diff --git a/infra/cifuzz/actions/action.yml b/infra/cifuzz/actions/action.yml index 7af4bd493..72df36d54 100644 --- a/infra/cifuzz/actions/action.yml +++ b/infra/cifuzz/actions/action.yml @@ -9,9 +9,13 @@ inputs: description: 'The total time allotted for fuzzing in seconds.' required: true default: 360 + dry-run: + description: 'If set, run the action without actually reporting a failure.' + default: false runs: using: 'docker' image: 'Dockerfile' env: PROJECT_NAME: ${{ inputs.project-name }} FUZZ_SECONDS: ${{ inputs.fuzz-seconds }} + DRY_RUN: ${{ inputs.dry-run}} diff --git a/infra/cifuzz/actions/entrypoint.py b/infra/cifuzz/actions/entrypoint.py index e6802074c..7d924acff 100644 --- a/infra/cifuzz/actions/entrypoint.py +++ b/infra/cifuzz/actions/entrypoint.py @@ -17,6 +17,7 @@ import os import sys # pylint: disable=wrong-import-position +# pylint: disable=import-error sys.path.append(os.path.join(os.environ['OSS_FUZZ_ROOT'], 'infra', 'cifuzz')) import cifuzz @@ -49,24 +50,42 @@ def main(): pr_ref = os.environ.get('GITHUB_REF') commit_sha = os.environ.get('GITHUB_SHA') event = os.environ.get('GITHUB_EVENT_NAME') - - # Get the shared volume directory and create required directorys. workspace = os.environ.get('GITHUB_WORKSPACE') + + # Check if failures should not be reported. + dry_run = (os.environ.get('DRY_RUN').lower() == 'true') + + # The default return code when an error occurs. + error_code = 1 + if dry_run: + # A testcase file is required in order for CIFuzz to surface bugs. + # If the file does not exist, the action will crash attempting to upload it. + # The dry run needs this file because it is set to upload a test case both + # on successful runs and on failures. + out_dir = os.path.join(workspace, 'out') + os.makedirs(out_dir, exist_ok=True) + file_handle = open(os.path.join(out_dir, 'testcase'), 'w') + file_handle.write('No bugs detected.') + file_handle.close() + + # Sets the default return code on error to success. + error_code = 0 + if not workspace: logging.error('This script needs to be run in the Github action context.') - return 1 + return error_code if event == 'push' and not cifuzz.build_fuzzers( oss_fuzz_project_name, github_repo_name, workspace, commit_sha=commit_sha): logging.error('Error building fuzzers for project %s with commit %s.', oss_fuzz_project_name, commit_sha) - return 1 + return error_code if event == 'pull_request' and not cifuzz.build_fuzzers( oss_fuzz_project_name, github_repo_name, workspace, pr_ref=pr_ref): logging.error('Error building fuzzers for project %s with pull request %s.', oss_fuzz_project_name, pr_ref) - return 1 + return error_code # Run the specified project's fuzzers from the build. run_status, bug_found = cifuzz.run_fuzzers(oss_fuzz_project_name, @@ -74,11 +93,12 @@ def main(): if not run_status: logging.error('Error occured while running fuzzers for project %s.', oss_fuzz_project_name) - return 1 + return error_code if bug_found: logging.info('Bug found.') - # Return 2 when a bug was found by a fuzzer causing the CI to fail. - return 2 + if not dry_run: + # Return 2 when a bug was found by a fuzzer causing the CI to fail. + return 2 return 0 diff --git a/infra/cifuzz/cifuzz_test.py b/infra/cifuzz/cifuzz_test.py index 7c17b6f84..800df1b53 100644 --- a/infra/cifuzz/cifuzz_test.py +++ b/infra/cifuzz/cifuzz_test.py @@ -55,7 +55,7 @@ class BuildFuzzersIntegrationTest(unittest.TestCase): cifuzz.build_fuzzers(EXAMPLE_PROJECT, 'oss-fuzz', tmp_dir, - pr_ref='refs/pull/3310/merge')) + pr_ref='refs/pull/1757/merge')) self.assertTrue(os.path.exists(os.path.join(out_path, 'do_stuff_fuzzer'))) def test_invalid_pull_request(self): diff --git a/infra/repo_manager_test.py b/infra/repo_manager_test.py index f489b2da1..199df0181 100644 --- a/infra/repo_manager_test.py +++ b/infra/repo_manager_test.py @@ -116,9 +116,9 @@ class RepoManagerCheckoutPullRequestUnitTests(unittest.TestCase): """Tests that the git checkout pull request works.""" with tempfile.TemporaryDirectory() as tmp_dir: test_repo_manager = repo_manager.RepoManager(OSS_FUZZ_REPO, tmp_dir) - test_repo_manager.checkout_pr('refs/pull/3310/merge') + test_repo_manager.checkout_pr('refs/pull/1757/merge') self.assertEqual(test_repo_manager.get_current_commit(), - 'ff00c1685ccf32f729cf6c834e641223ce6262e4') + '2a2b11cc3d370db8f7bdf73046f3290a39615347') def test_checkout_invalid_pull_request(self): """Tests that the git checkout invalid pull request fails."""