Fuzz test #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Fuzz test | |
| on: | |
| schedule: | |
| - cron: "0 4 * * *" | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| name: Build and Go fuzz | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Free up disk space on GitHub runner | |
| run: | | |
| sudo rm -rf /usr/share/dotnet | |
| sudo rm -rf /usr/local/lib/android | |
| sudo rm -rf /opt/ghc | |
| sudo rm -rf /opt/hostedtoolcache/CodeQL | |
| sudo rm -rf /usr/local/share/boost | |
| sudo rm -rf "$AGENT_TOOLSDIRECTORY" | |
| sudo apt-get clean | |
| docker rmi $(docker images -q) 2>/dev/null || true | |
| - uses: awalsh128/cache-apt-pkgs-action@latest | |
| with: | |
| packages: meson clang python3-pyelftools libnuma-dev libpcap-dev git protobuf-compiler jq | |
| version: 1.1 | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.24.x" | |
| cache: false | |
| - name: Install Go Protobuf Plugins | |
| run: | | |
| go install google.golang.org/protobuf/cmd/protoc-gen-go@latest | |
| go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest | |
| - uses: hendrikmuhs/ccache-action@v1.2.18 | |
| name: ccache | |
| with: | |
| key: ${{ runner.os }}-fuzz-build-cache | |
| - name: Build fuzz targets | |
| run: make fuzz | |
| - name: Collect fuzz binaries | |
| run: | | |
| mkdir -p fuzz-out | |
| find build/tests/fuzzing/ -maxdepth 1 -type f -executable -exec cp {} fuzz-out/ \; | |
| - name: Upload fuzz binaries | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: fuzz-binaries | |
| path: fuzz-out/ | |
| retention-days: 1 | |
| - name: Run Go fuzz tests | |
| id: go-fuzz | |
| continue-on-error: true | |
| run: | | |
| packages=$(go list ./...) | |
| for pkg in $packages; do | |
| fuzz_funcs=$(go test "$pkg" -list '^Fuzz' 2>/dev/null | grep '^Fuzz' || true) | |
| for func in $fuzz_funcs; do | |
| echo "Fuzzing $func in $pkg" | |
| go test "$pkg" -run '^$' -fuzz "^${func}\$" -fuzztime 10m | |
| done | |
| done | |
| - name: Upload Go fuzz failure testdata | |
| uses: actions/upload-artifact@v4 | |
| if: steps.go-fuzz.outcome == 'failure' | |
| with: | |
| name: go-fuzz-testdata | |
| path: "**/testdata/fuzz/**" | |
| retention-days: 7 | |
| c-fuzz-test: | |
| name: Fuzz ${{ matrix.module }} | |
| runs-on: ubuntu-24.04 | |
| needs: build | |
| timeout-minutes: 15 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| module: [decap, route, nat64w, dscp, fwstate] | |
| steps: | |
| - name: Download fuzz binaries | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: fuzz-binaries | |
| path: fuzz-binaries/ | |
| - name: Run fuzzer | |
| run: | | |
| chmod +x fuzz-binaries/${{ matrix.module }} | |
| mkdir -p corpus | |
| ./fuzz-binaries/${{ matrix.module }} corpus/ -max_total_time=600 | |