-
-
Notifications
You must be signed in to change notification settings - Fork 277
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add CIFuzz GitHub Action #604
Conversation
Codecov ReportBase: 54.19% // Head: 54.22% // Increases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## trunk #604 +/- ##
==========================================
+ Coverage 54.19% 54.22% +0.02%
==========================================
Files 50 50
Lines 4406 4406
==========================================
+ Hits 2388 2389 +1
+ Misses 2018 2017 -1
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
Thanks for this! I'm thinking that additionally we should also run this every night for a longer time. Maybe 30 minutes (1800 seconds)? We'd need another CI step with the following trigger: {
"name": "CIFuzz (nightly run)",
"on": {
"schedule": [
{
"cron": "0 0 * * *"
}
]
},
// ... Additionally can you run this through a yaml-to-json converter to match the other CI steps? There are several of them online |
done
I wouldn't recommend this -- this is the duty of OSS-Fuzz which will run it continuously, generate an increasingly larger corpus and then CIFuzz uses this corpus in the CI action as well. Bincode was integrated into OSS-Fuzz here: google/oss-fuzz#8045 and you can find the relevant files for the project here: https://github.com/google/oss-fuzz/tree/master/projects/bincode -- it looks like @nmccarty was added as a primary contact in the project configuration, should more be added? |
Both nmccarty and I were unaware that bincode was already in google's open source fuzzing system. Zoey knew about it but only because someone else pointed this out. I guess it's a good thing we never knew that bincode was actively being fuzzed because it means we're doing something right.
Keeping nmccarty as a primary contact is fine, thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks!
Add CIFuzz workflow action to have fuzzers build and run on each PR.
This is a service offered by OSS-Fuzz where Bincode already runs. CIFuzz can help detect regressions and catch fuzzing build issues early, and has a variety of features (see the URL above). In the current PR the fuzzers gets build on a pull request and will run for 300 seconds