From 04a84baeb30c6fd5ecc0a57f82aaaf8070977622 Mon Sep 17 00:00:00 2001 From: hickford Date: Fri, 22 Jul 2022 11:25:59 +0100 Subject: [PATCH] Add GitHub action for PR fuzzing https://google.github.io/clusterfuzzlite/running-clusterfuzzlite/github-actions/ --- .clusterfuzzlite/Dockerfile | 3 +- .clusterfuzzlite/project.yaml | 1 + .github/workflows/cflite_build.yml | 28 +++++++++++++++++ .github/workflows/cflite_pr.yml | 48 ++++++++++++++++++++++++++++++ 4 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/cflite_build.yml create mode 100644 .github/workflows/cflite_pr.yml diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile index fa42448..ba75c57 100644 --- a/.clusterfuzzlite/Dockerfile +++ b/.clusterfuzzlite/Dockerfile @@ -1,4 +1,5 @@ +# https://google.github.io/clusterfuzzlite/build-integration/#dockerfile FROM gcr.io/oss-fuzz-base/base-builder-go COPY . $SRC/merkle -WORKDIR merkle +WORKDIR $SRC/merkle COPY .clusterfuzzlite/build.sh $SRC/ diff --git a/.clusterfuzzlite/project.yaml b/.clusterfuzzlite/project.yaml index 7c7f1d5..2218ae3 100644 --- a/.clusterfuzzlite/project.yaml +++ b/.clusterfuzzlite/project.yaml @@ -1,3 +1,4 @@ +# https://google.github.io/clusterfuzzlite//build-integration/go-lang/ language: go fuzzing_engines: - libfuzzer diff --git a/.github/workflows/cflite_build.yml b/.github/workflows/cflite_build.yml new file mode 100644 index 0000000..a5ee747 --- /dev/null +++ b/.github/workflows/cflite_build.yml @@ -0,0 +1,28 @@ +name: ClusterFuzzLite continuous builds +on: + push: + branches: + - main # Use your actual default branch here. +permissions: read-all +jobs: + Build: + runs-on: ubuntu-latest + concurrency: + group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} + cancel-in-progress: true + strategy: + fail-fast: false + matrix: + sanitizer: + - address + # Override this with the sanitizers you want. + # - undefined + # - memory + steps: + - name: Build Fuzzers (${{ matrix.sanitizer }}) + id: build + uses: google/clusterfuzzlite/actions/build_fuzzers@v1 + with: + language: go + sanitizer: ${{ matrix.sanitizer }} + upload-build: true diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml new file mode 100644 index 0000000..9cad6d9 --- /dev/null +++ b/.github/workflows/cflite_pr.yml @@ -0,0 +1,48 @@ +name: ClusterFuzzLite PR fuzzing +on: + pull_request: + paths: + - '**' +permissions: read-all +jobs: + PR: + runs-on: ubuntu-latest + concurrency: + group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} + cancel-in-progress: true + strategy: + fail-fast: false + matrix: + sanitizer: + - address + # Override this with the sanitizers you want. + # - undefined + # - memory + steps: + - name: Build Fuzzers (${{ matrix.sanitizer }}) + id: build + uses: google/clusterfuzzlite/actions/build_fuzzers@v1 + with: + language: go + github-token: ${{ secrets.GITHUB_TOKEN }} + sanitizer: ${{ matrix.sanitizer }} + # Optional but recommended: used to only run fuzzers that are affected + # by the PR. + # See later section on "Git repo for storage". + # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git + # storage-repo-branch: main # Optional. Defaults to "main" + # storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". + - name: Run Fuzzers (${{ matrix.sanitizer }}) + id: run + uses: google/clusterfuzzlite/actions/run_fuzzers@v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + fuzz-seconds: 600 + mode: 'code-change' + sanitizer: ${{ matrix.sanitizer }} + # Optional but recommended: used to download the corpus produced by + # batch fuzzing. + # See later section on "Git repo for storage". + # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git + # storage-repo-branch: main # Optional. Defaults to "main" + # storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages".