diff options
| -rw-r--r-- | infra/cifuzz/actions/build_fuzzers/action.yml | 3 | ||||
| -rw-r--r-- | infra/cifuzz/actions/run_fuzzers/action.yml | 3 | ||||
| -rw-r--r-- | infra/cifuzz/external-actions/build_fuzzers/action.yml | 40 | ||||
| -rw-r--r-- | infra/cifuzz/external-actions/run_fuzzers/action.yml | 50 |
4 files changed, 90 insertions, 6 deletions
diff --git a/infra/cifuzz/actions/build_fuzzers/action.yml b/infra/cifuzz/actions/build_fuzzers/action.yml index 835b7b430..962cc04db 100644 --- a/infra/cifuzz/actions/build_fuzzers/action.yml +++ b/infra/cifuzz/actions/build_fuzzers/action.yml @@ -21,9 +21,6 @@ inputs: project-src-path: description: "The path to the project's source code checkout." required: false - build-integration-path: - description: "The path to the the project's build integration." - required: false bad-build-check: description: "Whether or not OSS-Fuzz's check for bad builds should be done." required: false diff --git a/infra/cifuzz/actions/run_fuzzers/action.yml b/infra/cifuzz/actions/run_fuzzers/action.yml index 653beabd1..e7eaa8cb7 100644 --- a/infra/cifuzz/actions/run_fuzzers/action.yml +++ b/infra/cifuzz/actions/run_fuzzers/action.yml @@ -19,9 +19,6 @@ inputs: sanitizer: description: 'The sanitizer to run the fuzzers with.' default: 'address' - build-integration-path: - description: "The path to the the project's build integration." - required: false run-fuzzers-mode: description: | The mode to run the fuzzers with ("ci" or "batch"). diff --git a/infra/cifuzz/external-actions/build_fuzzers/action.yml b/infra/cifuzz/external-actions/build_fuzzers/action.yml new file mode 100644 index 000000000..34adc08a7 --- /dev/null +++ b/infra/cifuzz/external-actions/build_fuzzers/action.yml @@ -0,0 +1,40 @@ +# action.yml +name: 'build-fuzzers' +description: "Builds an OSS-Fuzz project's fuzzers." +inputs: + language: + description: 'Programming language project is written in.' + required: false + default: 'c++' + dry-run: + description: 'If set, run the action without actually reporting a failure.' + default: false + allowed-broken-targets-percentage: + description: 'The percentage of broken targets allowed in bad_build_check.' + required: false + sanitizer: + description: 'The sanitizer to build the fuzzers with.' + default: 'address' + project-src-path: + description: "The path to the project's source code checkout." + required: false + build-integration-path: + description: "The path to the the project's build integration." + required: true + bad-build-check: + description: "Whether or not OSS-Fuzz's check for bad builds should be done." + required: false + default: true +runs: + using: 'docker' + image: '../../../build_fuzzers.Dockerfile' + env: + OSS_FUZZ_PROJECT_NAME: ${{ inputs.oss-fuzz-project-name }} + LANGUAGE: ${{ inputs.language }} + DRY_RUN: ${{ inputs.dry-run}} + ALLOWED_BROKEN_TARGETS_PERCENTAGE: ${{ inputs.allowed-broken-targets-percentage}} + SANITIZER: ${{ inputs.sanitizer }} + PROJECT_SRC_PATH: ${{ inputs.project-src-path }} + BUILD_INTEGRATION_PATH: ${{ inputs.build-integration-path }} + LOW_DISK_SPACE: 'True' + BAD_BUILD_CHECK: ${{ inputs.bad-build-check }} diff --git a/infra/cifuzz/external-actions/run_fuzzers/action.yml b/infra/cifuzz/external-actions/run_fuzzers/action.yml new file mode 100644 index 000000000..24b93325c --- /dev/null +++ b/infra/cifuzz/external-actions/run_fuzzers/action.yml @@ -0,0 +1,50 @@ +# action.yml +name: 'run-fuzzers' +description: 'Runs fuzz target binaries for a specified length of time.' +inputs: + language: + description: 'Programming language project is written in.' + required: false + default: 'c++' + fuzz-seconds: + description: 'The total time allotted for fuzzing in seconds.' + required: true + default: 600 + dry-run: + description: 'If set, run the action without actually reporting a failure.' + default: false + sanitizer: + description: 'The sanitizer to run the fuzzers with.' + default: 'address' + build-integration-path: + description: "The path to the the project's build integration." + required: true + run-fuzzers-mode: + description: | + The mode to run the fuzzers with ("ci" or "batch"). + "ci" is for fuzzing a pull request or commit. + "batch" is for non-interactive fuzzing of an entire project. + "batch" is in alpha and should not be used in production. + required: false + default: 'ci' + github-token: + description: | + Token for GitHub API. WARNING: THIS SHOULD NOT BE USED IN PRODUCTION YET + You should use "secrets.GITHUB_TOKEN" in your workflow file, do not + hardcode the token. + TODO(https://github.com/google/oss-fuzz/pull/5841#discussion_r639393361): + Document locking this down. + required: true +runs: + using: 'docker' + image: '../../../run_fuzzers.Dockerfile' + env: + OSS_FUZZ_PROJECT_NAME: ${{ inputs.oss-fuzz-project-name }} + LANGUAGE: ${{ inputs.language }} + FUZZ_SECONDS: ${{ inputs.fuzz-seconds }} + DRY_RUN: ${{ inputs.dry-run}} + SANITIZER: ${{ inputs.sanitizer }} + RUN_FUZZERS_MODE: ${{ inputs.run-fuzzers-mode }} + BUILD_INTEGRATION_PATH: ${{ inputs.build-integration-path }} + GITHUB_TOKEN: ${{ inputs.github-token }} + LOW_DISK_SPACE: 'True' |