When my other pr was running i noticed
```
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3, actions/setup-python@v3, actions/setup-go@v4, actions/github-script@v6. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
```
At the end of the Summary. I have updated those actions in all workflows
using them.
My understanding is that basically only `git docker.io python` are
needed for oss-fuzz, so 5 GB of the largest packages and 20+ GB of
folders can be dropped from the CI image to make room for other stuff.
This PR enables using Jazzer.js for fuzzing Node.js projects in
OSS-Fuzz.
Part of #8324
---------
Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
* Add Centipede as a fuzzer
* Specify dictionary param of Centipede
* Update docs
* Mark Centipede as experimental
* More accurate description
* Remove garbage
* Simplify code
* Move mkdir to dockerfile
* Add the weak.c trick
* Install deps with Centipede's script & uninstall new deps
* Fix doc
* Reuse libweak_sancov_stubs.so
* Reorganise flags
* format
* Consistent file type
* Reuse the weak references defined in Centipede
* Replace the shared library of weak symbols with a static one
* Correct the place to call mkdir
* Allow 2G of SHM for Centipede
* Create dirs in run_fuzzer
* Keep Centipede up-to-date
* Avoid duplicating Centipede's binary
* The params of Centipede and their explanations
* The engine info of centipede
* Save the target binary (with san) in a subdir of the project
* Set the target (with san) dir in check_build
* Create the target (with san) first to avoid side-effects
* Fic clone
* Fix format
* Add periods
* Fix comments
* Fix dirs
* Fix parameters
* Adding Centipede as a fuzzing engine for Scarecrow
* Add CI support
* Represent sanitizer with a variable
* Remove the unnecessary definition of FUZZER_OUT
* Reorganise binary directories
* format
* A minor note
* Present issues with dirs that alread exist
* Use os.path.join to join path
* Make a function to get the out/ in check build
* Reusing existing flags in .bazel
* Avoid hardcoding sanitizer, set rss_limit_mb=4096, leave address_space_limit_mb disabled
* Better ways to add bazel build options
* A better way to add bazel flags
* Remove redundant --bazelrc
* Better Cohesion
* Avoid code duplication
* Simplify code
* Exit on crash
👋 hello there! I'm a fellow Googler who works on projects that leverage GitHub Actions for CI/CD. Recently I noticed a large increase in our queue time, and I've tracked it down to the [limit of 180 concurrent jobs](https://docs.github.com/en/actions/reference/usage-limits-billing-and-administration) for an organization. To help be better citizens, I'm proposing changes across a few repositories that will reduce GitHub Actions hours and consumption. I hope these changes are reasonable and I'm happy to talk through them in more detail.
- Only run GitHub Actions for pushes and PRs against the main branch of the repository. If your team uses a forking model, this change will not affect you. If your team pushes branches to the repository directly, this changes actions to only run against the primary branches or if you open a Pull Request against a primary branch.
- For long-running jobs (especially tests), I added the "Cancel previous" workflow. This is very helpful to prevent a large queue backlog when you are doing rapid development and pushing multiple commits. Without this, GitHub Actions' default behavior is to run all actions on all commits.
There are other changes you could make, depending on your project (but I'm not an expert):
- If you have tests that should only run when a subset of code changes, consider gating your workflow to particular file paths. For example, we have some jobs that do Terraform linting, but [they only run when Terraform files are changed](c4f59fee71/.github/workflows/terraform.yml (L3-L11)).
Hopefully these changes are not too controversial and also hopefully you can see how this would reduce actions consumption to be good citizens to fellow Googlers. If you have any questions, feel free to respond here or ping me on chat. Thank you!
* [util-linux] cover mnt_table_parse_stream
Waiting for https://github.com/karelzak/util-linux/pull/1068
* temporarily point OSS-Fuzz to evverx/util-linux
* make sure it can be built with sanitizer=coverage
DavidKorczynski