Main changes:
- Fixes issues caused by go-118-fuzz-build's dependencies causing
`go.sum` to become out of sync, which results in broken build.
- Auto detects when a single project is being targeted (e.g. CI).
- Remove libgit2 dependencies that are no longer needed.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
Add support for auto discovery and build for all Go Native fuzz targets
that exist within the range of Flux org repos defined.
Support for faster CI checks by only targeting the specific project when
running against PRs.
(cc: @stefanprodan @hiddeco)
---
Would there be interest on having `loop_through_org_repositories` as
part of infra?
This would enable Go Native projects to have auto discovery of fuzzers
without the need of calling `compile_native_go_fuzzer` for each fuzzer
they add into their repos.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
fluxcd: Revert to base-builder-go
The project recently started moving into Go fuzz native, and using
the codeintelligencetesting variant is causing the error below:
ERROR: no interesting inputs were found
This PR reverts https://github.com/google/oss-fuzz/pull/7683 for fluxcd
which fixes the issue.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
Flux is made of multiple repositories, this PR extends the Fuzz coverage to:
- pkg
- notification-controller
- kustomize-controller
- helm-controller
- image-reflector-controller
- source-controller
- image-automation-controller
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Changes target the official fluxcd repository now that the
fuzzing implementation has been merged. It also delegates to each repository
the responsibility of its own build/setup via a file called oss_fuzz_build.sh.
The primary contact is now the official security contact via cncf.io.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Paulo Gomes