windows WebGPU plugin pipeline changes the downloaded DXC release, update the DirectXShaderCompiler release - registration to match `tools\ci_build\github\azure-pipelines\stages\plugin-win-webgpu-stage.yml`. + registration to match `tools/ci_build/github/azure-pipelines/stages/plugin-win-webgpu-stage.yml`. 4. Run: ```powershell - python tools\python\validate_webgpu_cgmanifest.py + python cgmanifests\webgpu\validate_webgpu_cgmanifest.py ``` +The validator checks for stale Dawn and DXC pins, but it does not replace the manual dependency classification review +in step 2. + Non-git Dawn toolchain packages from CIPD/GCS, such as GN, Ninja, CMake, Go, Siso, reclient, and sysroots, are intentionally not registered here unless they become redistributed or CG/legal guidance requires build input coverage. They do not have stable public upstream source identities in the Dawn `DEPS` file and are not part of current WebGPU diff --git a/cgmanifests/webgpu/cgmanifest.json b/cgmanifests/webgpu/cgmanifest.webgpu.json similarity index 100% rename from cgmanifests/webgpu/cgmanifest.json rename to cgmanifests/webgpu/cgmanifest.webgpu.json diff --git a/tools/python/validate_webgpu_cgmanifest.py b/cgmanifests/webgpu/validate_webgpu_cgmanifest.py similarity index 98% rename from tools/python/validate_webgpu_cgmanifest.py rename to cgmanifests/webgpu/validate_webgpu_cgmanifest.py index 88b2408a8df40..036d89c996315 100644 --- a/tools/python/validate_webgpu_cgmanifest.py +++ b/cgmanifests/webgpu/validate_webgpu_cgmanifest.py @@ -13,9 +13,8 @@ from pathlib import Path from typing import Any - REPO_ROOT = Path(__file__).resolve().parents[2] -WEBGPU_CGMANIFEST = REPO_ROOT / "cgmanifests" / "webgpu" / "cgmanifest.json" +WEBGPU_CGMANIFEST = Path(__file__).resolve().with_name("cgmanifest.webgpu.json") DEPS_TXT = REPO_ROOT / "cmake" / "deps.txt" PLUGIN_WIN_WEBGPU_STAGE = ( REPO_ROOT / "tools" / "ci_build" / "github" / "azure-pipelines" / "stages" / "plugin-win-webgpu-stage.yml" From 96620ea8e0dc8dad9898b82a34ecc48d912891db Mon Sep 17 00:00:00 2001 From: Aditya Rastogi Date: Wed, 20 May 2026 20:57:40 -0700 Subject: [PATCH 3/4] PR feedback (lintrunner) --- cgmanifests/webgpu/validate_webgpu_cgmanifest.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/cgmanifests/webgpu/validate_webgpu_cgmanifest.py b/cgmanifests/webgpu/validate_webgpu_cgmanifest.py index 036d89c996315..ed4f4b19035cc 100644 --- a/cgmanifests/webgpu/validate_webgpu_cgmanifest.py +++ b/cgmanifests/webgpu/validate_webgpu_cgmanifest.py @@ -106,9 +106,7 @@ def _validate_dawn_root(manifest: dict[str, Any]) -> None: expected_commit = _dawn_commit_from_deps_txt() if git["commitHash"] != expected_commit: - raise ValueError( - f"Dawn manifest commit {git['commitHash']} does not match {DEPS_TXT} commit {expected_commit}" - ) + raise ValueError(f"Dawn manifest commit {git['commitHash']} does not match {DEPS_TXT} commit {expected_commit}") def _validate_dxc_release(manifest: dict[str, Any]) -> None: From fda8d6a61d13575184cc9308ff18d27e6c8a6d0c Mon Sep 17 00:00:00 2001 From: adrastogi Date: Thu, 21 May 2026 13:46:31 -0700 Subject: [PATCH 4/4] PR feedback (add more detailed steps for tracking down Dawn dependencies) --- cgmanifests/webgpu/README.md | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/cgmanifests/webgpu/README.md b/cgmanifests/webgpu/README.md index b3f0d04c4df2a..cf03477ea6bbe 100644 --- a/cgmanifests/webgpu/README.md +++ b/cgmanifests/webgpu/README.md @@ -26,15 +26,30 @@ registration and explain the packaging path in `comments` and `detectedComponent When rolling Dawn or changing WebGPU packaging: 1. Update the Dawn registration to match the `dawn` entry in `cmake/deps.txt`. -2. Re-audit the pinned upstream Dawn `DEPS` file. Compare the Dawn dependency list against this manifest, update any - changed commits or repository URLs, and reclassify entries if ORT's WebGPU build starts or stops redistributing - them. +2. Re-audit the Dawn dependency graph for the pinned Dawn commit: + - Start from the Dawn commit in `cmake/deps.txt`; do not audit Dawn `main` or a different roll. + - Inspect Dawn's `tools/fetch_dawn_dependencies.py` at that commit. For ORT's normal source-fetch path, + `cmake/external/onnxruntime_external_deps.cmake` enables `DAWN_FETCH_DEPENDENCIES`, so the script's + `required_submodules` list is the primary set of Dawn source dependencies fetched for the build. + - Cross-reference each fetched submodule path with Dawn's `DEPS` file to get the public upstream repository URL, + commit, and condition. Use public upstream identities in this manifest, not internal mirrors. + - Compare that fetched set against this manifest. Add new fetched components, update changed commits or repository + URLs, and remove entries that are no longer fetched or relevant unless CG/legal guidance requires keeping them. + - Cross-check ORT's Dawn CMake options in `cmake/external/onnxruntime_external_deps.cmake` and Dawn's + `third_party/CMakeLists.txt` before classifying a component. Components that are redistributed, statically linked, + or otherwise part of the WebGPU package/runtime closure should not be marked as development dependencies; build + tools, test inputs, disabled optional backends, and unfetched conditional dependencies should be marked + `developmentDependency: true` if they remain registered. + - Verify actual WebGPU package contents, especially platform-specific artifacts. For example, the Windows WebGPU + plugin pipeline downloads and redistributes DXC DLLs separately from Dawn's `third_party/dxc` source dependency, so + both the Dawn build-input registration and the redistributed DXC release registration may need review. + - Keep Dawn-derived registrations connected to the Dawn root with `dependencyRoots`. 3. If the Windows WebGPU plugin pipeline changes the downloaded DXC release, update the DirectXShaderCompiler release registration to match `tools/ci_build/github/azure-pipelines/stages/plugin-win-webgpu-stage.yml`. 4. Run: ```powershell - python cgmanifests\webgpu\validate_webgpu_cgmanifest.py + python cgmanifests/webgpu/validate_webgpu_cgmanifest.py ``` The validator checks for stale Dawn and DXC pins, but it does not replace the manual dependency classification review