chore(deps): bump k8s-openapi from 0.27.1 to 0.28.0 #78
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) 2025 Erick Bourgeois, firestoned | |
| # SPDX-License-Identifier: Apache-2.0 | |
| # | |
| # Short-duration fuzzing of 5-Spot's string parsers on every PR and push. | |
| # | |
| # Each target runs for 60 seconds against libFuzzer via cargo-fuzz. This is a | |
| # credible smoke-fuzz, not continuous fuzzing — the Scorecard FuzzingID check | |
| # only requires that some fuzzing infrastructure exists; follow-up work is | |
| # tracked in ~/dev/roadmaps/5spot-code-scanning-remediation.md § Phase 8 to | |
| # integrate with OSS-Fuzz for continuous coverage. | |
| # | |
| # Requires nightly Rust (libfuzzer-sys uses nightly-only build-script hooks). | |
| name: Fuzz | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - 'src/**/*.rs' | |
| - 'Cargo.toml' | |
| - 'Cargo.lock' | |
| - 'fuzz/**' | |
| - '.github/workflows/fuzz.yaml' | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'src/**/*.rs' | |
| - 'Cargo.toml' | |
| - 'Cargo.lock' | |
| - 'fuzz/**' | |
| - '.github/workflows/fuzz.yaml' | |
| permissions: | |
| contents: read | |
| env: | |
| # Override the cross-compilation linkers set in .cargo/config.toml. | |
| # cargo-fuzz builds with --target x86_64-unknown-linux-gnu, which picks up | |
| # the macOS cross-compiler setting in .cargo/config.toml — that tool is | |
| # not on Linux CI runners, so builds fail with | |
| # `linker x86_64-unknown-linux-gnu-gcc not found`. `cc` is the native GCC. | |
| CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_LINKER: cc | |
| CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: cc | |
| jobs: | |
| fuzz: | |
| name: 🎲 Fuzz ${{ matrix.target }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - parse_duration | |
| - parse_day_ranges | |
| - parse_hour_ranges | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| - name: Install nightly Rust toolchain | |
| uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable (moving ref — re-pin quarterly) | |
| with: | |
| toolchain: nightly | |
| - name: Install cargo-fuzz | |
| # `--locked` would honour cargo-fuzz's bundled Cargo.lock, which | |
| # currently pins `rustix 0.36.5` — that version uses | |
| # `rustc_layout_scalar_valid_range_*` attributes that nightly | |
| # rejected as of 2026-05 (upstream cargo-fuzz hasn't refreshed | |
| # its lockfile). Resolve fresh deps so we pull a rustix release | |
| # that builds cleanly. Reproducibility cost is acceptable: | |
| # this only affects how the tool itself is built; the actual | |
| # fuzz run pins via `fuzz/Cargo.lock`. | |
| run: cargo install cargo-fuzz | |
| - name: Cache cargo dependencies | |
| uses: firestoned/github-actions/rust/cache-cargo@53b483254bc648903c364ee3c73a546d0936a91e # v1.3.6 | |
| - name: Run fuzz target (60 s) | |
| working-directory: fuzz | |
| run: cargo +nightly fuzz run ${{ matrix.target }} -- -max_total_time=60 | |
| - name: Upload crash artifacts on failure | |
| if: failure() | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: fuzz-crash-${{ matrix.target }} | |
| path: fuzz/artifacts/${{ matrix.target }}/ | |
| if-no-files-found: ignore |