Skip to content

config: introduce audit options #11

config: introduce audit options

config: introduce audit options #11

Workflow file for this run

name: fuzzing

Check failure on line 1 in .github/workflows/fuzzing.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/fuzzing.yml

Invalid workflow file

you may only define one of `paths` and `paths-ignore` for a single event
on:
push:
branches:
- 'master'
- 'release/**'
tags:
- '**'
paths:
- '.github/workflows/fuzzing.yml'
- 'src/**'
- 'test/fuzz/**'
- 'test/static/corpus/**'
paths-ignore:
- '**.lua'
pull_request:
types: [opened, reopened, synchronize, labeled]
concurrency:
# Update of a developer branch cancels the previously scheduled workflow
# run for this branch. However, the 'master' branch, release branch, and
# tag workflow runs are never canceled.
#
# We use a trick here: define the concurrency group as 'workflow run ID' +
# 'workflow run attempt' because it is a unique combination for any run.
# So it effectively discards grouping.
#
# Important: we cannot use `github.sha` as a unique identifier because
# pushing a tag may cancel a run that works on a branch push event.
group: ${{ (
github.ref == 'refs/heads/master' ||
startsWith(github.ref, 'refs/heads/release/') ||
startsWith(github.ref, 'refs/tags/')) &&
format('{0}-{1}', github.run_id, github.run_attempt) ||
format('{0}-{1}', github.workflow, github.ref) }}
cancel-in-progress: true
jobs:
fuzzing:
# Run on push to the 'master' and release branches of tarantool/tarantool
# or on pull request if the 'full-ci' label is set.
if: github.repository == 'tarantool/tarantool' &&
( github.event_name != 'pull_request' ||
contains(github.event.pull_request.labels.*.name, 'full-ci') )
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
sanitizer: [address, undefined]
steps:
- name: build fuzzers (${{ matrix.sanitizer }})
id: build
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
with:
oss-fuzz-project-name: 'tarantool'
dry-run: false
sanitizer: ${{ matrix.sanitizer }}
- name: run fuzzers (${{ matrix.sanitizer }})
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
with:
oss-fuzz-project-name: 'tarantool'
fuzz-seconds: 600
dry-run: false
sanitizer: ${{ matrix.sanitizer }}
- uses: actions/checkout@v3
id: checkout
if: failure()
with:
path: tarantool
- name: Send VK Teams message on failure
if: failure() && steps.checkout.outcome == 'success'
uses: ./tarantool/.github/actions/report-job-status
with:
bot-token: ${{ secrets.VKTEAMS_BOT_TOKEN }}
- name: upload crash
uses: actions/upload-artifact@v3
if: failure() && steps.build.outcome == 'success'
with:
name: ${{ matrix.sanitizer }}-artifacts
retention-days: 21
path: ./out/artifacts