From: Evgeny Vereshchagin Date: Sat, 29 Jan 2022 15:22:43 +0000 (+0000) Subject: ci: use CFLite to test forks (including systemd-stable) X-Git-Tag: v251-rc1~426 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=81f84a2c0bb478ad4b25bca8a76fbd1f9aa5ce01;p=thirdparty%2Fsystemd.git ci: use CFLite to test forks (including systemd-stable) It's like CIFuzz but unlike CIFuzz it's compatible with forks and it should make it possible to run the fuzzers to make sure that patches backported to them are backported correctly without introducing new bugs and regressions. --- diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile new file mode 100644 index 00000000000..bdb0378ebc2 --- /dev/null +++ b/.clusterfuzzlite/Dockerfile @@ -0,0 +1,4 @@ +FROM gcr.io/oss-fuzz-base/base-builder@sha256:14b332de0e18683f37386eaedbf735bc6e8d81f9c0e1138d620f2178e20cd30a +COPY . $SRC/systemd +WORKDIR $SRC/systemd +COPY tools/oss-fuzz.sh $SRC/build.sh diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a23d6374c1f..c6d66e1031a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -12,3 +12,8 @@ updates: schedule: interval: "monthly" open-pull-requests-limit: 2 + - package-ecosystem: "docker" + directory: "/.clusterfuzzlite" + schedule: + interval: "monthly" + open-pull-requests-limit: 2 diff --git a/.github/workflows/cflite_build.yml b/.github/workflows/cflite_build.yml new file mode 100644 index 00000000000..cfb3721a0e2 --- /dev/null +++ b/.github/workflows/cflite_build.yml @@ -0,0 +1,31 @@ +--- +# vi: ts=2 sw=2 et: +# SPDX-License-Identifier: LGPL-2.1-or-later +# +name: ClusterFuzzLite continuous builds +on: + push: + branches: + - main + - v[0-9]+-stable + +permissions: read-all + +jobs: + Build: + runs-on: ubuntu-latest + if: github.repository != 'systemd/systemd' + concurrency: + group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} + cancel-in-progress: true + strategy: + fail-fast: false + matrix: + sanitizer: [address, undefined, memory] + steps: + - name: Build Fuzzers (${{ matrix.sanitizer }}) + id: build + uses: google/clusterfuzzlite/actions/build_fuzzers@41dccd0566905e2a7d1724e7883edbfa66d78877 + with: + sanitizer: ${{ matrix.sanitizer }} + upload-build: true diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml new file mode 100644 index 00000000000..3fe2bac6182 --- /dev/null +++ b/.github/workflows/cflite_pr.yml @@ -0,0 +1,39 @@ +--- +# vi: ts=2 sw=2 et: +# SPDX-License-Identifier: LGPL-2.1-or-later +# +name: ClusterFuzzLite PR fuzzing +on: + pull_request: + branches: + - main + - v[0-9]+-stable + +permissions: read-all + +jobs: + PR: + runs-on: ubuntu-latest + if: github.repository != 'systemd/systemd' || github.event.pull_request.user.login == 'dependabot[bot]' + concurrency: + group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} + cancel-in-progress: true + strategy: + fail-fast: false + matrix: + sanitizer: [address, undefined, memory] + steps: + - name: Build Fuzzers (${{ matrix.sanitizer }}) + id: build + uses: google/clusterfuzzlite/actions/build_fuzzers@41dccd0566905e2a7d1724e7883edbfa66d78877 + with: + sanitizer: ${{ matrix.sanitizer }} + github-token: ${{ secrets.GITHUB_TOKEN }} + - name: Run Fuzzers (${{ matrix.sanitizer }}) + id: run + uses: google/clusterfuzzlite/actions/run_fuzzers@41dccd0566905e2a7d1724e7883edbfa66d78877 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + fuzz-seconds: 1200 + mode: 'code-change' + sanitizer: ${{ matrix.sanitizer }} diff --git a/tools/oss-fuzz.sh b/tools/oss-fuzz.sh index 1d7412a81b7..f227eb0e85c 100755 --- a/tools/oss-fuzz.sh +++ b/tools/oss-fuzz.sh @@ -80,7 +80,7 @@ rm -rf "$hosts" # The seed corpus is a separate flat archive for each fuzzer, # with a fixed name ${fuzzer}_seed_corpus.zip. -for d in "$(dirname "$0")/../test/fuzz/fuzz-"*; do +for d in test/fuzz/fuzz-*; do zip -jqr "$OUT/$(basename "$d")_seed_corpus.zip" "$d" done