[CIFuzz] Prevent action from failing option (#3315)

* Adding opt to workflow to prevent failures * fclose bug * Undoing double negitive * Undoing double negitive * Undoing double negitive * Syntax and formatting * Olivers comments * Presubmit fix * Trying boolean argument * cleaning * cleaning fuzz disassembles * Maxs comments pt.2 * Updating dry_run parse * Comments added * Formatting * Olivers comments
2020-02-03 15:35:04 -08:00 · 2020-02-03 15:35:04 -08:00 · 83d951bd1d
parent fa0ec600ff
commit 83d951bd1d
4 changed files with 35 additions and 11 deletions
--- a/infra/cifuzz/actions/action.yml
+++ b/infra/cifuzz/actions/action.yml
@ -9,9 +9,13 @@ inputs:
    description: 'The total time allotted for fuzzing in seconds.'
    required: true
    default: 360
+  dry-run:
+    description: 'If set, run the action without actually reporting a failure.'
+    default: false
 runs:
  using: 'docker'
  image: 'Dockerfile'
  env:
    PROJECT_NAME: ${{ inputs.project-name }}
    FUZZ_SECONDS: ${{ inputs.fuzz-seconds }}
+    DRY_RUN: ${{ inputs.dry-run}}
--- a/infra/cifuzz/actions/entrypoint.py
+++ b/infra/cifuzz/actions/entrypoint.py
@ -17,6 +17,7 @@ import os
 import sys

 # pylint: disable=wrong-import-position
+# pylint: disable=import-error
 sys.path.append(os.path.join(os.environ['OSS_FUZZ_ROOT'], 'infra', 'cifuzz'))
 import cifuzz

@ -49,24 +50,42 @@ def main():
  pr_ref = os.environ.get('GITHUB_REF')
  commit_sha = os.environ.get('GITHUB_SHA')
  event = os.environ.get('GITHUB_EVENT_NAME')
-
-  # Get the shared volume directory and create required directorys.
  workspace = os.environ.get('GITHUB_WORKSPACE')
+
+  # Check if failures should not be reported.
+  dry_run = (os.environ.get('DRY_RUN').lower() == 'true')
+
+  # The default return code when an error occurs.
+  error_code = 1
+  if dry_run:
+    # A testcase file is required in order for CIFuzz to surface bugs.
+    # If the file does not exist, the action will crash attempting to upload it.
+    # The dry run needs this file because it is set to upload a test case both
+    # on successful runs and on failures.
+    out_dir = os.path.join(workspace, 'out')
+    os.makedirs(out_dir, exist_ok=True)
+    file_handle = open(os.path.join(out_dir, 'testcase'), 'w')
+    file_handle.write('No bugs detected.')
+    file_handle.close()
+
+    # Sets the default return code on error to success.
+    error_code = 0
+
  if not workspace:
    logging.error('This script needs to be run in the Github action context.')
-    return 1
+    return error_code

  if event == 'push' and not cifuzz.build_fuzzers(
      oss_fuzz_project_name, github_repo_name, workspace,
      commit_sha=commit_sha):
    logging.error('Error building fuzzers for project %s with commit %s.',
                  oss_fuzz_project_name, commit_sha)
-    return 1
+    return error_code
  if event == 'pull_request' and not cifuzz.build_fuzzers(
      oss_fuzz_project_name, github_repo_name, workspace, pr_ref=pr_ref):
    logging.error('Error building fuzzers for project %s with pull request %s.',
                  oss_fuzz_project_name, pr_ref)
-    return 1
+    return error_code

  # Run the specified project's fuzzers from the build.
  run_status, bug_found = cifuzz.run_fuzzers(oss_fuzz_project_name,
@ -74,11 +93,12 @@ def main():
  if not run_status:
    logging.error('Error occured while running fuzzers for project %s.',
                  oss_fuzz_project_name)
-    return 1
+    return error_code
  if bug_found:
    logging.info('Bug found.')
-    # Return 2 when a bug was found by a fuzzer causing the CI to fail.
-    return 2
+    if not dry_run:
+      # Return 2 when a bug was found by a fuzzer causing the CI to fail.
+      return 2
  return 0


--- a/infra/cifuzz/cifuzz_test.py
+++ b/infra/cifuzz/cifuzz_test.py
@ -55,7 +55,7 @@ class BuildFuzzersIntegrationTest(unittest.TestCase):
          cifuzz.build_fuzzers(EXAMPLE_PROJECT,
                               'oss-fuzz',
                               tmp_dir,
-                               pr_ref='refs/pull/3310/merge'))
+                               pr_ref='refs/pull/1757/merge'))
      self.assertTrue(os.path.exists(os.path.join(out_path, 'do_stuff_fuzzer')))

  def test_invalid_pull_request(self):
--- a/infra/repo_manager_test.py
+++ b/infra/repo_manager_test.py
@ -116,9 +116,9 @@ class RepoManagerCheckoutPullRequestUnitTests(unittest.TestCase):
    """Tests that the git checkout pull request works."""
    with tempfile.TemporaryDirectory() as tmp_dir:
      test_repo_manager = repo_manager.RepoManager(OSS_FUZZ_REPO, tmp_dir)
-      test_repo_manager.checkout_pr('refs/pull/3310/merge')
+      test_repo_manager.checkout_pr('refs/pull/1757/merge')
      self.assertEqual(test_repo_manager.get_current_commit(),
-                       'ff00c1685ccf32f729cf6c834e641223ce6262e4')
+                       '2a2b11cc3d370db8f7bdf73046f3290a39615347')

  def test_checkout_invalid_pull_request(self):
    """Tests that the git checkout invalid pull request fails."""