Skip to content

gh-107652: Set up CIFuzz to run fuzz targets continuously #107653

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Oct 9, 2023
Merged

gh-107652: Set up CIFuzz to run fuzz targets continuously #107653

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
f2c1668
Set up CIFuzz to run fuzz targets continuously
illia-v Aug 5, 2023
58d0e57
Change names of job steps
illia-v Aug 5, 2023
ccae802
Change the condition for running CIFuzz
illia-v Aug 6, 2023
6aedeb8
Mention CIFuzz in README for fuzz tests
illia-v Aug 6, 2023
65f2ba3
Merge branch 'main' into cifuzz
illia-v Aug 25, 2023
6754686
Merge branch 'main' into cifuzz
illia-v Oct 4, 2023
582a598
Merge branch 'main' into cifuzz
illia-v Oct 9, 2023
c5cec4a
Add `cifuzz` to `allowed-failures` and `allowed-skips`
illia-v Oct 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 45 additions & 0 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -520,6 +520,50 @@ jobs:
- name: Tests
run: xvfb-run make buildbottest TESTOPTS="-j4 -uall,-cpu"

# CIFuzz job based on https://google.github.io/oss-fuzz/getting-started/continuous-integration/
cifuzz:
name: CIFuzz
runs-on: ubuntu-latest
timeout-minutes: 60
needs: check_source
# oss-fuzz maintains a configuration for fuzzing the main branch of
# CPython, so the tests should be run only for code that has been or is
# likely to be merged into the main branch.
# Compatibility with older branches may be broken.
if: (github.ref_name == 'main' || github.base_ref == 'main') && needs.check_source.outputs.run_tests == 'true'
permissions:
security-events: write
strategy:
fail-fast: false
matrix:
sanitizer: [address, undefined, memory]
steps:
- name: Build Fuzzers (${{ matrix.sanitizer }})
id: build
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
with:
oss-fuzz-project-name: cpython3
sanitizer: ${{ matrix.sanitizer }}
- name: Run Fuzzers (${{ matrix.sanitizer }})
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
with:
fuzz-seconds: 600
oss-fuzz-project-name: cpython3
output-sarif: true
sanitizer: ${{ matrix.sanitizer }}
- name: Upload Crash
uses: actions/upload-artifact@v3
if: failure() && steps.build.outcome == 'success'
with:
name: ${{ matrix.sanitizer }}-artifacts
path: ./out/artifacts
- name: Upload SARIF
if: always() && steps.build.outcome == 'success'
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: cifuzz-sarif/results.sarif
checkout_path: cifuzz-sarif

all-required-green: # This job does nothing and is only used for the branch protection
name: All required checks pass
if: always()
Expand All @@ -535,6 +579,7 @@ jobs:
- build_ubuntu_ssltests
- test_hypothesis
- build_asan
- cifuzz

runs-on: ubuntu-latest

Expand Down
2 changes: 2 additions & 0 deletions Misc/NEWS.d/next/Tests/2023-08-05-14-01-07.gh-issue-107652.5OxOlT.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Set up CIFuzz to run fuzz targets in GitHub Actions. Patch by Illia
Volochii.