From 40fa9e5e9cccb5d36f3e4c4b4aa17ccbf58773e4 Mon Sep 17 00:00:00 2001 From: Leo Neat Date: Mon, 13 Jan 2020 15:25:12 -0800 Subject: [PATCH] [infra] CIFuzz - Add github action to OSS-Fuzz repo (#3214) --- infra/cifuzz/actions/Dockerfile | 43 ++++++++++++++++++++++ infra/cifuzz/actions/action.yml | 12 +++++++ infra/cifuzz/actions/entrypoint.py | 57 ++++++++++++++++++++++++++++++ 3 files changed, 112 insertions(+) create mode 100644 infra/cifuzz/actions/Dockerfile create mode 100644 infra/cifuzz/actions/action.yml create mode 100644 infra/cifuzz/actions/entrypoint.py diff --git a/infra/cifuzz/actions/Dockerfile b/infra/cifuzz/actions/Dockerfile new file mode 100644 index 000000000..7cd442184 --- /dev/null +++ b/infra/cifuzz/actions/Dockerfile @@ -0,0 +1,43 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +# Docker image to run CIFuzz in. + +FROM ubuntu:16.04 + +RUN apt-get update && apt-get install -y git \ + apt-transport-https \ + ca-certificates \ + curl \ + gnupg2 \ + software-properties-common \ + python3 + + +RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - && apt-key fingerprint 0EBFCD88 +RUN add-apt-repository \ + "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ + xenial \ + stable" + +RUN apt-get update && apt-get install docker-ce docker-ce-cli containerd.io -y + +RUN git clone -b ci-fuzz https://github.com/google/oss-fuzz.git /src/oss-fuzz + +# Copies your code file from action repository to the container +COPY entrypoint.py /opt/entrypoint.py + +# Python file to execute when the docker container starts up +ENTRYPOINT ["python3", "/opt/entrypoint.py"] diff --git a/infra/cifuzz/actions/action.yml b/infra/cifuzz/actions/action.yml new file mode 100644 index 000000000..11095fbf9 --- /dev/null +++ b/infra/cifuzz/actions/action.yml @@ -0,0 +1,12 @@ +# action.yml +name: 'build-fuzzers' +description: "Builds an OSS-Fuzz project's fuzzers." +inputs: + project-name: + description: 'Name of the corresponding OSS-Fuzz project.' + required: true +runs: + using: 'docker' + image: 'Dockerfile' + env: + PROJECT_NAME: ${{ inputs.project-name }} diff --git a/infra/cifuzz/actions/entrypoint.py b/infra/cifuzz/actions/entrypoint.py new file mode 100644 index 000000000..2a0415336 --- /dev/null +++ b/infra/cifuzz/actions/entrypoint.py @@ -0,0 +1,57 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Builds and runs specific OSS-Fuzz project's fuzzers for CI tools.""" + +import os +import subprocess +import sys + + +def main(): + """Runs OSS-Fuzz project's fuzzers for CI tools.""" + project_name = os.environ['OSS_FUZZ_PROJECT_NAME'] + repo_name = os.environ['GITHUB_REPOSITORY'].rsplit('/', 1)[-1] + commit_sha = os.environ['GITHUB_SHA'] + + # Build the specified project's fuzzers from the current repo state. + print('Building fuzzers\nproject: {0}\nrepo name: {1}\ncommit: {2}'.format( + project_name, repo_name, commit_sha)) + command = [ + 'python3', '/src/oss-fuzz/infra/cifuzz.py', 'build_fuzzers', project_name, + repo_name, commit_sha + ] + print('Running command: "{0}"'.format(' '.join(command))) + try: + subprocess.check_call(command) + except subprocess.CalledProcessError as err: + sys.stderr.write('Error building fuzzers: "{0}"'.format(str(err))) + return err.returncode + + # Run the specified project's fuzzers from the build. + command = [ + 'python3', '/src/oss-fuzz/infra/cifuzz.py', 'run_fuzzers', project_name + ] + print('Running command: "{0}"'.format(' '.join(command))) + try: + subprocess.check_call(command) + except subprocess.CalledProcessError as err: + sys.stderr.write('Error running fuzzers: "{0}"'.format(str(err))) + return err.returncode + print('Fuzzers ran successfully.') + return 0 + + +if __name__ == '__main__': + + sys.exit(main())