From ae5cf31a9d9e6b46d1789b0b3536d1bee1e6aecb Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Fri, 13 Sep 2024 12:23:20 -0600
Subject: [PATCH] Update CIFuzz GitHub action

---
 .github/workflows/main.yml | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 14ac25326a..82f7aad14f 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -16,25 +16,36 @@ on:
     paths:
       - '**.c'
       - '**.h'
+permissions: {}
 jobs:
   Fuzzing:
     runs-on: ubuntu-latest
+    permissions:
+      security-events: write
     steps:
     - name: Build Fuzzers
       id: build
       uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
       with:
         oss-fuzz-project-name: 'sudoers'
-        dry-run: false
+        language: c
     - name: Run Fuzzers
       uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
       with:
         oss-fuzz-project-name: 'sudoers'
+        language: c
         fuzz-seconds: 600
-        dry-run: false
+        output-sarif: true
     - name: Upload Crash
-      uses: actions/upload-artifact@v1
+      uses: actions/upload-artifact@v3
       if: failure() && steps.build.outcome == 'success'
       with:
         name: artifacts
         path: ./out/artifacts
+    - name: Upload Sarif
+      if: always() && steps.build.outcome == 'success'
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        # Path to SARIF file relative to the root of the repository
+        sarif_file: cifuzz-sarif/results.sarif
+        checkout_path: cifuzz-sarif