Commit Graph

48 Commits

Author SHA1 Message Date
jonathanmetzman 43710cf617
Switch to github's native action cancellation mechanism (#10518) 2023-06-13 11:58:08 -04:00
Holly Gong 3d45ccbed2
Update pr helper trigger on pull_request_target (#10484)
[PR helper failed
](https://github.com/google/oss-fuzz/actions/runs/5193059405/jobs/9364838612)on
fork branch as the [maximum access for pull requests from public forked
repositories is
read](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token).
Convert to [pull_request_target
](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target).
Difference between pull_request and pull_request_target: [github
blog](https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/),
[stack
overflow](https://stackoverflow.com/questions/74957218/what-is-the-difference-between-pull-request-and-pull-request-target-event-in-git#:~:text=on%20this%20post.-,What%20is%20the%20difference%20between%20pull_request%20and%20pull_request_target%20event%20in,as%20the%20pull_request%20event%20does).
2023-06-08 10:29:42 +10:00
Holly Gong 8302aede5e
Add project integration PR helper (#10376)
Sample PRs (external users):
In the contact list:
https://github.com/google/oss-fuzz/pull/10422#issuecomment-1567849463
Previous contributed:
https://github.com/google/oss-fuzz/pull/10419#issuecomment-1567789169
Unknown contributor:
https://github.com/google/oss-fuzz/pull/10416#issuecomment-1567755392
Integrating new project:
https://github.com/google/oss-fuzz/pull/10439#issuecomment-1572939010

Skip commenting for internal members
2023-06-06 04:35:46 +00:00
jonathanmetzman d30ef648cd
Remove none build from CI. (#10189)
It adds an unsupported and unused libfuzzer-none build. We already have
a centipede-none build explicitly there.
2023-04-30 21:40:06 -04:00
jonathanmetzman 90b08f8b5c
Remove useless file (#10188)
This CODEOWNERS file doesn't do anything when the owners are not project
maintainers.
2023-04-28 13:41:43 -04:00
MarcoFalke b7f04d7822
ci: Double free space from 30 GB to 60 GB (#9836)
My understanding is that basically only `git docker.io python` are
needed for oss-fuzz, so 5 GB of the largest packages and 20+ GB of
folders can be dropped from the CI image to make room for other stuff.
2023-03-02 14:07:26 -05:00
manunio 74dbbcce98
Update header lint source extension (#9840)
This pr
- Removes duplicate extension from sourceFileExtensions
- Adds `swift` extension as its a oss-fuzz supported language and there
exists a project with .swift extension files.
https://github.com/google/oss-fuzz/tree/master/projects/swift-nio
2023-03-01 16:44:39 -05:00
jonathanmetzman 0d84900126
Add header linter config (#9826) 2023-02-28 17:58:44 -05:00
jonathanmetzman 7d75ea2605
Add centipede-none job to CI (#9600) 2023-02-06 15:47:29 -05:00
jonathanmetzman a99ad73548
Change order of tests so most important is first (#9597) 2023-02-06 12:34:50 -05:00
Khaled Yakdan dc2f5f4be8
Integrate Jazzer.js (#9466)
This PR enables using Jazzer.js for fuzzing Node.js projects in
OSS-Fuzz.

Part of #8324

---------

Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
2023-01-31 11:31:54 -05:00
Jongwoo Han 58ad90a61a
Use setup-python action to cache dependencies (#9159)
Signed-off-by: jongwooo <jongwooo.han@gmail.com>

## Details

Updated workflows to cache dependencies using
[actions/setup-python](https://github.com/actions/setup-python#caching-packages-dependencies).
`setup-python@v3` or newer has caching **built-in**.

### AS-IS

```yaml
- name: Setup python environment
  uses: actions/setup-python@v3
  with:
    python-version: 3.8
```

### TO-BE

```yaml
- name: Setup python environment
  uses: actions/setup-python@v3
  with:
    python-version: 3.8
    cache: pip
    cache-dependency-path: |
      infra/ci/requirements.txt
      infra/build/functions/requirements.txt
      infra/cifuzz/requirements.txt
```

## References

-
[https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows)
-
[https://thearchivelog.dev/article/caching-dependencies-to-speed-up-workflows/](https://thearchivelog.dev/article/caching-dependencies-to-speed-up-workflows/)

Signed-off-by: jongwooo <jongwooo.han@gmail.com>
2023-01-30 12:09:06 -05:00
jonathanmetzman d65ec09e59
Undo accidental commit 2022-12-27 12:40:55 -05:00
jonathanmetzman 40339f9997
Update project_tests.yml 2022-12-27 12:13:33 -05:00
jonathanmetzman a9f9cda4cc
Fuzz OSS-Fuzz with Atheris and ClusterFuzzLite (#8985) 2022-11-30 15:37:36 -05:00
Dongge Liu 22488896f6
Centipede integration (#8046)
* Add Centipede as a fuzzer

* Specify dictionary param of Centipede

* Update docs

* Mark Centipede as experimental

* More accurate description

* Remove garbage

* Simplify code

* Move mkdir to dockerfile

* Add the weak.c trick

* Install deps with Centipede's script & uninstall new deps

* Fix doc

* Reuse libweak_sancov_stubs.so

* Reorganise flags

* format

* Consistent file type

* Reuse the weak references defined in Centipede

* Replace the shared library of weak symbols with a static one

* Correct the place to call mkdir

* Allow 2G of SHM for Centipede

* Create dirs in run_fuzzer

* Keep Centipede up-to-date

* Avoid duplicating Centipede's binary

* The params of Centipede and their explanations

* The engine info of centipede

* Save the target binary (with san) in a subdir of the project

* Set the target (with san) dir in check_build

* Create the target (with san) first to avoid side-effects

* Fic clone

* Fix format

* Add periods

* Fix comments

* Fix dirs

* Fix parameters

* Adding Centipede as a fuzzing engine for Scarecrow

* Add CI support

* Represent sanitizer with a variable

* Remove the unnecessary definition of FUZZER_OUT

* Reorganise binary directories

* format

* A minor note

* Present issues with dirs that alread exist

* Use os.path.join to join path

* Make a function to get the out/ in check build

* Reusing existing flags in .bazel

* Avoid hardcoding sanitizer, set rss_limit_mb=4096, leave address_space_limit_mb disabled

* Better ways to add bazel build options

* A better way to add bazel flags

* Remove redundant --bazelrc

* Better Cohesion

* Avoid code duplication

* Simplify code

* Exit on crash
2022-09-06 02:34:58 +00:00
jonathanmetzman 2c85d1b848
Revert "[aarch64] Add ARM support to GHA CI. (#8333)" (#8337)
This reverts commit 5ccb903f17.
2022-08-23 17:42:35 -04:00
jonathanmetzman 5ccb903f17
[aarch64] Add ARM support to GHA CI. (#8333)
This uses emulation and depends on:
https://github.com/google/oss-fuzz/pull/8332
Related: #8164
2022-08-23 14:12:29 -04:00
jonathanmetzman c113501247
Upgrade to codeqlv2 to avoid warning (#8272)
* Upgrade to codeqlv2 to avoid warning

* debug
2022-08-16 17:08:56 -07:00
jonathanmetzman 427c930c2e
[wycheproof] Add CI support (#8040)
Update project_tests.yml
2022-07-20 14:36:44 -04:00
jonathanmetzman b595703133
Remove dfsan build from CI. (#7969)
Related: #7964
2022-07-07 13:28:34 +02:00
dependabot[bot] 3a216f4e7a
build(deps): bump actions/setup-python from 2 to 3 (#7438)
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 3.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-24 13:29:23 -04:00
jonathanmetzman df0e13ebda
Remove dependabot (#7453) 2022-03-24 11:40:31 -04:00
dependabot[bot] d3110f33c8
build(deps): bump actions/checkout from 2 to 3 (#7440)
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-24 10:20:31 -04:00
dependabot[bot] 9685020357
build(deps): bump styfle/cancel-workflow-action from 0.8.0 to 0.9.1 (#7444)
Bumps [styfle/cancel-workflow-action](https://github.com/styfle/cancel-workflow-action) from 0.8.0 to 0.9.1.
- [Release notes](https://github.com/styfle/cancel-workflow-action/releases)
- [Commits](https://github.com/styfle/cancel-workflow-action/compare/0.8.0...0.9.1)

---
updated-dependencies:
- dependency-name: styfle/cancel-workflow-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-24 10:10:34 -04:00
jonathanmetzman 2e0e3302c1
Add dependabot file (#7431) 2022-03-24 08:47:39 -04:00
jonathanmetzman 47c72110f9
Add codeql (#7428)
Related: #7425
2022-03-24 08:47:15 -04:00
jonathanmetzman 1f8d89be68
Fix permissions on Github Actions jobs (#7430)
Related: #7425
2022-03-23 15:09:50 -05:00
jonathanmetzman 8b155c551a
Pin setup gcloud action to v0 because master branch is deprecated. (#7416) 2022-03-21 22:23:27 -04:00
Oliver Chang fd34d343c3
Use libClusterFuzz for CIFuzz fuzzing and pruning. (#6375)
Part of #6326.
2021-09-13 12:16:13 +10:00
Roman Lebedev 0b49925661
[RawSpeed] Reenable errneously disabled MSan build (#6401)
I was not notified about that change, which i believe to be errneous.
The fuzzers built here do *not* link to *any* outside libraries.

Refs. https://github.com/google/oss-fuzz/pull/6281
Refs. https://github.com/google/oss-fuzz/issues/6294
2021-09-04 09:09:49 -07:00
jonathanmetzman 264c160e3a
[cifuzz] Add basic end-to-end tests. (#6139)
This test doesn't really do diffing or affected fuzzers properly.
Nor does it check the workspace for existence of certain things, nor
does check the filesystem for proof things happened. It is still
a WIP.
2021-08-03 15:40:31 -07:00
jonathanmetzman c240ebb0f6
[CI] Switch to google-github-actions/setup-gcloud (#5956)
GoogleCloudPlatform/github-actions/setup-gcloud is deprecated.
2021-06-21 11:52:26 -07:00
MarcoFalke aed20a9b62
ci: Fix get_changed_files_output (#5944)
* ci: Fix get_changed_files_output

* Update project_tests.yml

* ci: Fix presubmit checks

* ci: Use fetch-depth:0 instead of --unshallow
2021-06-21 07:14:41 -07:00
Seth Vargo 3a879b729a
Improve Actions hygiene (#5361)
👋 hello there! I'm a fellow Googler who works on projects that leverage GitHub Actions for CI/CD. Recently I noticed a large increase in our queue time, and I've tracked it down to the [limit of 180 concurrent jobs](https://docs.github.com/en/actions/reference/usage-limits-billing-and-administration) for an organization. To help be better citizens, I'm proposing changes across a few repositories that will reduce GitHub Actions hours and consumption. I hope these changes are reasonable and I'm happy to talk through them in more detail.

- Only run GitHub Actions for pushes and PRs against the main branch of the repository. If your team uses a forking model, this change will not affect you. If your team pushes branches to the repository directly, this changes actions to only run against the primary branches or if you open a Pull Request against a primary branch.

- For long-running jobs (especially tests), I added the "Cancel previous" workflow. This is very helpful to prevent a large queue backlog when you are doing rapid development and pushing multiple commits. Without this, GitHub Actions' default behavior is to run all actions on all commits.

There are other changes you could make, depending on your project (but I'm not an expert):

- If you have tests that should only run when a subset of code changes, consider gating your workflow to particular file paths. For example, we have some jobs that do Terraform linting, but [they only run when Terraform files are changed](c4f59fee71/.github/workflows/terraform.yml (L3-L11)).

Hopefully these changes are not too controversial and also hopefully you can see how this would reduce actions consumption to be good citizens to fellow Googlers. If you have any questions, feel free to respond here or ping me on chat. Thank you!
2021-03-10 18:14:23 -08:00
jonathanmetzman 6e38a76220
[infra] Improve test speed (#5118)
Make unittests take 20 seconds to run instead of 35.
Make integration tests take 50 seconds to run instead of 6 minutes.
Make CI take 6 minutes instead of 12 minutes.

1. Allow running tests in parallel. Locally this takes the time for running all tests (including integration tests) from 6 minutes to ~50 seconds. We don't do parallel by default since it doesn't really save any time unless running integration tests on my machine (probably due to overhead of starting ~70 processes). This also speeds up CI from about 12 minutes to 6 minutes  (since github actions has 2 cores per machine).
2. Fix how we run tests. I'm not exactly sure why, but the method we used for discovering tests, recursing through every directory and passing to unittest caused the build/infra tests to execute twice. Fixing this makes running unittests take ~20 seconds instead of ~35.

This change also uses pytest for running tests since it's easy to use it to run tests in parallel.
This change was made possible by #5113
2021-02-05 06:10:42 -08:00
Jonathan Metzman 34d86accb0 Remove unnecessary stuff 2021-01-20 15:58:18 -08:00
jonathanmetzman 2a1194c939
Improve CIFuzz tests (#4868)
1. Fix problem where permissions were being changed to root by non-root test (test was doing this by invoking test_all.py within docker).
2. Mark tests as integration tests so that cifuzz_test.py can be run in a reasonable amount of time.
3. Prevent some unittests from polluting source repo.
4. Add .venv to .gitignore
5. Rename test_test_all.py to the correctly formatted name "test_all_test.py"
2020-12-18 10:37:56 -08:00
Abhishek Arya b9e6a5fc74
Revert msan patch (#4788)
* Revert "Fix msan build breakage. (#4787)"

This reverts commit 8f4d1b237d.

* Revert "Clean up MemorySanitizer library warnings (#4694)"

This reverts commit 6fc050ec9e.
2020-12-04 19:44:46 -08:00
David Cook 6fc050ec9e
Clean up MemorySanitizer library warnings (#4694)
* Update infra/base-images/all.sh

Add build of base-sanitizer-libs-builder and msan-libs-builder to this
shell script.

* msan: Don't warn on un-instrumented standard libs

These libraries do not need to be built with instrumentation, because
MemorySanitizer includes interceptors for them.

* Fix indentation

* Add missing docstrings

* Fix unused variable

* Fix invalid names

* Install python-apt on CI

* Revert "Install python-apt on CI"

This reverts commit d3da49cf90.

* Install and use python-apt in system directory

* Revert "Install and use python-apt in system directory"

This reverts commit e0ede101fb.

* Build python-apt from source

* Check out correct version of python-apt

* Fix octal literals

* More indentation fixes

* Add more missing docstrings

* Change variable names of opened files

* Remove unused import

* Ignore lints about package.Package API

* Fix or ignore remaining invalid names

* Fix apparent typo in compiler_wrapper_test.py

-z should precede a keyword, not a long option

* Fix use of xrange

* Style fixes, compiler_wrapper

* Fix apparent error in compiler_wrapper_test.py

Similar to the previous error, the test case would pass "-z
--no-undefined" to the linker. "-z" only has an effect when it is
followed by a keyword, otherwise ld ignores it and prints a warning
message. In this test case, "-z" and "--no-undefined" were passed in two
separate "-Wl," compiler arguments, but they reflect a common issue.

* Add missing license header

* Rename more functions

* Better name for global variable

* Rename methods of Package

* Rename functions in msan_builder.py

* Fix invalid variable names

* Fix useless-object-inheritance

* pylint: Fixes for Package and its subclasses

* Remove unused imports

* Indentation fixes

* Fix too-may-locals error in msan_build.py

* Add missing docstrings
2020-12-03 07:52:36 +11:00
jonathanmetzman ee7031c4a5
Fix permission denied errors on CI in unittests (#4664)
Also remove usrstcp from the repos we do tests since they no longer work with usrstcp (repo history seems to have been rewritten).
2020-11-20 10:39:19 -08:00
Abhishek Arya cfb18fbea7
CI fix. (#4139) 2020-07-15 09:46:24 -07:00
kabeer27 2201c8f46c
Missing hyphen (#4106)
* Missing hyphen

* Testing infra-tests

* Testing ingra-tests

* Testing infra-tests

* Undoing license header changes

Co-authored-by: Kabeer Seth <kabeerseth@google.com>
2020-07-10 05:55:36 -07:00
kabeer27 bbb5d82fc9
Test fix pip installs (#4099) 2020-07-09 11:13:30 -07:00
kabeer27 d15dc2a88f
Renaming infra/build/functions files (#4031)
Renamed main.py to sync.py
and test_sync.py to sync_test.py

Co-authored-by: Kabeer Seth <kabeerseth@google.com>
2020-06-29 11:10:47 +10:00
Evgeny Vereshchagin 25cff8db8e
[util-linux] cover mnt_table_parse_stream (#4032)
* [util-linux] cover mnt_table_parse_stream

Waiting for https://github.com/karelzak/util-linux/pull/1068

* temporarily point OSS-Fuzz to evverx/util-linux

* make sure it can be built with sanitizer=coverage
2020-06-25 15:35:44 -07:00
kabeer27 181812050d
Cloud function for syncing OSS-Fuzz projects (#3538). (#4023)
Integrating the first cloud function i implemented which syncs the project list from github and uploads the list to cloud datastore, which will be used by another cloud function to request builds.

Co-authored-by: Kabeer Seth <kabeerseth@google.com>
2020-06-25 13:41:04 +10:00
Abhishek Arya 7101ec4d4b
Add Github Actions CI. (#3971) 2020-06-12 14:39:16 -07:00