Fuzz #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Fuzz | |
| # Nightly cron + on-demand. Each fuzz target gets a 10-minute budget; | |
| # any crash is uploaded as an artefact for triage. | |
| on: | |
| schedule: | |
| - cron: "0 4 * * *" # 04:00 UTC every day | |
| workflow_dispatch: | |
| inputs: | |
| target: | |
| description: "Specific target (omit to run all)" | |
| required: false | |
| default: "" | |
| duration_seconds: | |
| description: "Wall-time per target" | |
| required: false | |
| default: "600" | |
| concurrency: | |
| group: fuzz-${{ github.ref }} | |
| cancel-in-progress: false # never cancel an in-flight fuzz batch | |
| permissions: {} | |
| jobs: | |
| fuzz: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - fuzz_api_round_trip | |
| - fuzz_phc_parse | |
| - fuzz_argon2id_verify | |
| - fuzz_bcrypt_verify | |
| - fuzz_legacy_from_string | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Skip if dispatch picked a different target | |
| if: github.event_name == 'workflow_dispatch' && inputs.target != '' && inputs.target != matrix.target | |
| run: echo "skipping ${{ matrix.target }}" && exit 0 | |
| - name: Install nightly Rust | |
| uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master | |
| with: | |
| toolchain: nightly | |
| - name: Install cargo-fuzz | |
| run: cargo install --locked cargo-fuzz | |
| - name: Cache fuzz target build | |
| uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 | |
| with: | |
| workspaces: fuzz | |
| - name: Run fuzz target | |
| env: | |
| TARGET: ${{ matrix.target }} | |
| DURATION: ${{ inputs.duration_seconds || '600' }} | |
| working-directory: fuzz | |
| run: | | |
| mkdir -p corpus/${TARGET} artifacts/${TARGET} | |
| cargo +nightly fuzz run "${TARGET}" \ | |
| corpus/${TARGET} \ | |
| -- \ | |
| -max_total_time="${DURATION}" \ | |
| -artifact_prefix=artifacts/${TARGET}/ | |
| - name: Upload crash artefacts | |
| if: failure() || always() | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: fuzz-artifacts-${{ matrix.target }} | |
| path: fuzz/artifacts/ | |
| if-no-files-found: ignore | |
| retention-days: 30 |