Skip to content

Commit 177fd56

Browse files
committed
Set up continuous fuzzing with CI Sense
1 parent 40c1dde commit 177fd56

File tree

1 file changed

+82
-0
lines changed

1 file changed

+82
-0
lines changed

.github/workflows/main.yaml

Lines changed: 82 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,82 @@
1+
name: CI Fuzz
2+
# Set an action secret called "CI_FUZZ_API_TOKEN" with an API token
3+
# generated in CI Fuzz web interface.
4+
5+
on:
6+
workflow_dispatch:
7+
push:
8+
branches: [ main ]
9+
pull_request:
10+
branches: [ main ]
11+
12+
env:
13+
# CI Sense gRPC URL.
14+
FUZZING_SERVER_ADDRESS: grpc.code-intelligence.com:443
15+
# CI Sense HTTP URL.
16+
WEB_APP_ADDRESS: https://app.code-intelligence.com
17+
# Directory in which the repository will be cloned.
18+
CHECKOUT_DIR: checkout-dir/
19+
CIFUZZ_DOWNLOAD_URL: "https://github.com/CodeIntelligenceTesting/cifuzz/releases/latest/download/cifuzz_installer_linux_amd64"
20+
CIFUZZ_INSTALL_DIR: ./cifuzz
21+
FUZZING_ARTIFACT: fuzzing-artifact.tar.gz
22+
jobs:
23+
fuzz_tests:
24+
runs-on: ubuntu-latest
25+
container: cifuzz/builder-zint:llvm-13
26+
steps:
27+
- id: checkout
28+
name: Checkout Repository
29+
uses: actions/checkout@v2
30+
with:
31+
path: ${{ env.CHECKOUT_DIR }}
32+
- id: install-cifuzz
33+
name: Install cifuzz
34+
run: |
35+
curl --fail --silent --show-error --location -o cifuzz_installer "$CIFUZZ_DOWNLOAD_URL"
36+
chmod u+x cifuzz_installer
37+
./cifuzz_installer --install-dir $CIFUZZ_INSTALL_DIR
38+
- id: build-fuzzers
39+
name: Build Fuzzers
40+
run: |
41+
export cifuzz_DIR="$GITHUB_WORKSPACE/$CIFUZZ_INSTALL_DIR/share/cmake"
42+
cd $CHECKOUT_DIR/
43+
$GITHUB_WORKSPACE/$CIFUZZ_INSTALL_DIR/bin/cifuzz bundle \
44+
--commit $GITHUB_SHA \
45+
--branch $GITHUB_REF_NAME \
46+
--output $GITHUB_WORKSPACE/$CHECKOUT_DIR/$FUZZING_ARTIFACT
47+
shell: "bash"
48+
- id: start-fuzzing
49+
name: Start Fuzzing
50+
uses: CodeIntelligenceTesting/github-actions/start-fuzzing@v5
51+
with:
52+
ci_fuzz_api_token: ${{ secrets.CI_FUZZ_API_TOKEN }}
53+
fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }}
54+
fuzzing_artifact: ${{ env.CHECKOUT_DIR }}/${{ env.FUZZING_ARTIFACT }}
55+
checkout_directory: ${{ env.CHECKOUT_DIR }}
56+
project: "projects/prj-ho58fmjYVGuQ"
57+
- id: monitor-fuzzing
58+
name: Fuzzing
59+
uses: CodeIntelligenceTesting/github-actions/monitor-fuzzing@v5
60+
with:
61+
ci_fuzz_api_token: ${{ secrets.CI_FUZZ_API_TOKEN }}
62+
test_collection_run: ${{ steps.start-fuzzing.outputs.test_collection_run }}
63+
fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }}
64+
dashboard_address: ${{ env.WEB_APP_ADDRESS }}
65+
- id: save-results
66+
name: Save Fuzz Test Results
67+
uses: CodeIntelligenceTesting/github-actions/save-results@v5
68+
if: ${{ success() || failure() }}
69+
with:
70+
ci_fuzz_api_token: ${{ secrets.CI_FUZZ_API_TOKEN }}
71+
test_collection_run: ${{ steps.start-fuzzing.outputs.test_collection_run }}
72+
fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }}
73+
dashboard_address: ${{ env.WEB_APP_ADDRESS }}
74+
- id: upload-artifact
75+
uses: actions/upload-artifact@v2
76+
if: ${{ (success() || failure()) }}
77+
with:
78+
name: ci_fuzz_results
79+
path: |
80+
findings.json
81+
coverage.json
82+
web_app_address.txt

0 commit comments

Comments
 (0)