-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
74 lines (70 loc) · 2.29 KB
/
Copy pathcflite_batch.yml
File metadata and controls
74 lines (70 loc) · 2.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# Copyright © Weblate contributors
#
# SPDX-License-Identifier: GPL-3.0-or-later
name: ClusterFuzzLite Batch Fuzzing
on:
workflow_dispatch:
schedule:
- cron: 0 2 * * *
permissions:
actions: read
contents: read
jobs:
batch-fuzzing:
permissions:
actions: read
contents: read
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
sanitizer:
- address
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Build Fuzzers (${{ matrix.sanitizer }})
id: build
uses: google/clusterfuzzlite/actions/build_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1
with:
language: python
sanitizer: ${{ matrix.sanitizer }}
- name: Run Fuzzers (${{ matrix.sanitizer }})
id: run
env:
CFLITE_MODE: batch
SENTRY_DSN: ${{ secrets.SENTRY_FUZZING_DSN }}
SENTRY_ENVIRONMENT: fuzzing-batch
uses: ./.github/actions/cflite-run-fuzzers
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
fuzz-seconds: 1800
mode: batch
sanitizer: ${{ matrix.sanitizer }}
parallel-fuzzing: true
output-sarif: true
- name: Show fuzz findings (${{ matrix.sanitizer }})
if: always() && steps.build.outcome == 'success'
run: >-
python3 -m fuzzing.findings_reporter
--mode batch
--sanitizer "${{ matrix.sanitizer }}"
--print-report
--github-step-summary
--no-sentry
- name: Report fuzz findings to Sentry (${{ matrix.sanitizer }})
if: always() && steps.build.outcome == 'success'
env:
CFLITE_MODE: batch
SANITIZER: ${{ matrix.sanitizer }}
SENTRY_DSN: ${{ secrets.SENTRY_FUZZING_DSN }}
SENTRY_ENVIRONMENT: fuzzing-batch
run: python3 -m fuzzing.findings_reporter --mode batch --sanitizer "${{ matrix.sanitizer }}"
- name: Upload crash summaries artifact (${{ matrix.sanitizer }})
if: always() && steps.build.outcome == 'success'
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: cflite-batch-crash-summaries-${{ matrix.sanitizer }}
path: out/artifacts/**/*.summary
if-no-files-found: ignore