Skip to content

Commit f2161ec

Browse files
committed
Add cifuzz github workflow
1 parent a93905f commit f2161ec

File tree

1 file changed

+94
-0
lines changed

1 file changed

+94
-0
lines changed

.github/workflows/fuzzing.yaml

Lines changed: 94 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,94 @@
1+
name: Fuzzing with CI Fuzz
2+
3+
# Runs all fuzz tests in this repository with CI Fuzz.
4+
5+
# You need to set CIFUZZ_DOWNLOAD_TOKEN as a repository secret. Get the token
6+
# from https://downloads.code-intelligence.com/.
7+
8+
# Run workflow each time code is pushed to default branch of the repository,
9+
# for every pull request to the default branch and on a schedule. Allow to
10+
# run this workflow manually.
11+
# The scheduled workflow runs every day at 03:50 UTC.
12+
on:
13+
push:
14+
branches: [ $default-branch ]
15+
pull_request:
16+
branches: [ $default-branch ]
17+
schedule:
18+
- cron: '50 03 * * *'
19+
workflow_dispatch:
20+
21+
jobs:
22+
fuzz:
23+
runs-on: ubuntu-latest
24+
25+
permissions:
26+
# Please comment-out the ones you don't need and uncomment the ones you do need
27+
28+
# Required to upload Findings to GitHub code scanning
29+
security-events: write
30+
31+
# Required to commit Findings to repository
32+
# contents: write
33+
34+
steps:
35+
- name: Install dependecies
36+
run: |
37+
sudo apt update
38+
sudo apt install clang llvm lcov
39+
40+
- name: Checkout repository
41+
uses: "actions/checkout@v4"
42+
43+
- name: Install CI Fuzz
44+
uses: "CodeIntelligenceTesting/actions/install-cifuzz@v1"
45+
with:
46+
version: latest
47+
download-token: ${{ secrets.CIFUZZ_DOWNLOAD_TOKEN }}
48+
49+
50+
# Needs configuration of rclone
51+
# - name: Copy corpus from cloud storage
52+
# run: |
53+
# mkdir -p .cifuzz-corpus
54+
# rclone copy -v cloud-storage:corpora/PROJECT_NAME .cifuzz-corpus
55+
56+
- name: Run fuzzing
57+
uses: "CodeIntelligenceTesting/actions/run-fuzzing@v1"
58+
with:
59+
duration: 15s
60+
61+
# Needs configuration of rclone
62+
# - name: Copy corpus to cloud storage
63+
# run: |
64+
# rclone copy -v .cifuzz-corpus cloud-storage:corpora/PROJECT_NAME
65+
66+
- name: Upload code-scanning report
67+
uses: "CodeIntelligenceTesting/actions/upload-code-scanning-report@v1"
68+
69+
# Uncomment this step if you want to commit all Findings found when running this workflow:
70+
# - name: Commit Findings to repository
71+
# run: |
72+
# git config --global user.name 'GitHub Action'
73+
# git config --global user.email 'zgtm@users.noreply.github.com'
74+
# git add .cifuzz-findings
75+
# git commit -m "Automated commit of CI Fuzz Findings"
76+
# git push
77+
78+
- name: Upload coverage report
79+
uses: actions/upload-artifact@v4
80+
with:
81+
name: cifuzz-coverage
82+
path: coverage_report
83+
84+
- name: Upload lcov report
85+
uses: actions/upload-artifact@v4
86+
with:
87+
name: cifuzz-coverage-lcov
88+
path: lcov.info
89+
90+
- name: Upload Findings report
91+
uses: actions/upload-artifact@v4
92+
with:
93+
name: cifuzz-findings
94+
path: findings.txt

0 commit comments

Comments
 (0)