From a994952581b6d107a3d80df447b0872920f9e603 Mon Sep 17 00:00:00 2001
From: Changming Sun <chasun@microsoft.com>
Date: Mon, 16 Sep 2024 10:13:39 -0700
Subject: [PATCH] update

---
 .../azure-pipelines/py-packaging-pipeline.yml | 12 +++++++-
 .../azure-pipelines/templates/py-linux.yml    | 29 ++++++++++++-------
 2 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/tools/ci_build/github/azure-pipelines/py-packaging-pipeline.yml b/tools/ci_build/github/azure-pipelines/py-packaging-pipeline.yml
index 8656776f6078b..ae647949a1b99 100644
--- a/tools/ci_build/github/azure-pipelines/py-packaging-pipeline.yml
+++ b/tools/ci_build/github/azure-pipelines/py-packaging-pipeline.yml
@@ -352,7 +352,17 @@ extends:
           machine_pool: 'onnxruntime-Ubuntu2204-AMD-CPU'
           extra_build_arg: ${{ parameters.build_py_parameters }}
           cmake_build_type: ${{ parameters.cmake_build_type }}
-          
+
+    - stage: Python_Packaging_Linux_ARM
+      dependsOn: []
+      jobs:
+      - template: /tools/ci_build/github/azure-pipelines/templates/py-linux.yml@self
+        parameters:
+          arch: 'aarch64'
+          machine_pool: 'onnxruntime-linux-ARM64-CPU-2019'
+          extra_build_arg: ${{ parameters.build_py_parameters }}
+          cmake_build_type: ${{ parameters.cmake_build_type }}
+       
     - template: /tools/ci_build/github/azure-pipelines/templates/py-linux-gpu.yml@self
       parameters:
         arch: 'x86_64'
diff --git a/tools/ci_build/github/azure-pipelines/templates/py-linux.yml b/tools/ci_build/github/azure-pipelines/templates/py-linux.yml
index dd9d2412f8f91..904af1b44607e 100644
--- a/tools/ci_build/github/azure-pipelines/templates/py-linux.yml
+++ b/tools/ci_build/github/azure-pipelines/templates/py-linux.yml
@@ -32,6 +32,21 @@ jobs:
   workspace:
     clean: all
   pool: ${{ parameters.machine_pool }}
+  templateContext:
+      codeSignValidation:
+        enabled: true
+        break: true
+      psscriptanalyzer:
+        enabled: true
+      sdl:
+        binskim:
+          enabled: true
+          scanOutputDirectoryOnly: true
+          targetPathPattern: '+:file|$(Build.ArtifactStagingDirectory)\**\*.pyd;+:file|$(Build.ArtifactStagingDirectory)\**\*.dll;-:file|$(Build.ArtifactStagingDirectory)\**\DirectML.dll'
+      outputs:
+      - output: pipelineArtifact
+        targetPath: $(Build.ArtifactStagingDirectory)
+        artifactName: linux_cpu_wheel_${{ parameters.arch }}
   variables:
     # The build machine pool doesn't have dotnet, so it can't run CG.
     - name: skipComponentGovernanceDetection
@@ -83,17 +98,11 @@ jobs:
               env:
                 ADDITIONAL_DOCKER_PARAMETER: "--volume $(ORT_CACHE_DIR):/cache -e CCACHE_DIR=/cache -e ORT_BUILD_WITH_CACHE=1"
 
-    - task: PublishBuildArtifacts@1
-      displayName: 'Publish Artifact: ONNXRuntime python wheel'
-      inputs:
-        PathtoPublish: '$(Build.BinariesDirectory)/dist'
-        ArtifactName: onnxruntime
 
-    - task: PublishPipelineArtifact@0
-      displayName: 'Publish Test Binaries'
-      inputs:
-        artifactName: 'drop-linux-cpu-${{ parameters.arch }}'
-        targetPath: '$(Build.BinariesDirectory)/${{ parameters.cmake_build_type }}'
+    - script: |
+          mv $(Build.BinariesDirectory)/${{ parameters.cmake_build_type }} $(Build.BinariesDirectory)/dist
+      workingDirectory: '$(Build.ArtifactStagingDirectory)'
+      displayName: 'unzip the package'
 
     - template: component-governance-component-detection-steps.yml
       parameters :