lisette/.github/workflows/fuzz.yml at main · ivov/lisette · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Fuzz
on:
  schedule:
    - cron: "0 4 * * *"
  workflow_dispatch:

permissions:
  issues: write

jobs:
  fuzz-parse:
    if: github.repository == 'ivov/lisette'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6

      - uses: dtolnay/rust-toolchain@5b842231ba77f5c045dba54ac5560fed2db780e2 # ratchet:dtolnay/rust-toolchain@nightly

      - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # ratchet:Swatinem/rust-cache@v2
        with:
          workspaces: fuzz -> target

      - name: Cache cargo-fuzz binary
        id: cache-cargo-fuzz
        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # ratchet:actions/cache@v5
        with:
          path: ~/.cargo/bin/cargo-fuzz
          key: cargo-fuzz-0.13.1

      - name: Install cargo-fuzz
        if: steps.cache-cargo-fuzz.outputs.cache-hit != 'true'
        run: cargo install cargo-fuzz --version 0.13.1 --locked

      - name: Restore fuzz-parse corpus
        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # ratchet:actions/cache/restore@v5
        with:
          path: fuzz/corpus/parse
          key: fuzz-corpus-parse

      - uses: extractions/setup-just@f8a3cce218d9f83db3a2ecd90e41ac3de6cdfd9b # ratchet:extractions/setup-just@v3

      - name: Minimize fuzz-parse corpus
        run: cargo +nightly fuzz cmin parse -- -rss_limit_mb=2048

      - name: Fuzz parse
        run: just fuzz-parse

      - name: Save fuzz-parse corpus
        if: always()
        uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # ratchet:actions/cache/save@v5
        with:
          path: fuzz/corpus/parse
          key: fuzz-corpus-parse-${{ github.run_id }}

      - name: Upload crash artifacts
        if: failure()
        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # ratchet:actions/upload-artifact@v6
        with:
          name: fuzz-crash-parse
          path: fuzz/artifacts/

      - name: Create issue on crash
        if: failure()
        run: |
          gh issue create \
            --repo ivov/lisette \
            --title "fuzz-parse crash (run ${{ github.run_id }})" \
            --body "The \`fuzz-parse\` target crashed in a scheduled fuzz run.

          **Run:** ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
          **Artifact:** \`fuzz-crash-parse\` (attached to the run)"
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  fuzz-infer:
    if: github.repository == 'ivov/lisette'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6

      - uses: dtolnay/rust-toolchain@5b842231ba77f5c045dba54ac5560fed2db780e2 # ratchet:dtolnay/rust-toolchain@nightly

      - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # ratchet:Swatinem/rust-cache@v2
        with:
          workspaces: fuzz -> target

      - name: Cache cargo-fuzz binary
        id: cache-cargo-fuzz
        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # ratchet:actions/cache@v5
        with:
          path: ~/.cargo/bin/cargo-fuzz
          key: cargo-fuzz-0.13.1

      - name: Install cargo-fuzz
        if: steps.cache-cargo-fuzz.outputs.cache-hit != 'true'
        run: cargo install cargo-fuzz --version 0.13.1 --locked

      - name: Restore fuzz-infer corpus
        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # ratchet:actions/cache/restore@v5
        with:
          path: fuzz/corpus/infer
          key: fuzz-corpus-infer

      - uses: extractions/setup-just@f8a3cce218d9f83db3a2ecd90e41ac3de6cdfd9b # ratchet:extractions/setup-just@v3

      - name: Minimize fuzz-infer corpus
        run: cargo +nightly fuzz cmin infer -- -rss_limit_mb=2048

      - name: Fuzz infer
        run: just fuzz-infer

      - name: Save fuzz-infer corpus
        if: always()
        uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # ratchet:actions/cache/save@v5
        with:
          path: fuzz/corpus/infer
          key: fuzz-corpus-infer-${{ github.run_id }}

      - name: Upload crash artifacts
        if: failure()
        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # ratchet:actions/upload-artifact@v6
        with:
          name: fuzz-crash-infer
          path: fuzz/artifacts/

      - name: Create issue on crash
        if: failure()
        run: |
          gh issue create \
            --repo ivov/lisette \
            --title "fuzz-infer crash (run ${{ github.run_id }})" \
            --body "The \`fuzz-infer\` target crashed in a scheduled fuzz run.

          **Run:** ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
          **Artifact:** \`fuzz-crash-infer\` (attached to the run)"
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}