Fuzzing #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Fuzzing | |
| on: | |
| schedule: | |
| # Run weekly on Sundays at 00:00 UTC | |
| - cron: '0 0 * * 0' | |
| workflow_dispatch: | |
| inputs: | |
| duration: | |
| description: 'Fuzz duration in seconds' | |
| required: false | |
| default: '3600' | |
| env: | |
| CARGO_TERM_COLOR: always | |
| jobs: | |
| fuzz: | |
| name: Fuzz Testing | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - fuzz_merkle | |
| - fuzz_proof | |
| - fuzz_witness | |
| - fuzz_rlp | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust nightly | |
| uses: dtolnay/rust-toolchain@nightly | |
| - name: Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Install cargo-fuzz | |
| run: cargo install cargo-fuzz | |
| - name: Create fuzz directory structure | |
| run: | | |
| if [ ! -d "fuzz" ]; then | |
| cargo fuzz init | |
| fi | |
| - name: Run fuzz target | |
| run: | | |
| DURATION=${{ github.event.inputs.duration || '28800' }} | |
| echo "Running ${{ matrix.target }} for ${DURATION} seconds" | |
| timeout ${DURATION}s cargo fuzz run ${{ matrix.target }} || true | |
| - name: Check for crashes | |
| id: check_crashes | |
| run: | | |
| if [ -d "fuzz/artifacts/${{ matrix.target }}" ] && [ "$(ls -A fuzz/artifacts/${{ matrix.target }})" ]; then | |
| echo "CRASHES_FOUND=true" >> $GITHUB_OUTPUT | |
| echo "❌ Crashes found in ${{ matrix.target }}!" | |
| ls -la fuzz/artifacts/${{ matrix.target }}/ | |
| else | |
| echo "CRASHES_FOUND=false" >> $GITHUB_OUTPUT | |
| echo "✅ No crashes found in ${{ matrix.target }}" | |
| fi | |
| - name: Upload crash artifacts | |
| if: steps.check_crashes.outputs.CRASHES_FOUND == 'true' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: fuzz-crashes-${{ matrix.target }} | |
| path: fuzz/artifacts/${{ matrix.target }}/ | |
| retention-days: 90 | |
| - name: Create issue on crash | |
| if: steps.check_crashes.outputs.CRASHES_FOUND == 'true' | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const fs = require('fs'); | |
| const crashes = fs.readdirSync('fuzz/artifacts/${{ matrix.target }}'); | |
| const body = `## 🐛 Fuzzing found crashes in \`${{ matrix.target }}\` | |
| **Crash count:** ${crashes.length} | |
| **Target:** ${{ matrix.target }} | |
| **Duration:** ${{ github.event.inputs.duration || '28800' }} seconds | |
| **Workflow run:** ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| ### Crash files: | |
| ${crashes.map(c => `- \`${c}\``).join('\n')} | |
| Please investigate these crashes and fix the underlying issues. | |
| Crash artifacts are available in the workflow run artifacts. | |
| --- | |
| 🤖 This issue was automatically created by the fuzzing workflow.`; | |
| github.rest.issues.create({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| title: `[Fuzz] Crashes found in ${{ matrix.target }}`, | |
| body: body, | |
| labels: ['bug', 'fuzzing', 'security'] | |
| }); | |
| status: | |
| name: Fuzz Status | |
| runs-on: ubuntu-latest | |
| needs: fuzz | |
| if: always() | |
| steps: | |
| - name: Report status | |
| run: | | |
| echo "Fuzzing completed" | |
| echo "Check individual job results for details" |