--- # vi: ts=2 sw=2 et: # SPDX-License-Identifier: LGPL-2.1-or-later # See: https://google.github.io/oss-fuzz/getting-started/continuous-integration/ name: CIFuzz permissions: contents: read on: pull_request: paths: - '**/meson.build' - '.github/workflows/**' - 'meson_options.txt' - 'src/**' - 'test/fuzz/**' - 'tools/oss-fuzz.sh' push: branches: - main jobs: Fuzzing: # FIXME: Figure out why 32-bit applications fail to run in docker on Ubuntu 24.04. runs-on: ubuntu-22.04 if: github.repository == 'systemd/systemd' concurrency: group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ matrix.architecture }}-${{ github.ref }} cancel-in-progress: true strategy: fail-fast: false matrix: sanitizer: [address, undefined, memory] architecture: [x86_64] include: - sanitizer: address architecture: i386 permissions: security-events: write steps: - name: Build Fuzzers id: build uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master with: oss-fuzz-project-name: 'systemd' dry-run: false allowed-broken-targets-percentage: 0 # keep-unaffected-fuzz-targets should be removed once https://github.com/google/oss-fuzz/issues/7011 is fixed keep-unaffected-fuzz-targets: true sanitizer: ${{ matrix.sanitizer }} architecture: ${{ matrix.architecture }} output-sarif: true - name: Run Fuzzers uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master with: oss-fuzz-project-name: 'systemd' fuzz-seconds: 600 dry-run: false sanitizer: ${{ matrix.sanitizer }} output-sarif: true - name: Upload Crash uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 if: failure() && steps.build.outcome == 'success' with: name: ${{ matrix.sanitizer }}-${{ matrix.architecture }}-artifacts path: ./out/artifacts - name: Upload Sarif if: always() && steps.build.outcome == 'success' uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 with: # Path to SARIF file relative to the root of the repository sarif_file: cifuzz-sarif/results.sarif checkout_path: cifuzz-sarif