mirror of https://github.com/google/oss-fuzz.git
95 lines
3.2 KiB
Python
95 lines
3.2 KiB
Python
# Copyright 2020 Google LLC
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
"""Builds a specific OSS-Fuzz project's fuzzers for CI tools."""
|
|
import logging
|
|
import os
|
|
import sys
|
|
|
|
import build_fuzzers
|
|
import config_utils
|
|
|
|
# pylint: disable=c-extension-no-member
|
|
# pylint gets confused because of the relative import of cifuzz.
|
|
|
|
# TODO: Turn default logging to INFO when CIFuzz is stable
|
|
logging.basicConfig(
|
|
format='%(asctime)s - %(name)s - %(levelname)s - %(message)s',
|
|
level=logging.DEBUG)
|
|
|
|
|
|
def main():
|
|
"""Build OSS-Fuzz project's fuzzers for CI tools.
|
|
This script is used to kick off the Github Actions CI tool. It is the
|
|
entrypoint of the Dockerfile in this directory. This action can be added to
|
|
any OSS-Fuzz project's workflow that uses Github.
|
|
|
|
Note: The resulting clusterfuzz binaries of this build are placed in
|
|
the directory: ${GITHUB_WORKSPACE}/out
|
|
|
|
Required environment variables:
|
|
OSS_FUZZ_PROJECT_NAME: The name of OSS-Fuzz project.
|
|
GITHUB_REPOSITORY: The name of the Github repo that called this script.
|
|
GITHUB_SHA: The commit SHA that triggered this script.
|
|
GITHUB_EVENT_NAME: The name of the hook event that triggered this script.
|
|
GITHUB_EVENT_PATH:
|
|
The path to the file containing the POST payload of the webhook:
|
|
https://help.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners#filesystems-on-github-hosted-runners
|
|
GITHUB_WORKSPACE: The shared volume directory where input artifacts are.
|
|
DRY_RUN: If true, no failures will surface.
|
|
SANITIZER: The sanitizer to use when running fuzzers.
|
|
|
|
Returns:
|
|
0 on success or 1 on failure.
|
|
"""
|
|
config = config_utils.BuildFuzzersConfig()
|
|
|
|
if config.dry_run:
|
|
# Sets the default return code on error to success.
|
|
returncode = 0
|
|
else:
|
|
# The default return code when an error occurs.
|
|
returncode = 1
|
|
|
|
if not config.workspace:
|
|
logging.error('This script needs to be run within Github actions.')
|
|
return returncode
|
|
|
|
if not build_fuzzers.build_fuzzers(config):
|
|
logging.error(
|
|
'Error building fuzzers for project %s (commit: %s, pr_ref: %s).',
|
|
config.project_name, config.commit_sha, config.pr_ref)
|
|
return returncode
|
|
|
|
out_dir = os.path.join(config.workspace, 'out')
|
|
|
|
if not config.bad_build_check:
|
|
# If we've gotten to this point and we don't need to do bad_build_check,
|
|
# then the build has succeeded.
|
|
returncode = 0
|
|
# yapf: disable
|
|
elif build_fuzzers.check_fuzzer_build(
|
|
out_dir,
|
|
config.sanitizer,
|
|
config.language,
|
|
allowed_broken_targets_percentage=config.allowed_broken_targets_percentage
|
|
):
|
|
# yapf: enable
|
|
returncode = 0
|
|
|
|
return returncode
|
|
|
|
|
|
if __name__ == '__main__':
|
|
sys.exit(main())
|