On Sat, Jul 10, 2021 at 2:11 PM Evgeny Vereshchagin <evvers@xxxxx> wrote: > > Now that almost all the bugs reported by OSS-Fuzz have been > fixed libsepol/cil should be stable enough to get CIFuzz working > more or less reliably. It should help to catch regressions/new bugs > faster. > > https://google.github.io/oss-fuzz/getting-started/continuous-integration/ > > The patch was tested on GitHub in https://github.com/SELinuxProject/selinux/pull/285 > The CIFuzz job can be found at https://github.com/SELinuxProject/selinux/actions/runs/1017865690 > > Signed-off-by: Evgeny Vereshchagin <evvers@xxxxx> For both patches: Acked-by: Nicolas Iooss <nicolas.iooss@xxxxxxx> If nobody else has comments, I will apply them tomorrow. Thanks! Nicolas > --- > .github/workflows/cifuzz.yml | 39 ++++++++++++++++++++++++++++++++++++ > 1 file changed, 39 insertions(+) > create mode 100644 .github/workflows/cifuzz.yml > > diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml > new file mode 100644 > index 00000000..5c2233a2 > --- /dev/null > +++ b/.github/workflows/cifuzz.yml > @@ -0,0 +1,39 @@ > +--- > +name: CIFuzz > +on: > + push: > + branches: > + - master > + pull_request: > + branches: > + - master > +jobs: > + Fuzzing: > + runs-on: ubuntu-latest > + if: github.repository == 'SELinuxProject/selinux' > + strategy: > + fail-fast: false > + matrix: > + sanitizer: [address, undefined, memory] > + steps: > + - name: Build Fuzzers (${{ matrix.sanitizer }}) > + id: build > + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master > + with: > + oss-fuzz-project-name: 'selinux' > + dry-run: false > + allowed-broken-targets-percentage: 0 > + sanitizer: ${{ matrix.sanitizer }} > + - name: Run Fuzzers (${{ matrix.sanitizer }}) > + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master > + with: > + oss-fuzz-project-name: 'selinux' > + fuzz-seconds: 180 > + dry-run: false > + sanitizer: ${{ matrix.sanitizer }} > + - name: Upload Crash > + uses: actions/upload-artifact@v1 > + if: failure() && steps.build.outcome == 'success' > + with: > + name: ${{ matrix.sanitizer }}-artifacts > + path: ./out/artifacts > -- > 2.31.1 >
