| Message ID | 20210710120302.74862-1-evvers@ya.ru (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/2] ci: turn on CIFuzz | expand |
On Sat, Jul 10, 2021 at 2:11 PM Evgeny Vereshchagin <evvers@ya.ru> wrote: > > Now that almost all the bugs reported by OSS-Fuzz have been > fixed libsepol/cil should be stable enough to get CIFuzz working > more or less reliably. It should help to catch regressions/new bugs > faster. > > https://google.github.io/oss-fuzz/getting-started/continuous-integration/ > > The patch was tested on GitHub in https://github.com/SELinuxProject/selinux/pull/285 > The CIFuzz job can be found at https://github.com/SELinuxProject/selinux/actions/runs/1017865690 > > Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru> For both patches: Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org> If nobody else has comments, I will apply them tomorrow. Thanks! Nicolas > --- > .github/workflows/cifuzz.yml | 39 ++++++++++++++++++++++++++++++++++++ > 1 file changed, 39 insertions(+) > create mode 100644 .github/workflows/cifuzz.yml > > diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml > new file mode 100644 > index 00000000..5c2233a2 > --- /dev/null > +++ b/.github/workflows/cifuzz.yml > @@ -0,0 +1,39 @@ > +--- > +name: CIFuzz > +on: > + push: > + branches: > + - master > + pull_request: > + branches: > + - master > +jobs: > + Fuzzing: > + runs-on: ubuntu-latest > + if: github.repository == 'SELinuxProject/selinux' > + strategy: > + fail-fast: false > + matrix: > + sanitizer: [address, undefined, memory] > + steps: > + - name: Build Fuzzers (${{ matrix.sanitizer }}) > + id: build > + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master > + with: > + oss-fuzz-project-name: 'selinux' > + dry-run: false > + allowed-broken-targets-percentage: 0 > + sanitizer: ${{ matrix.sanitizer }} > + - name: Run Fuzzers (${{ matrix.sanitizer }}) > + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master > + with: > + oss-fuzz-project-name: 'selinux' > + fuzz-seconds: 180 > + dry-run: false > + sanitizer: ${{ matrix.sanitizer }} > + - name: Upload Crash > + uses: actions/upload-artifact@v1 > + if: failure() && steps.build.outcome == 'success' > + with: > + name: ${{ matrix.sanitizer }}-artifacts > + path: ./out/artifacts > -- > 2.31.1 >
On Mon, Jul 12, 2021 at 9:31 AM Nicolas Iooss <nicolas.iooss@m4x.org> wrote: > > On Sat, Jul 10, 2021 at 2:11 PM Evgeny Vereshchagin <evvers@ya.ru> wrote: > > > > Now that almost all the bugs reported by OSS-Fuzz have been > > fixed libsepol/cil should be stable enough to get CIFuzz working > > more or less reliably. It should help to catch regressions/new bugs > > faster. > > > > https://google.github.io/oss-fuzz/getting-started/continuous-integration/ > > > > The patch was tested on GitHub in https://github.com/SELinuxProject/selinux/pull/285 > > The CIFuzz job can be found at https://github.com/SELinuxProject/selinux/actions/runs/1017865690 > > > > Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru> > > For both patches: > > Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org> > > If nobody else has comments, I will apply them tomorrow. > Thanks! > Nicolas Merged. Thanks! Nicolas > > --- > > .github/workflows/cifuzz.yml | 39 ++++++++++++++++++++++++++++++++++++ > > 1 file changed, 39 insertions(+) > > create mode 100644 .github/workflows/cifuzz.yml > > > > diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml > > new file mode 100644 > > index 00000000..5c2233a2 > > --- /dev/null > > +++ b/.github/workflows/cifuzz.yml > > @@ -0,0 +1,39 @@ > > +--- > > +name: CIFuzz > > +on: > > + push: > > + branches: > > + - master > > + pull_request: > > + branches: > > + - master > > +jobs: > > + Fuzzing: > > + runs-on: ubuntu-latest > > + if: github.repository == 'SELinuxProject/selinux' > > + strategy: > > + fail-fast: false > > + matrix: > > + sanitizer: [address, undefined, memory] > > + steps: > > + - name: Build Fuzzers (${{ matrix.sanitizer }}) > > + id: build > > + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master > > + with: > > + oss-fuzz-project-name: 'selinux' > > + dry-run: false > > + allowed-broken-targets-percentage: 0 > > + sanitizer: ${{ matrix.sanitizer }} > > + - name: Run Fuzzers (${{ matrix.sanitizer }}) > > + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master > > + with: > > + oss-fuzz-project-name: 'selinux' > > + fuzz-seconds: 180 > > + dry-run: false > > + sanitizer: ${{ matrix.sanitizer }} > > + - name: Upload Crash > > + uses: actions/upload-artifact@v1 > > + if: failure() && steps.build.outcome == 'success' > > + with: > > + name: ${{ matrix.sanitizer }}-artifacts > > + path: ./out/artifacts > > -- > > 2.31.1 > >
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml new file mode 100644 index 00000000..5c2233a2 --- /dev/null +++ b/.github/workflows/cifuzz.yml @@ -0,0 +1,39 @@ +--- +name: CIFuzz +on: + push: + branches: + - master + pull_request: + branches: + - master +jobs: + Fuzzing: + runs-on: ubuntu-latest + if: github.repository == 'SELinuxProject/selinux' + strategy: + fail-fast: false + matrix: + sanitizer: [address, undefined, memory] + steps: + - name: Build Fuzzers (${{ matrix.sanitizer }}) + id: build + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'selinux' + dry-run: false + allowed-broken-targets-percentage: 0 + sanitizer: ${{ matrix.sanitizer }} + - name: Run Fuzzers (${{ matrix.sanitizer }}) + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'selinux' + fuzz-seconds: 180 + dry-run: false + sanitizer: ${{ matrix.sanitizer }} + - name: Upload Crash + uses: actions/upload-artifact@v1 + if: failure() && steps.build.outcome == 'success' + with: + name: ${{ matrix.sanitizer }}-artifacts + path: ./out/artifacts
Now that almost all the bugs reported by OSS-Fuzz have been fixed libsepol/cil should be stable enough to get CIFuzz working more or less reliably. It should help to catch regressions/new bugs faster. https://google.github.io/oss-fuzz/getting-started/continuous-integration/ The patch was tested on GitHub in https://github.com/SELinuxProject/selinux/pull/285 The CIFuzz job can be found at https://github.com/SELinuxProject/selinux/actions/runs/1017865690 Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru> --- .github/workflows/cifuzz.yml | 39 ++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/cifuzz.yml