oss-fuzz/.github/workflows/project_tests.yml

name: Project tests

permissions:
  contents: read

on:
  pull_request:
    branches:
    - master

jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      actions: write
    strategy:
      fail-fast: false
      matrix:
        engine:
          - libfuzzer
        sanitizer:
          - none
          - address
          - memory
          - undefined
          - coverage
        architecture:
          - x86_64
        include:
          - engine: afl
            sanitizer: address
            architecture: x86_64
          - engine: honggfuzz
            sanitizer: address
            architecture: x86_64
          - engine: libfuzzer
            sanitizer: address
            architecture: i386
          - engine: none
            sanitizer: address
            architecture: x86_64
          - engine: wycheproof
            sanitizer: none
            architecture: x86_64
          - engine: centipede
            sanitizer: address
            architecture: x86_64
    env:
      ENGINE: ${{ matrix.engine }}
      SANITIZER: ${{ matrix.sanitizer }}
      ARCHITECTURE: ${{ matrix.architecture }}

    steps:
      - name: Cancel previous
        uses: styfle/cancel-workflow-action@0.9.1
        with:
          access_token: ${{ github.token }}

      - uses: actions/checkout@v3
        with:  # Needed for git diff to work. (get_changed_files)
          fetch-depth: 0
      - run: |
          git symbolic-ref refs/remotes/origin/HEAD refs/remotes/origin/master

      - name: Clear unnecessary files
        run: |
          sudo swapoff -a
          sudo rm -f /swapfile
          sudo apt clean
          docker rmi $(docker images -a -q)
          df -h

      - name: Setup python environment
        uses: actions/setup-python@v3
        with:
          python-version: 3.8
          cache: pip
          cache-dependency-path: |
            infra/ci/requirements.txt

      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install -r infra/ci/requirements.txt

      - name: Run project tests
        run: python infra/ci/build.py
Add Github Actions CI. (#3971) 2020-06-12 21:39:16 +00:00			`name: Project tests`
Improve Actions hygiene (#5361) 👋 hello there! I'm a fellow Googler who works on projects that leverage GitHub Actions for CI/CD. Recently I noticed a large increase in our queue time, and I've tracked it down to the [limit of 180 concurrent jobs](https://docs.github.com/en/actions/reference/usage-limits-billing-and-administration) for an organization. To help be better citizens, I'm proposing changes across a few repositories that will reduce GitHub Actions hours and consumption. I hope these changes are reasonable and I'm happy to talk through them in more detail. - Only run GitHub Actions for pushes and PRs against the main branch of the repository. If your team uses a forking model, this change will not affect you. If your team pushes branches to the repository directly, this changes actions to only run against the primary branches or if you open a Pull Request against a primary branch. - For long-running jobs (especially tests), I added the "Cancel previous" workflow. This is very helpful to prevent a large queue backlog when you are doing rapid development and pushing multiple commits. Without this, GitHub Actions' default behavior is to run all actions on all commits. There are other changes you could make, depending on your project (but I'm not an expert): - If you have tests that should only run when a subset of code changes, consider gating your workflow to particular file paths. For example, we have some jobs that do Terraform linting, but [they only run when Terraform files are changed](https://github.com/google/exposure-notifications-verification-server/blob/c4f59fee71042cf668747e599e7c769fca736554/.github/workflows/terraform.yml#L3-L11). Hopefully these changes are not too controversial and also hopefully you can see how this would reduce actions consumption to be good citizens to fellow Googlers. If you have any questions, feel free to respond here or ping me on chat. Thank you! 2021-03-11 02:14:23 +00:00
Fix permissions on Github Actions jobs (#7430) Related: #7425 2022-03-23 20:09:50 +00:00			`permissions:`
			`contents: read`

Improve Actions hygiene (#5361) 👋 hello there! I'm a fellow Googler who works on projects that leverage GitHub Actions for CI/CD. Recently I noticed a large increase in our queue time, and I've tracked it down to the [limit of 180 concurrent jobs](https://docs.github.com/en/actions/reference/usage-limits-billing-and-administration) for an organization. To help be better citizens, I'm proposing changes across a few repositories that will reduce GitHub Actions hours and consumption. I hope these changes are reasonable and I'm happy to talk through them in more detail. - Only run GitHub Actions for pushes and PRs against the main branch of the repository. If your team uses a forking model, this change will not affect you. If your team pushes branches to the repository directly, this changes actions to only run against the primary branches or if you open a Pull Request against a primary branch. - For long-running jobs (especially tests), I added the "Cancel previous" workflow. This is very helpful to prevent a large queue backlog when you are doing rapid development and pushing multiple commits. Without this, GitHub Actions' default behavior is to run all actions on all commits. There are other changes you could make, depending on your project (but I'm not an expert): - If you have tests that should only run when a subset of code changes, consider gating your workflow to particular file paths. For example, we have some jobs that do Terraform linting, but [they only run when Terraform files are changed](https://github.com/google/exposure-notifications-verification-server/blob/c4f59fee71042cf668747e599e7c769fca736554/.github/workflows/terraform.yml#L3-L11). Hopefully these changes are not too controversial and also hopefully you can see how this would reduce actions consumption to be good citizens to fellow Googlers. If you have any questions, feel free to respond here or ping me on chat. Thank you! 2021-03-11 02:14:23 +00:00			`on:`
			`pull_request:`
			`branches:`
			`- master`
Add Github Actions CI. (#3971) 2020-06-12 21:39:16 +00:00
			`jobs:`
			`build:`
			`runs-on: ubuntu-latest`
Fix permissions on Github Actions jobs (#7430) Related: #7425 2022-03-23 20:09:50 +00:00			`permissions:`
			`actions: write`
Add Github Actions CI. (#3971) 2020-06-12 21:39:16 +00:00			`strategy:`
			`fail-fast: false`
			`matrix:`
			`engine:`
			`- libfuzzer`
			`sanitizer:`
Integrate Jazzer.js (#9466) This PR enables using Jazzer.js for fuzzing Node.js projects in OSS-Fuzz. Part of #8324 --------- Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com> 2023-01-31 16:31:54 +00:00			`- none`
Add Github Actions CI. (#3971) 2020-06-12 21:39:16 +00:00			`- address`
			`- memory`
			`- undefined`
[util-linux] cover mnt_table_parse_stream (#4032) * [util-linux] cover mnt_table_parse_stream Waiting for https://github.com/karelzak/util-linux/pull/1068 * temporarily point OSS-Fuzz to evverx/util-linux * make sure it can be built with sanitizer=coverage 2020-06-25 22:35:44 +00:00			`- coverage`
Add Github Actions CI. (#3971) 2020-06-12 21:39:16 +00:00			`architecture:`
			`- x86_64`
			`include:`
			`- engine: afl`
			`sanitizer: address`
			`architecture: x86_64`
			`- engine: honggfuzz`
			`sanitizer: address`
			`architecture: x86_64`
			`- engine: libfuzzer`
			`sanitizer: address`
			`architecture: i386`
			`- engine: none`
			`sanitizer: address`
			`architecture: x86_64`
[wycheproof] Add CI support (#8040) Update project_tests.yml 2022-07-20 18:36:44 +00:00			`- engine: wycheproof`
			`sanitizer: none`
			`architecture: x86_64`
Centipede integration (#8046) * Add Centipede as a fuzzer * Specify dictionary param of Centipede * Update docs * Mark Centipede as experimental * More accurate description * Remove garbage * Simplify code * Move mkdir to dockerfile * Add the weak.c trick * Install deps with Centipede's script & uninstall new deps * Fix doc * Reuse libweak_sancov_stubs.so * Reorganise flags * format * Consistent file type * Reuse the weak references defined in Centipede * Replace the shared library of weak symbols with a static one * Correct the place to call mkdir * Allow 2G of SHM for Centipede * Create dirs in run_fuzzer * Keep Centipede up-to-date * Avoid duplicating Centipede's binary * The params of Centipede and their explanations * The engine info of centipede * Save the target binary (with san) in a subdir of the project * Set the target (with san) dir in check_build * Create the target (with san) first to avoid side-effects * Fic clone * Fix format * Add periods * Fix comments * Fix dirs * Fix parameters * Adding Centipede as a fuzzing engine for Scarecrow * Add CI support * Represent sanitizer with a variable * Remove the unnecessary definition of FUZZER_OUT * Reorganise binary directories * format * A minor note * Present issues with dirs that alread exist * Use os.path.join to join path * Make a function to get the out/ in check build * Reusing existing flags in .bazel * Avoid hardcoding sanitizer, set rss_limit_mb=4096, leave address_space_limit_mb disabled * Better ways to add bazel build options * A better way to add bazel flags * Remove redundant --bazelrc * Better Cohesion * Avoid code duplication * Simplify code * Exit on crash 2022-09-06 02:34:58 +00:00			`- engine: centipede`
			`sanitizer: address`
			`architecture: x86_64`
Add Github Actions CI. (#3971) 2020-06-12 21:39:16 +00:00			`env:`
			`ENGINE: ${{ matrix.engine }}`
			`SANITIZER: ${{ matrix.sanitizer }}`
			`ARCHITECTURE: ${{ matrix.architecture }}`

			`steps:`
Improve Actions hygiene (#5361) 👋 hello there! I'm a fellow Googler who works on projects that leverage GitHub Actions for CI/CD. Recently I noticed a large increase in our queue time, and I've tracked it down to the [limit of 180 concurrent jobs](https://docs.github.com/en/actions/reference/usage-limits-billing-and-administration) for an organization. To help be better citizens, I'm proposing changes across a few repositories that will reduce GitHub Actions hours and consumption. I hope these changes are reasonable and I'm happy to talk through them in more detail. - Only run GitHub Actions for pushes and PRs against the main branch of the repository. If your team uses a forking model, this change will not affect you. If your team pushes branches to the repository directly, this changes actions to only run against the primary branches or if you open a Pull Request against a primary branch. - For long-running jobs (especially tests), I added the "Cancel previous" workflow. This is very helpful to prevent a large queue backlog when you are doing rapid development and pushing multiple commits. Without this, GitHub Actions' default behavior is to run all actions on all commits. There are other changes you could make, depending on your project (but I'm not an expert): - If you have tests that should only run when a subset of code changes, consider gating your workflow to particular file paths. For example, we have some jobs that do Terraform linting, but [they only run when Terraform files are changed](https://github.com/google/exposure-notifications-verification-server/blob/c4f59fee71042cf668747e599e7c769fca736554/.github/workflows/terraform.yml#L3-L11). Hopefully these changes are not too controversial and also hopefully you can see how this would reduce actions consumption to be good citizens to fellow Googlers. If you have any questions, feel free to respond here or ping me on chat. Thank you! 2021-03-11 02:14:23 +00:00			`- name: Cancel previous`
build(deps): bump styfle/cancel-workflow-action from 0.8.0 to 0.9.1 (#7444) Bumps [styfle/cancel-workflow-action](https://github.com/styfle/cancel-workflow-action) from 0.8.0 to 0.9.1. - [Release notes](https://github.com/styfle/cancel-workflow-action/releases) - [Commits](https://github.com/styfle/cancel-workflow-action/compare/0.8.0...0.9.1) --- updated-dependencies: - dependency-name: styfle/cancel-workflow-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2022-03-24 14:10:34 +00:00			`uses: styfle/cancel-workflow-action@0.9.1`
Improve Actions hygiene (#5361) 👋 hello there! I'm a fellow Googler who works on projects that leverage GitHub Actions for CI/CD. Recently I noticed a large increase in our queue time, and I've tracked it down to the [limit of 180 concurrent jobs](https://docs.github.com/en/actions/reference/usage-limits-billing-and-administration) for an organization. To help be better citizens, I'm proposing changes across a few repositories that will reduce GitHub Actions hours and consumption. I hope these changes are reasonable and I'm happy to talk through them in more detail. - Only run GitHub Actions for pushes and PRs against the main branch of the repository. If your team uses a forking model, this change will not affect you. If your team pushes branches to the repository directly, this changes actions to only run against the primary branches or if you open a Pull Request against a primary branch. - For long-running jobs (especially tests), I added the "Cancel previous" workflow. This is very helpful to prevent a large queue backlog when you are doing rapid development and pushing multiple commits. Without this, GitHub Actions' default behavior is to run all actions on all commits. There are other changes you could make, depending on your project (but I'm not an expert): - If you have tests that should only run when a subset of code changes, consider gating your workflow to particular file paths. For example, we have some jobs that do Terraform linting, but [they only run when Terraform files are changed](https://github.com/google/exposure-notifications-verification-server/blob/c4f59fee71042cf668747e599e7c769fca736554/.github/workflows/terraform.yml#L3-L11). Hopefully these changes are not too controversial and also hopefully you can see how this would reduce actions consumption to be good citizens to fellow Googlers. If you have any questions, feel free to respond here or ping me on chat. Thank you! 2021-03-11 02:14:23 +00:00			`with:`
			`access_token: ${{ github.token }}`

build(deps): bump actions/checkout from 2 to 3 (#7440) Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2022-03-24 14:20:31 +00:00			`- uses: actions/checkout@v3`
ci: Fix get_changed_files_output (#5944) * ci: Fix get_changed_files_output * Update project_tests.yml * ci: Fix presubmit checks * ci: Use fetch-depth:0 instead of --unshallow 2021-06-21 14:14:41 +00:00			`with: # Needed for git diff to work. (get_changed_files)`
			`fetch-depth: 0`
			`- run: \|`
Add Github Actions CI. (#3971) 2020-06-12 21:39:16 +00:00			`git symbolic-ref refs/remotes/origin/HEAD refs/remotes/origin/master`

			`- name: Clear unnecessary files`
			`run: \|`
			`sudo swapoff -a`
			`sudo rm -f /swapfile`
			`sudo apt clean`
			`docker rmi $(docker images -a -q)`
			`df -h`

			`- name: Setup python environment`
build(deps): bump actions/setup-python from 2 to 3 (#7438) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 3. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2022-03-24 17:29:23 +00:00			`uses: actions/setup-python@v3`
Add Github Actions CI. (#3971) 2020-06-12 21:39:16 +00:00			`with:`
Undo accidental commit 2022-12-27 17:40:55 +00:00			`python-version: 3.8`
Use setup-python action to cache dependencies (#9159) Signed-off-by: jongwooo <jongwooo.han@gmail.com> ## Details Updated workflows to cache dependencies using [actions/setup-python](https://github.com/actions/setup-python#caching-packages-dependencies). `setup-python@v3` or newer has caching built-in. ### AS-IS ```yaml - name: Setup python environment uses: actions/setup-python@v3 with: python-version: 3.8 ``` ### TO-BE ```yaml - name: Setup python environment uses: actions/setup-python@v3 with: python-version: 3.8 cache: pip cache-dependency-path: \| infra/ci/requirements.txt infra/build/functions/requirements.txt infra/cifuzz/requirements.txt ``` ## References - [https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows) - [https://thearchivelog.dev/article/caching-dependencies-to-speed-up-workflows/](https://thearchivelog.dev/article/caching-dependencies-to-speed-up-workflows/) Signed-off-by: jongwooo <jongwooo.han@gmail.com> 2023-01-30 17:09:06 +00:00			`cache: pip`
			`cache-dependency-path: \|`
			`infra/ci/requirements.txt`
Add Github Actions CI. (#3971) 2020-06-12 21:39:16 +00:00
			`- name: Install dependencies`
CI fix. (#4139) 2020-07-15 16:46:24 +00:00			`run: \|`
			`python -m pip install --upgrade pip`
			`pip install -r infra/ci/requirements.txt`
Add Github Actions CI. (#3971) 2020-06-12 21:39:16 +00:00
			`- name: Run project tests`
			`run: python infra/ci/build.py`