Skip to content

chore(deps): bump warp from 0.3.7 to 0.4.2 #23

chore(deps): bump warp from 0.3.7 to 0.4.2

chore(deps): bump warp from 0.3.7 to 0.4.2 #23

Workflow file for this run

# Copyright (c) 2025 Erick Bourgeois, firestoned
# SPDX-License-Identifier: Apache-2.0
#
# Short-duration fuzzing of 5-Spot's string parsers on every PR and push.
#
# Each target runs for 60 seconds against libFuzzer via cargo-fuzz. This is a
# credible smoke-fuzz, not continuous fuzzing — the Scorecard FuzzingID check
# only requires that some fuzzing infrastructure exists; follow-up work is
# tracked in ~/dev/roadmaps/5spot-code-scanning-remediation.md § Phase 8 to
# integrate with OSS-Fuzz for continuous coverage.
#
# Requires nightly Rust (libfuzzer-sys uses nightly-only build-script hooks).
name: Fuzz
on:
pull_request:
branches:
- main
paths:
- 'src/**/*.rs'
- 'Cargo.toml'
- 'Cargo.lock'
- 'fuzz/**'
- '.github/workflows/fuzz.yaml'
push:
branches:
- main
paths:
- 'src/**/*.rs'
- 'Cargo.toml'
- 'Cargo.lock'
- 'fuzz/**'
- '.github/workflows/fuzz.yaml'
permissions:
contents: read
env:
# Override the cross-compilation linkers set in .cargo/config.toml.
# cargo-fuzz builds with --target x86_64-unknown-linux-gnu, which picks up
# the macOS cross-compiler setting in .cargo/config.toml — that tool is
# not on Linux CI runners, so builds fail with
# `linker x86_64-unknown-linux-gnu-gcc not found`. `cc` is the native GCC.
CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_LINKER: cc
CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: cc
jobs:
fuzz:
name: 🎲 Fuzz ${{ matrix.target }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
target:
- parse_duration
- parse_day_ranges
- parse_hour_ranges
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Install nightly Rust toolchain
uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable (moving ref — re-pin quarterly)
with:
toolchain: nightly
- name: Install cargo-fuzz
run: cargo install cargo-fuzz --locked
- name: Cache cargo dependencies
uses: firestoned/github-actions/rust/cache-cargo@53b483254bc648903c364ee3c73a546d0936a91e # v1.3.6
- name: Run fuzz target (60 s)
working-directory: fuzz
run: cargo +nightly fuzz run ${{ matrix.target }} -- -max_total_time=60
- name: Upload crash artifacts on failure
if: failure()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: fuzz-crash-${{ matrix.target }}
path: fuzz/artifacts/${{ matrix.target }}/
if-no-files-found: ignore