From 027386617499ca648c1cd40a6c9a39a819070298 Mon Sep 17 00:00:00 2001 From: Frank Yung-Fong Tang Date: Fri, 19 Jul 2024 19:50:05 +0000 Subject: [PATCH] ICU-22814 Add CIFuzz to ICU See #3059 --- .github/workflows/cifuzz.yml | 52 ++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 .github/workflows/cifuzz.yml diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml new file mode 100644 index 000000000000..d4e6b5d6a4cc --- /dev/null +++ b/.github/workflows/cifuzz.yml @@ -0,0 +1,52 @@ +name: CIFuzz +on: + # comments out triggerin on PR for now + # pull_request: + # paths: + # - '**.c' + # - '**.cc' + # - '**.cpp' + # - '**.cxx' + # - '**.h' + # Only trigger by post merge for now. + push: + branches: + - main + - 'maint/maint*' +permissions: {} +jobs: + Fuzzing: + runs-on: ubuntu-latest + permissions: + security-events: write + strategy: + fail-fast: false + matrix: + sanitizer: [address, undefined] + steps: + - name: Build Fuzzers + id: build + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'icu' + sanitizer: ${{ matrix.sanitizer }} + - name: Run Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'icu' + fuzz-seconds: 600 + output-sarif: true + sanitizer: ${{ matrix.sanitizer }} + - name: Upload Crash + uses: actions/upload-artifact@v3 + if: failure() && steps.build.outcome == 'success' + with: + name: ${{ matrix.sanitizer }}-artifacts + path: ./out/artifacts + - name: Upload Sarif + if: always() && steps.build.outcome == 'success' + uses: github/codeql-action/upload-sarif@v2 + with: + # Path to SARIF file relative to the root of the repository + sarif_file: cifuzz-sarif/results.sarif + checkout_path: cifuzz-sarif