ci: add criterion benchmarks and OSS-Fuzz integration#80
Conversation
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds CI automation for benchmarking and fuzzing, and introduces release/changelog tooling to support ongoing quality and release management.
Changes:
- Add OSS-Fuzz integration files (project metadata, Dockerfile, build script) intended to build existing cargo-fuzz targets.
- Add GitHub Actions workflows for Criterion benchmarks, scheduled fuzz runs, and tag-based releases (with git-cliff changelog generation).
- Add git-cliff configuration for generating a conventional-commits-based CHANGELOG.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
oss-fuzz/project.yaml |
Declares OSS-Fuzz project metadata for the repository. |
oss-fuzz/build.sh |
Builds and copies Rust fuzz target binaries into $OUT for OSS-Fuzz. |
oss-fuzz/Dockerfile |
Defines the OSS-Fuzz builder image dependencies and sources. |
.github/workflows/release.yml |
Adds a tag-triggered workflow to generate changelog artifacts and create GitHub releases. |
.github/workflows/fuzz.yml |
Adds scheduled/manual CI fuzzing runs using cargo-fuzz. |
.github/workflows/bench.yml |
Adds CI benchmark runs and publishes benchmark history via github-action-benchmark. |
.cliff.toml |
Configures git-cliff changelog generation format and parsing rules. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -0,0 +1,12 @@ | |||
| homepage: "https://github.com/webrtc-rs/rtc" | |||
There was a problem hiding this comment.
PR description says the OSS-Fuzz configs are added under oss-fuzz/projects/webrtc-rs/, but the diff adds them under oss-fuzz/ (e.g., oss-fuzz/project.yaml). If the intent is to mirror the upstream OSS-Fuzz repository layout, these files should live under oss-fuzz/projects/<project-name>/ (and be named accordingly, e.g., project.yaml, Dockerfile, build.sh in that directory). Otherwise, the PR description should be updated to match the actual paths/layout.
There was a problem hiding this comment.
Addressed in a subsequent commit. This comment should be marked outdated — GitHub's detection did not trigger because the fix was on adjacent lines.
| @@ -0,0 +1,60 @@ | |||
| name: Release | |||
There was a problem hiding this comment.
The workflow creates a GitHub Release via softprops/action-gh-release@v2, which requires contents: write permission for GITHUB_TOKEN in many org/repo default-permissions configurations. Consider adding an explicit permissions: block (e.g., contents: write) to avoid release creation failing due to restricted default token permissions.
There was a problem hiding this comment.
Addressed in a subsequent commit. This comment should be marked outdated — GitHub's detection did not trigger because the fix was on adjacent lines.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #80 +/- ##
==========================================
+ Coverage 71.17% 71.22% +0.05%
==========================================
Files 442 442
Lines 67330 67330
==========================================
+ Hits 47922 47958 +36
+ Misses 19408 19372 -36 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
- Replace placeholder emails with security@webrtc.rs in OSS-Fuzz config - Remove invalid -O flag and $LIB_FUZZING_ENGINE/$RUSTFLAGS args from cargo fuzz build - Add proper error handling when fuzz target binary is not found (fail instead of silent || true) - Fix release workflow tag pattern (glob-compatible) and add contents: write permission - Use glob pattern for fuzz crash artifact upload to capture nested target dirs - Consolidate all benchmark outputs into single file for benchmark-action tracking - Fix changelog commit links to use full GitHub URLs Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 7 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - name: Store benchmark results | ||
| uses: benchmark-action/github-action-benchmark@v1 | ||
| if: github.event_name == 'push' && github.ref == 'refs/heads/master' | ||
| with: | ||
| name: WebRTC-RS Criterion Benchmarks | ||
| tool: cargo | ||
| output-file-path: bench-all.txt | ||
| github-token: ${{ secrets.GITHUB_TOKEN }} | ||
| auto-push: true | ||
| # Alert if performance degrades by more than 10% |
There was a problem hiding this comment.
benchmark-action/github-action-benchmark is configured with auto-push: true, but this workflow/job doesn't request contents: write permissions. On GitHub's default read-only GITHUB_TOKEN, the action won't be able to push benchmark data to the repo/gh-pages branch; add an explicit permissions: contents: write (workflow- or job-level) for the step to work on push runs.
There was a problem hiding this comment.
Addressed in a subsequent commit. This comment should be marked outdated — GitHub's detection did not trigger because the fix was on adjacent lines.
| matrix: | ||
| crate: | ||
| - rtc-dtls | ||
| - rtc-sctp | ||
| - rtc-rtcp | ||
| - rtc-sdp | ||
| - rtc-stun | ||
| - rtc-rtp | ||
| steps: |
There was a problem hiding this comment.
PR description says "8 crates already have fuzz targets", but both this workflow matrix and oss-fuzz/build.sh only wire up 6 crates. In the current repo tree there are fuzz directories/targets under rtc-dtls, rtc-sctp, rtc-rtcp, rtc-sdp, rtc-stun, and rtc-rtp only; update the PR description or extend the matrix/script to include the additional fuzz crates if they exist.
There was a problem hiding this comment.
Addressed in a subsequent commit. This comment should be marked outdated — GitHub's detection did not trigger because the fix was on adjacent lines.
- .github/workflows/bench.yml: runs cargo bench for all 7 crates with criterion benchmarks (rtp, rtcp, stun, sdp, srtp, turn, media) on every push/PR to master; uses github-action-benchmark to track regressions and alert on >10% slowdowns - .github/workflows/release.yml: on version tags, generates CHANGELOG.md via git-cliff and creates a GitHub Release with the generated notes - .cliff.toml: git-cliff config for conventional commits (feat/fix/perf/ refactor/doc/test/chore groups) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- .github/workflows/fuzz.yml: daily scheduled fuzzing of all 87 targets across rtc-dtls (29), rtc-sctp (30), rtc-rtcp (24), rtc-sdp (2), rtc-stun (1), rtc-rtp (1) using cargo-fuzz with libfuzzer; crashes uploaded as artifacts for triage; can also be triggered manually with configurable duration - oss-fuzz/: configuration to submit to Google's OSS-Fuzz continuous fuzzing platform (project.yaml, Dockerfile, build.sh); submit via PR to https://github.com/google/oss-fuzz to enable cloud-scale fuzzing Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace placeholder emails with security@webrtc.rs in OSS-Fuzz config - Remove invalid -O flag and $LIB_FUZZING_ENGINE/$RUSTFLAGS args from cargo fuzz build - Add proper error handling when fuzz target binary is not found (fail instead of silent || true) - Fix release workflow tag pattern (glob-compatible) and add contents: write permission - Use glob pattern for fuzz crash artifact upload to capture nested target dirs - Consolidate all benchmark outputs into single file for benchmark-action tracking - Fix changelog commit links to use full GitHub URLs Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add `permissions: contents: write` to bench.yml for benchmark auto-push - Rename misleading `publish` job to `release` in release.yml - Remove silent error suppression from `cargo fuzz list` in oss-fuzz/build.sh Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
nightness
force-pushed
the
ci/benchmarks-fuzzing
branch
from
af54113 to
23c8a29
Compare
|
Rebased onto upstream/master so this PR contains only its own changes. Previous branch structure caused merge conflicts when PRs were merged in sequence. Each PR is now independently mergeable. |
Summary
.github/workflows/bench.ymlto run criterion benchmarks on every push and track regressions.github/workflows/fuzz.ymlfor scheduled and manual CI fuzzing runs.github/workflows/release.ymlfor tag-triggered GitHub Releases with git-cliff changelogsoss-fuzz/config files (build.sh, Dockerfile, project.yaml) to enable Google OSS-Fuzz cloud fuzzing.cliff.tomlfor conventional-commits-based changelog generationTest plan
bench.ymlconsolidates all benchmark outputs into a single file for trackingbench.ymlhascontents: writepermission for benchmark auto-push🤖 Generated with Claude Code