From: Terry Burton <tez@terryburton.co.uk>
Date: Fri, 12 Nov 2021 23:19:34 +0000 (+0000)
Subject: Scheduled fuzzing: Merge and push pack the corpus (#4313)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4512200851b4d0d7131ff7314259f8d9394764db;p=thirdparty%2Ffreeradius-server.git

Scheduled fuzzing: Merge and push pack the corpus (#4313)
---

diff --git a/.github/workflows/ci-scheduled-fuzzing.yml b/.github/workflows/ci-scheduled-fuzzing.yml
index 5e8717517d..8eb83fadfb 100644
--- a/.github/workflows/ci-scheduled-fuzzing.yml
+++ b/.github/workflows/ci-scheduled-fuzzing.yml
@@ -144,7 +144,9 @@ jobs:
         path: .git/lfs
         key: ${{ runner.os }}-lfs-${{ hashFiles('.lfs-assets-id') }}-v1
 
-    # Now the LFS pull will be local if we hit the cache, or remote otherwise
+    #
+    #  Now the LFS pull will be local if we hit the cache, or remote otherwise
+    #
     - name: Git LFS pull
       run: git lfs pull
 
@@ -183,11 +185,13 @@ jobs:
         pcre-config --libs-posix --version 2>/dev/null || :
         pcre2-config --libs-posix --version 2>/dev/null || :
 
-    # We walk up the tree if necessary to find a commit that builds so that we
-    # will fuzz something
     #
-    # When we find a working commit we run the unit tests to create seed data
-    # from the latest versions of the unit tests.
+    #  We walk up the tree if necessary to find a commit that builds so that we
+    #  will fuzz something
+    #
+    #  When we find a working commit we run the unit tests to create seed data
+    #  from the latest versions of the unit tests.
+    #
     - name: Find a commit that builds
       id: pick_commit
       run: |
@@ -230,3 +234,25 @@ jobs:
         path: build/fuzzer
         retention-days: 30
       if: ${{ failure() }}
+
+    #
+    #  Merge and push back the corpus
+    #
+    #  We can push the LFS file directly, but we must use the GitHub API to
+    #  create the actual commit due to the "signed-commits" branch protection
+    #  rule for the master branch.
+    #
+    - name: Push back the merged corpus
+      run: |
+        make test.fuzzer.$PROTOCOL.merge
+        export FILE=src/tests/fuzzer-corpus/$PROTOCOL.tar
+        if ! git diff --exit-code "$FILE"; then
+          pip install PyGithub
+          git add "$FILE"
+          OID="$(git lfs ls-files -l -I "$FILE" | cut -f1 -d ' ')"
+          git lfs push --object-id origin "$OID"
+          export CONTENTS="$(git show ":$FILE")"
+          python3 scripts/ci/commit_lfs_file_update.py
+        fi
+      env:
+        GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/scripts/ci/commit_lfs_file_update.py b/scripts/ci/commit_lfs_file_update.py
new file mode 100644
index 0000000000..4a088df1d5
--- /dev/null
+++ b/scripts/ci/commit_lfs_file_update.py
@@ -0,0 +1,24 @@
+#
+#  Called from the ci-scheduled-fuzzing.yml workflow to push back the merged
+#  fuzzer corpus
+#
+
+import os
+
+from github import Github
+
+repo_env = os.environ["GITHUB_REPOSITORY"]
+branch_env = os.environ["GITHUB_REF"]
+token_env = os.environ["GITHUB_TOKEN"]
+
+filename = os.environ["FILE"]
+contents = os.environ["CONTENTS"]
+
+print("About to commit update of " + filename + " to " + repo_env + ":" + branch_env)
+
+gh = Github(token_env)
+repo = gh.get_repo(repo_env)
+fc = repo.get_contents(filename, branch_env)
+repo.update_file(fc.path, "Scheduled fuzzing: Update " + fc.path, contents, fc.sha, branch=branch_env)
+
+print("Committed")