-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add ClusterFuzzLite Github Actions files
Signed-off-by: bytemare <[email protected]>
- Loading branch information
Showing
4 changed files
with
155 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| name: ClusterFuzzLite batch fuzzing | ||
| on: | ||
| schedule: | ||
| - cron: '0 0/6 * * *' # Every 6th hour. Change this to whatever is suitable. | ||
| permissions: read-all | ||
| jobs: | ||
| BatchFuzzing: | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| sanitizer: [address, undefined, memory] # Override this with the sanitizers you want. | ||
| steps: | ||
| - name: Build Fuzzers (${{ matrix.sanitizer }}) | ||
| id: build | ||
| uses: google/clusterfuzzlite/actions/build_fuzzers@v1 | ||
| with: | ||
| language: go # Change this to the language you are fuzzing. | ||
| sanitizer: ${{ matrix.sanitizer }} | ||
| parallel-fuzzing: true | ||
| - name: Run Fuzzers (${{ matrix.sanitizer }}) | ||
| id: run | ||
| uses: google/clusterfuzzlite/actions/run_fuzzers@v1 | ||
| with: | ||
| github-token: ${{ secrets.GITHUB_TOKEN }} | ||
| fuzz-seconds: 3600 | ||
| mode: 'batch' | ||
| sanitizer: ${{ matrix.sanitizer }} | ||
| output-sarif: true | ||
| # Optional but recommended: For storing certain artifacts from fuzzing. | ||
| # See later section on "Git repo for storage". | ||
| storage-repo: https://${{ secrets.FUZZ_STORAGE_REPO_TOKEN }}@github.com/bytemare/fuzzing.git | ||
| storage-repo-branch: main # Optional. Defaults to "main" | ||
| storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". | ||
| parallel-fuzzing: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| name: ClusterFuzzLite continuous builds | ||
| on: | ||
| push: | ||
| branches: | ||
| - main # Use your actual default branch here. | ||
| permissions: read-all | ||
| jobs: | ||
| Build: | ||
| runs-on: ubuntu-latest | ||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} | ||
| cancel-in-progress: true | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| sanitizer: [address, undefined, memory] # Override this with the sanitizers you want. | ||
| steps: | ||
| - name: Build Fuzzers (${{ matrix.sanitizer }}) | ||
| id: build | ||
| uses: google/clusterfuzzlite/actions/build_fuzzers@v1 | ||
| with: | ||
| language: go # Change this to the language you are fuzzing. | ||
| sanitizer: ${{ matrix.sanitizer }} | ||
| upload-build: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| name: ClusterFuzzLite cron tasks | ||
| on: | ||
| schedule: | ||
| - cron: '0 0 * * *' # Once a day at midnight. | ||
| permissions: read-all | ||
| jobs: | ||
| Pruning: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Build Fuzzers | ||
| id: build | ||
| uses: google/clusterfuzzlite/actions/build_fuzzers@v1 | ||
| with: | ||
| language: go # Change this to the language you are fuzzing | ||
| - name: Run Fuzzers | ||
| id: run | ||
| uses: google/clusterfuzzlite/actions/run_fuzzers@v1 | ||
| with: | ||
| github-token: ${{ secrets.GITHUB_TOKEN }} | ||
| fuzz-seconds: 600 | ||
| mode: 'prune' | ||
| output-sarif: true | ||
| # Optional but recommended. | ||
| # See later section on "Git repo for storage". | ||
| storage-repo: https://${{ secrets.FUZZ_STORAGE_REPO_TOKEN }}@github.com/bytemare/fuzzing.git | ||
| storage-repo-branch: main # Optional. Defaults to "main" | ||
| storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". | ||
| Coverage: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Build Fuzzers | ||
| id: build | ||
| uses: google/clusterfuzzlite/actions/build_fuzzers@v1 | ||
| with: | ||
| language: go # Change this to the language you are fuzzing. | ||
| sanitizer: coverage | ||
| - name: Run Fuzzers | ||
| id: run | ||
| uses: google/clusterfuzzlite/actions/run_fuzzers@v1 | ||
| with: | ||
| github-token: ${{ secrets.GITHUB_TOKEN }} | ||
| fuzz-seconds: 600 | ||
| mode: 'coverage' | ||
| sanitizer: 'coverage' | ||
| # Optional but recommended. | ||
| # See later section on "Git repo for storage". | ||
| storage-repo: https://${{ secrets.FUZZ_STORAGE_REPO_TOKEN }}@github.com/bytemare/fuzzing.git | ||
| storage-repo-branch: main # Optional. Defaults to "main" | ||
| storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| name: ClusterFuzzLite PR fuzzing | ||
| on: | ||
| pull_request: | ||
| paths: | ||
| - '**' | ||
| permissions: read-all | ||
| jobs: | ||
| PR: | ||
| runs-on: ubuntu-latest | ||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} | ||
| cancel-in-progress: true | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| sanitizer: [address, undefined, memory] # Override this with the sanitizers you want. | ||
| steps: | ||
| - name: Build Fuzzers (${{ matrix.sanitizer }}) | ||
| id: build | ||
| uses: google/clusterfuzzlite/actions/build_fuzzers@v1 | ||
| with: | ||
| language: go # Change this to the language you are fuzzing. | ||
| github-token: ${{ secrets.GITHUB_TOKEN }} | ||
| sanitizer: ${{ matrix.sanitizer }} | ||
| # Optional but recommended: used to only run fuzzers that are affected | ||
| # by the PR. | ||
| # See later section on "Git repo for storage". | ||
| storage-repo: https://${{ secrets.FUZZ_STORAGE_REPO_TOKEN }}@github.com/bytemare/fuzzing.git | ||
| storage-repo-branch: main # Optional. Defaults to "main" | ||
| storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". | ||
| parallel-fuzzing: true | ||
| - name: Run Fuzzers (${{ matrix.sanitizer }}) | ||
| id: run | ||
| uses: google/clusterfuzzlite/actions/run_fuzzers@v1 | ||
| with: | ||
| github-token: ${{ secrets.GITHUB_TOKEN }} | ||
| fuzz-seconds: 600 | ||
| mode: 'code-change' | ||
| sanitizer: ${{ matrix.sanitizer }} | ||
| output-sarif: true | ||
| # Optional but recommended: used to download the corpus produced by | ||
| # batch fuzzing. | ||
| # See later section on "Git repo for storage". | ||
| storage-repo: https://${{ secrets.FUZZ_STORAGE_REPO_TOKEN }}@github.com/bytemare/fuzzing.git | ||
| storage-repo-branch: main # Optional. Defaults to "main" | ||
| storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". | ||
| parallel-fuzzing: true |