Re: [PATCH 1/2] ci: turn on CIFuzz

Nicolas Iooss <nicolas.iooss@xxxxxxx> · Tue, 13 Jul 2021 21:57:57 +0200

On Mon, Jul 12, 2021 at 9:31 AM Nicolas Iooss <nicolas.iooss@xxxxxxx> wrote:
>
> On Sat, Jul 10, 2021 at 2:11 PM Evgeny Vereshchagin <evvers@xxxxx> wrote:
> >
> > Now that almost all the bugs reported by OSS-Fuzz have been
> > fixed libsepol/cil should be stable enough to get CIFuzz working
> > more or less reliably. It should help to catch regressions/new bugs
> > faster.
> >
> > https://google.github.io/oss-fuzz/getting-started/continuous-integration/
> >
> > The patch was tested on GitHub in https://github.com/SELinuxProject/selinux/pull/285
> > The CIFuzz job can be found at https://github.com/SELinuxProject/selinux/actions/runs/1017865690
> >
> > Signed-off-by: Evgeny Vereshchagin <evvers@xxxxx>
>
> For both patches:
>
> Acked-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
>
> If nobody else has comments, I will apply them tomorrow.
> Thanks!
> Nicolas

Merged.
Thanks!
Nicolas

> > ---
> >  .github/workflows/cifuzz.yml | 39 ++++++++++++++++++++++++++++++++++++
> >  1 file changed, 39 insertions(+)
> >  create mode 100644 .github/workflows/cifuzz.yml
> >
> > diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
> > new file mode 100644
> > index 00000000..5c2233a2
> > --- /dev/null
> > +++ b/.github/workflows/cifuzz.yml
> > @@ -0,0 +1,39 @@
> > +---
> > +name: CIFuzz
> > +on:
> > +  push:
> > +    branches:
> > +      - master
> > +  pull_request:
> > +    branches:
> > +      - master
> > +jobs:
> > +  Fuzzing:
> > +    runs-on: ubuntu-latest
> > +    if: github.repository == 'SELinuxProject/selinux'
> > +    strategy:
> > +      fail-fast: false
> > +      matrix:
> > +        sanitizer: [address, undefined, memory]
> > +    steps:
> > +      - name: Build Fuzzers (${{ matrix.sanitizer }})
> > +        id: build
> > +        uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
> > +        with:
> > +          oss-fuzz-project-name: 'selinux'
> > +          dry-run: false
> > +          allowed-broken-targets-percentage: 0
> > +          sanitizer: ${{ matrix.sanitizer }}
> > +      - name: Run Fuzzers (${{ matrix.sanitizer }})
> > +        uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
> > +        with:
> > +          oss-fuzz-project-name: 'selinux'
> > +          fuzz-seconds: 180
> > +          dry-run: false
> > +          sanitizer: ${{ matrix.sanitizer }}
> > +      - name: Upload Crash
> > +        uses: actions/upload-artifact@v1
> > +        if: failure() && steps.build.outcome == 'success'
> > +        with:
> > +          name: ${{ matrix.sanitizer }}-artifacts
> > +          path: ./out/artifacts
> > --
> > 2.31.1
> >