mirror of
https://github.com/netbirdio/IronRDP.git
synced 2026-05-22 18:43:12 -07:00
Richard Markiewicz
183 lines
5.3 KiB
YAML
183 lines
5.3 KiB
YAML
name: Fuzz
|
||
|
||
on:
|
||
workflow_dispatch:
|
||
schedule:
|
||
- cron: '12 3 * * 0' # At 03:12 AM UTC on Sunday.
|
||
|
||
env:
|
||
CARGO_INCREMENTAL: 0
|
||
CARGO_NET_RETRY: 10
|
||
RUSTUP_MAX_RETRIES: 10
|
||
RUST_BACKTRACE: short
|
||
CARGO_REGISTRIES_CRATES_IO_PROTOCOL: sparse
|
||
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 1
|
||
|
||
jobs:
|
||
corpus-download:
|
||
name: Download corpus
|
||
runs-on: ubuntu-latest
|
||
env:
|
||
AZURE_STORAGE_KEY: ${{ secrets.CORPUS_AZURE_STORAGE_KEY }}
|
||
|
||
steps:
|
||
- uses: actions/checkout@v4
|
||
|
||
- name: Download fuzzing corpus
|
||
run: cargo xtask fuzz corpus-fetch -v
|
||
|
||
- name: Save corpus
|
||
uses: actions/cache/save@v4
|
||
with:
|
||
path: |
|
||
./fuzz/corpus
|
||
./fuzz/artifacts
|
||
key: fuzz-corpus-${{ github.run_id }}
|
||
|
||
fuzz:
|
||
name: Fuzzing ${{ matrix.target }}
|
||
runs-on: ubuntu-latest
|
||
needs: corpus-download
|
||
strategy:
|
||
fail-fast: false
|
||
matrix:
|
||
target: [ pdu_decoding, rle_decompression, bitmap_stream, cliprdr_format, channel_processing ]
|
||
|
||
steps:
|
||
- uses: actions/checkout@v4
|
||
|
||
- name: Download corpus
|
||
uses: actions/cache/restore@v4
|
||
with:
|
||
fail-on-cache-miss: true
|
||
path: |
|
||
./fuzz/corpus
|
||
./fuzz/artifacts
|
||
key: fuzz-corpus-${{ github.run_id }}
|
||
|
||
- name: Print corpus
|
||
run: |
|
||
tree ./fuzz/corpus
|
||
tree ./fuzz/artifacts
|
||
|
||
- name: Rust cache
|
||
uses: Swatinem/rust-cache@v2.7.3
|
||
with:
|
||
workspaces: fuzz -> target
|
||
|
||
- name: Binary cache
|
||
uses: actions/cache@v4
|
||
with:
|
||
path: ./.cargo/local_root/bin
|
||
key: ${{ runner.os }}-bin-${{ github.job }}-${{ hashFiles('xtask/src/bin_version.rs') }}
|
||
|
||
- name: Prepare runner
|
||
run: cargo xtask fuzz install -v
|
||
|
||
- name: Fuzz
|
||
run: cargo xtask fuzz run --duration 1000 --target ${{ matrix.target }} -v
|
||
|
||
- name: Minify fuzzing corpus
|
||
if: ${{ always() && !cancelled() }}
|
||
run: cargo xtask fuzz corpus-min --target ${{ matrix.target }} -v
|
||
|
||
# Use GitHub artifacts instead of cache for the updated corpus
|
||
# because same cache can’t be used by multiple jobs at the same time.
|
||
# Also, we can’t dynamically create a unique cache keys for all
|
||
# the targets, because then we can’t easily retrieve this cache
|
||
# without hardcoding a step for each one. It’s not good for maintenance.
|
||
|
||
- name: Prepare minified corpus upload
|
||
# We want to upload artifacts even if fuzzing "fails" (so we can retrieve the artifact causing the crash)
|
||
if: ${{ always() && !cancelled() }}
|
||
run: |
|
||
mkdir ${{ runner.temp }}/corpus/
|
||
cp -r ./fuzz/corpus/${{ matrix.target }} ${{ runner.temp }}/corpus
|
||
mkdir ${{ runner.temp }}/artifacts/
|
||
cp -r ./fuzz/artifacts/${{ matrix.target }} ${{ runner.temp }}/artifacts
|
||
|
||
- name: Upload minified corpus
|
||
if: ${{ always() && !cancelled() }}
|
||
uses: actions/upload-artifact@v4
|
||
with:
|
||
retention-days: 7
|
||
name: minified-corpus-${{ matrix.target }}
|
||
path: |
|
||
${{ runner.temp }}/corpus
|
||
${{ runner.temp }}/artifacts
|
||
|
||
corpus-merge:
|
||
name: Corpus merge artifacts
|
||
runs-on: ubuntu-latest
|
||
needs: fuzz
|
||
if: ${{ always() && !cancelled() }}
|
||
|
||
steps:
|
||
- name: Merge Artifacts
|
||
uses: actions/upload-artifact/merge@v4
|
||
with:
|
||
name: minified-corpus
|
||
pattern: minified-corpus-*
|
||
delete-merged: true
|
||
|
||
corpus-upload:
|
||
name: Upload corpus
|
||
runs-on: ubuntu-latest
|
||
needs: corpus-merge
|
||
if: ${{ always() && !cancelled() }}
|
||
env:
|
||
AZURE_STORAGE_KEY: ${{ secrets.CORPUS_AZURE_STORAGE_KEY }}
|
||
|
||
steps:
|
||
- uses: actions/checkout@v4
|
||
|
||
- name: Download updated corpus
|
||
uses: actions/download-artifact@v4
|
||
with:
|
||
name: minified-corpus
|
||
path: ./fuzz/
|
||
|
||
- name: Print corpus
|
||
run: |
|
||
tree ./fuzz/corpus
|
||
tree ./fuzz/artifacts
|
||
|
||
- name: Upload fuzzing corpus
|
||
run: cargo xtask fuzz corpus-push -v
|
||
|
||
- name: Clean corpus cache
|
||
run: |
|
||
curl -L \
|
||
-X DELETE \
|
||
-H "Accept: application/vnd.github+json" \
|
||
-H "Authorization: Bearer ${{ github.token }}"\
|
||
-H "X-GitHub-Api-Version: 2022-11-28" \
|
||
"${GITHUB_API_URL}/repos/${GITHUB_REPOSITORY}/actions/caches?key=fuzz-corpus-${{ github.run_id }}"
|
||
|
||
notify:
|
||
name: Notify failure
|
||
runs-on: ubuntu-latest
|
||
if: ${{ always() && contains(needs.*.result, 'failure') && github.event_name == 'schedule' }}
|
||
needs:
|
||
- fuzz
|
||
env:
|
||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_ARCHITECTURE }}
|
||
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
|
||
steps:
|
||
- name: Send slack notification
|
||
id: slack
|
||
uses: slackapi/slack-github-action@v1.26.0
|
||
with:
|
||
payload: |
|
||
{
|
||
"blocks": [
|
||
{
|
||
"type": "section",
|
||
"text": {
|
||
"type": "mrkdwn",
|
||
"text": "*${{ github.repository }}* :warning: \n Fuzz workflow for *${{ github.repository }}* <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|found a bug>"
|
||
}
|
||
}
|
||
]
|
||
}
|