[infra] CIFuzz - Add github action to OSS-Fuzz repo (#3214)

infra/cifuzz/actions/Dockerfile

@@ -0,0 +1,43 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+# Docker image to run CIFuzz in.
+
+FROM ubuntu:16.04
+
+RUN apt-get update && apt-get install -y git \
+    apt-transport-https \
+    ca-certificates \
+    curl \
+    gnupg2 \
+    software-properties-common \
+    python3
+
+
+RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - && apt-key fingerprint 0EBFCD88
+RUN add-apt-repository \
+   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
+   xenial \
+   stable"
+
+RUN apt-get update && apt-get install docker-ce docker-ce-cli containerd.io -y
+
+RUN git clone -b ci-fuzz https://github.com/google/oss-fuzz.git /src/oss-fuzz
+
+# Copies your code file from  action repository to the container
+COPY entrypoint.py /opt/entrypoint.py
+
+# Python file to execute when the docker container starts up
+ENTRYPOINT ["python3", "/opt/entrypoint.py"]

infra/cifuzz/actions/action.yml

@@ -0,0 +1,12 @@
+# action.yml
+name: 'build-fuzzers'
+description: "Builds an OSS-Fuzz project's fuzzers."
+inputs:
+  project-name:
+    description: 'Name of the corresponding OSS-Fuzz project.'
+    required: true
+runs:
+  using: 'docker'
+  image: 'Dockerfile'
+  env:
+    PROJECT_NAME: ${{ inputs.project-name }}

infra/cifuzz/actions/entrypoint.py

@@ -0,0 +1,57 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Builds and runs specific OSS-Fuzz project's fuzzers for CI tools."""
+
+import os
+import subprocess
+import sys
+
+
+def main():
+  """Runs OSS-Fuzz project's fuzzers for CI tools."""
+  project_name = os.environ['OSS_FUZZ_PROJECT_NAME']
+  repo_name = os.environ['GITHUB_REPOSITORY'].rsplit('/', 1)[-1]
+  commit_sha = os.environ['GITHUB_SHA']
+
+  # Build the specified project's fuzzers from the current repo state.
+  print('Building fuzzers\nproject: {0}\nrepo name: {1}\ncommit: {2}'.format(
+      project_name, repo_name, commit_sha))
+  command = [
+      'python3', '/src/oss-fuzz/infra/cifuzz.py', 'build_fuzzers', project_name,
+      repo_name, commit_sha
+  ]
+  print('Running command: "{0}"'.format(' '.join(command)))
+  try:
+    subprocess.check_call(command)
+  except subprocess.CalledProcessError as err:
+    sys.stderr.write('Error building fuzzers: "{0}"'.format(str(err)))
+    return err.returncode
+
+  # Run the specified project's fuzzers from the build.
+  command = [
+      'python3', '/src/oss-fuzz/infra/cifuzz.py', 'run_fuzzers', project_name
+  ]
+  print('Running command: "{0}"'.format(' '.join(command)))
+  try:
+    subprocess.check_call(command)
+  except subprocess.CalledProcessError as err:
+    sys.stderr.write('Error running fuzzers: "{0}"'.format(str(err)))
+    return err.returncode
+  print('Fuzzers ran successfully.')
+  return 0
+
+
+if __name__ == '__main__':
+
+  sys.exit(main())