|
| 1 | +name: CI Fuzz |
| 2 | +# Set an action secret called "CI_FUZZ_API_TOKEN" with an API token |
| 3 | +# generated in CI Fuzz web interface. |
| 4 | + |
| 5 | +on: |
| 6 | + workflow_dispatch: |
| 7 | + push: |
| 8 | + branches: [ main ] |
| 9 | + pull_request: |
| 10 | + branches: [ main ] |
| 11 | + |
| 12 | +env: |
| 13 | + # CI Sense gRPC URL. |
| 14 | + FUZZING_SERVER_ADDRESS: grpc.code-intelligence.com:443 |
| 15 | + # CI Sense HTTP URL. |
| 16 | + WEB_APP_ADDRESS: https://app.code-intelligence.com |
| 17 | + # Directory in which the repository will be cloned. |
| 18 | + CHECKOUT_DIR: checkout-dir/ |
| 19 | + CIFUZZ_DOWNLOAD_URL: "https://github.com/CodeIntelligenceTesting/cifuzz/releases/latest/download/cifuzz_installer_linux_amd64" |
| 20 | + CIFUZZ_INSTALL_DIR: ./cifuzz |
| 21 | + FUZZING_ARTIFACT: fuzzing-artifact.tar.gz |
| 22 | +jobs: |
| 23 | + fuzz_tests: |
| 24 | + runs-on: ubuntu-latest |
| 25 | + container: cifuzz/builder-zint:llvm-13 |
| 26 | + steps: |
| 27 | + - id: checkout |
| 28 | + name: Checkout Repository |
| 29 | + uses: actions/checkout@v2 |
| 30 | + with: |
| 31 | + path: ${{ env.CHECKOUT_DIR }} |
| 32 | + - id: install-cifuzz |
| 33 | + name: Install cifuzz |
| 34 | + run: | |
| 35 | + curl --fail --silent --show-error --location -o cifuzz_installer "$CIFUZZ_DOWNLOAD_URL" |
| 36 | + chmod u+x cifuzz_installer |
| 37 | + ./cifuzz_installer --install-dir $CIFUZZ_INSTALL_DIR |
| 38 | + - id: build-fuzzers |
| 39 | + name: Build Fuzzers |
| 40 | + run: | |
| 41 | + export cifuzz_DIR="$GITHUB_WORKSPACE/$CIFUZZ_INSTALL_DIR/share/cmake" |
| 42 | + cd $CHECKOUT_DIR/ |
| 43 | + $GITHUB_WORKSPACE/$CIFUZZ_INSTALL_DIR/bin/cifuzz bundle \ |
| 44 | + --commit $GITHUB_SHA \ |
| 45 | + --branch $GITHUB_REF_NAME \ |
| 46 | + --output $GITHUB_WORKSPACE/$CHECKOUT_DIR/$FUZZING_ARTIFACT |
| 47 | + shell: "bash" |
| 48 | + - id: start-fuzzing |
| 49 | + name: Start Fuzzing |
| 50 | + uses: CodeIntelligenceTesting/github-actions/start-fuzzing@v5 |
| 51 | + with: |
| 52 | + ci_fuzz_api_token: ${{ secrets.CI_FUZZ_API_TOKEN }} |
| 53 | + fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }} |
| 54 | + fuzzing_artifact: ${{ env.CHECKOUT_DIR }}/${{ env.FUZZING_ARTIFACT }} |
| 55 | + checkout_directory: ${{ env.CHECKOUT_DIR }} |
| 56 | + project: "projects/prj-ho58fmjYVGuQ" |
| 57 | + - id: monitor-fuzzing |
| 58 | + name: Fuzzing |
| 59 | + uses: CodeIntelligenceTesting/github-actions/monitor-fuzzing@v5 |
| 60 | + with: |
| 61 | + ci_fuzz_api_token: ${{ secrets.CI_FUZZ_API_TOKEN }} |
| 62 | + test_collection_run: ${{ steps.start-fuzzing.outputs.test_collection_run }} |
| 63 | + fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }} |
| 64 | + dashboard_address: ${{ env.WEB_APP_ADDRESS }} |
| 65 | + - id: save-results |
| 66 | + name: Save Fuzz Test Results |
| 67 | + uses: CodeIntelligenceTesting/github-actions/save-results@v5 |
| 68 | + if: ${{ success() || failure() }} |
| 69 | + with: |
| 70 | + ci_fuzz_api_token: ${{ secrets.CI_FUZZ_API_TOKEN }} |
| 71 | + test_collection_run: ${{ steps.start-fuzzing.outputs.test_collection_run }} |
| 72 | + fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }} |
| 73 | + dashboard_address: ${{ env.WEB_APP_ADDRESS }} |
| 74 | + - id: upload-artifact |
| 75 | + uses: actions/upload-artifact@v2 |
| 76 | + if: ${{ (success() || failure()) }} |
| 77 | + with: |
| 78 | + name: ci_fuzz_results |
| 79 | + path: | |
| 80 | + findings.json |
| 81 | + coverage.json |
| 82 | + web_app_address.txt |
0 commit comments