Skip to content
Fuzz

Fuzz #232

Sign in to view logs

Fuzz

Fuzz #232

Workflow file for this run

.github/workflows/fuzz.yml at 00de216
name: Fuzz
on:
workflow_dispatch:
schedule:
- cron: '12 3 * * 0,1,6' # At 03:12 AM UTC on Sunday, Monday, and Saturday.
env:
CARGO_INCREMENTAL: 0
CARGO_NET_RETRY: 10
RUSTUP_MAX_RETRIES: 10
RUST_BACKTRACE: short
CARGO_REGISTRIES_CRATES_IO_PROTOCOL: sparse
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 1
jobs:
corpus-download:
name: Download corpus
runs-on: ubuntu-20.04
env:
AZURE_STORAGE_KEY: ${{ secrets.CORPUS_AZURE_STORAGE_KEY }}
steps:
- uses: actions/checkout@v4
- name: Download fuzzing corpus
run: cargo xtask fuzz corpus-fetch -v
- name: Save corpus
uses: actions/cache/save@v4
with:
path: |
./fuzz/corpus
./fuzz/artifacts
key: fuzz-corpus-${{ github.run_id }}
fuzz:
name: Fuzzing ${{ matrix.target }}
runs-on: ubuntu-20.04
needs: corpus-download
strategy:
fail-fast: false
matrix:
target: [ pdu_decoding, rle_decompression, bitmap_stream, cliprdr_format, channel_processing ]
steps:
- uses: actions/checkout@v4
- name: Download corpus
uses: actions/cache/restore@v4
with:
fail-on-cache-miss: true
path: |
./fuzz/corpus
./fuzz/artifacts
key: fuzz-corpus-${{ github.run_id }}
- name: Print corpus
run: |
tree ./fuzz/corpus
tree ./fuzz/artifacts
- name: Rust cache
uses: Swatinem/[email protected]
with:
workspaces: fuzz -> target
- name: Binary cache
uses: actions/cache@v4
with:
path: ./.cargo/local_root/bin
key: ${{ runner.os }}-bin-${{ github.job }}-${{ hashFiles('xtask/src/bin_version.rs') }}
- name: Prepare runner
run: cargo xtask fuzz install -v
- name: Fuzz
run: cargo xtask fuzz run --duration 1000 --target ${{ matrix.target }} -v
- name: Minify fuzzing corpus
if: ${{ always() && !cancelled() }}
run: cargo xtask fuzz corpus-min --target ${{ matrix.target }} -v
# Use GitHub artifacts instead of cache for the updated corpus
# because same cache can’t be used by multiple jobs at the same time.
# Also, we can’t dynamically create a unique cache keys for all
# the targets, because then we can’t easily retrieve this cache
# without hardcoding a step for each one. It’s not good for maintenance.
- name: Prepare minified corpus upload
# We want to upload artifacts even if fuzzing "fails" (so we can retrieve the artifact causing the crash)
if: ${{ always() && !cancelled() }}
run: |
mkdir ${{ runner.temp }}/corpus/
cp -r ./fuzz/corpus/${{ matrix.target }} ${{ runner.temp }}/corpus
mkdir ${{ runner.temp }}/artifacts/
cp -r ./fuzz/artifacts/${{ matrix.target }} ${{ runner.temp }}/artifacts
- name: Upload minified corpus
if: ${{ always() && !cancelled() }}
uses: actions/upload-artifact@v4
with:
retention-days: 7
name: minified-corpus-${{ matrix.target }}
path: |
${{ runner.temp }}/corpus
${{ runner.temp }}/artifacts
corpus-merge:
name: Corpus merge artifacts
runs-on: ubuntu-latest
needs: fuzz
if: ${{ always() && !cancelled() }}
steps:
- name: Merge Artifacts
uses: actions/upload-artifact/merge@v4
with:
name: minified-corpus
pattern: minified-corpus-*
delete-merged: true
corpus-upload:
name: Upload corpus
runs-on: ubuntu-20.04
needs: corpus-merge
if: ${{ always() && !cancelled() }}
env:
AZURE_STORAGE_KEY: ${{ secrets.CORPUS_AZURE_STORAGE_KEY }}
steps:
- uses: actions/checkout@v4
- name: Download updated corpus
uses: actions/download-artifact@v4
with:
name: minified-corpus
path: ./fuzz/
- name: Print corpus
run: |
tree ./fuzz/corpus
tree ./fuzz/artifacts
- name: Upload fuzzing corpus
run: cargo xtask fuzz corpus-push -v
- name: Clean corpus cache
run: |
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ github.token }}"\
-H "X-GitHub-Api-Version: 2022-11-28" \
"${GITHUB_API_URL}/repos/${GITHUB_REPOSITORY}/actions/caches?key=fuzz-corpus-${{ github.run_id }}"