-
Notifications
You must be signed in to change notification settings - Fork 142
102 lines (98 loc) · 4.1 KB
/
fuzzing.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
name: CI Fuzz
# Set an action secret called "CI_FUZZ_API_TOKEN" with an API token
# generated in CI Fuzz web interface.
on:
workflow_dispatch:
push:
branches: [ main ]
pull_request:
branches: [ main ]
env:
PROJECT_NAME: projects/Jazzer-39e8ed3a
# The fuzzing server gRPC URL.
FUZZING_SERVER_ADDRESS: grpc.code-intelligence.com:443
# The fuzzing server HTTP URL.
WEB_APP_ADDRESS: https://app.code-intelligence.com
# Directory in which the repository will be cloned.
CHECKOUT_DIR: checkout-dir/
CIFUZZ_DOWNLOAD_URL: "https://github.com/CodeIntelligenceTesting/cifuzz/releases/latest/download/cifuzz_installer_linux_amd64"
CIFUZZ_INSTALL_DIR: ./cifuzz
FUZZING_ARTIFACT: fuzzing-artifact.tar.gz
jobs:
setup:
runs-on: ubuntu-latest
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets
env:
ci_fuzz_token: ${{ secrets.CI_FUZZ_API_TOKEN }}
steps:
- id: checkout
name: Checkout Repository
uses: actions/checkout@v3
with:
path: ${{ env.CHECKOUT_DIR }}
- id: install-cifuzz
name: Install cifuzz
run: |
curl --fail --silent --show-error --location -o cifuzz_installer "$CIFUZZ_DOWNLOAD_URL"
chmod u+x cifuzz_installer
./cifuzz_installer --install-dir $CIFUZZ_INSTALL_DIR
- name: Mount Bazel disk cache
uses: actions/cache@v3
with:
path: "/home/runner/.cache/bazel-disk"
key: bazel-disk-cache-linux-8
- name: Set Build Buddy config
run: $CHECKOUT_DIR/.github/scripts/echoBuildBuddyConfig.sh ${{ secrets.BUILDBUDDY_API_KEY }} >> $GITHUB_ENV
shell: bash
- id: build-jazzer
name: Build Jazzer deps
run: cd $CHECKOUT_DIR && bazel build //deploy:jazzer-junit-project //deploy:jazzer-project //deploy:jazzer-api-project //selffuzz:jazzer_selffuzz //selffuzz:jazzer_api_selffuzz
- id: build-fuzzers
name: Build Fuzzers
run: |
export cifuzz_DIR="$GITHUB_WORKSPACE/$CIFUZZ_INSTALL_DIR/share/cmake"
cd $CHECKOUT_DIR/selffuzz/
$GITHUB_WORKSPACE/$CIFUZZ_INSTALL_DIR/bin/cifuzz bundle \
--commit $GITHUB_SHA \
--branch $GITHUB_REF_NAME \
--output $GITHUB_WORKSPACE/$CHECKOUT_DIR/$FUZZING_ARTIFACT
shell: "bash"
- id: start-fuzzing
name: Start Fuzzing
uses: CodeIntelligenceTesting/github-actions/start-fuzzing@v5
if: ${{ env.ci_fuzz_token != '' }}
with:
ci_fuzz_api_token: ${{ secrets.CI_FUZZ_API_TOKEN }}
fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }}
fuzzing_artifact: ${{ env.CHECKOUT_DIR }}/${{ env.FUZZING_ARTIFACT }}
checkout_directory: ${{ env.CHECKOUT_DIR }}/selffuzz
project: ${{ env.PROJECT_NAME }}
- id: monitor-fuzzing
name: Fuzzing
uses: CodeIntelligenceTesting/github-actions/monitor-fuzzing@v5
if: ${{ env.ci_fuzz_token != '' }}
with:
ci_fuzz_api_token: ${{ secrets.CI_FUZZ_API_TOKEN }}
test_collection_run: ${{ steps.start-fuzzing.outputs.test_collection_run }}
fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }}
dashboard_address: ${{ env.WEB_APP_ADDRESS }}
project: ${{ env.PROJECT_NAME }}
- id: save-results
name: Save Fuzz Test Results
uses: CodeIntelligenceTesting/github-actions/save-results@v5
if: ${{ env.ci_fuzz_token != '' && (success() || failure()) }}
with:
ci_fuzz_api_token: ${{ secrets.CI_FUZZ_API_TOKEN }}
test_collection_run: ${{ steps.start-fuzzing.outputs.test_collection_run }}
fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }}
dashboard_address: ${{ env.WEB_APP_ADDRESS }}
project_name: ${{ env.PROJECT_NAME }}
- id: upload-artifact
uses: actions/upload-artifact@v3
if: ${{ env.ci_fuzz_token != '' && (success() || failure()) }}
with:
name: ci_fuzz_results
path: |
findings.json
coverage.json
web_app_address.txt