[CIFuzz] Prevent action from failing option (#3315)

* Adding opt to workflow to prevent failures

* fclose bug

* Undoing double negitive

* Undoing double negitive

* Undoing double negitive

* Syntax and formatting

* Olivers comments

* Presubmit fix

* Trying boolean argument

* cleaning

* cleaning fuzz disassembles

* Maxs comments pt.2

* Updating dry_run parse

* Comments added

* Formatting

* Olivers comments

4 files changed, 35 insertions, 11 deletions

diff --git a/infra/cifuzz/actions/action.yml b/infra/cifuzz/actions/action.yml
index 7af4bd49..72df36d5 100644
--- a/infra/cifuzz/actions/action.yml
+++ b/infra/cifuzz/actions/action.yml
@@ -9,9 +9,13 @@ inputs:
     description: 'The total time allotted for fuzzing in seconds.'
     required: true
     default: 360
+  dry-run:
+    description: 'If set, run the action without actually reporting a failure.'
+    default: false
 runs:
   using: 'docker'
   image: 'Dockerfile'
   env:
     PROJECT_NAME: ${{ inputs.project-name }}
     FUZZ_SECONDS: ${{ inputs.fuzz-seconds }}
+    DRY_RUN: ${{ inputs.dry-run}}
diff --git a/infra/cifuzz/actions/entrypoint.py b/infra/cifuzz/actions/entrypoint.py
index e6802074..7d924acf 100644
--- a/infra/cifuzz/actions/entrypoint.py
+++ b/infra/cifuzz/actions/entrypoint.py
@@ -17,6 +17,7 @@ import os
 import sys
 
 # pylint: disable=wrong-import-position
+# pylint: disable=import-error
 sys.path.append(os.path.join(os.environ['OSS_FUZZ_ROOT'], 'infra', 'cifuzz'))
 import cifuzz
 
@@ -49,24 +50,42 @@ def main():
   pr_ref = os.environ.get('GITHUB_REF')
   commit_sha = os.environ.get('GITHUB_SHA')
   event = os.environ.get('GITHUB_EVENT_NAME')
-
-  # Get the shared volume directory and create required directorys.
   workspace = os.environ.get('GITHUB_WORKSPACE')
+
+  # Check if failures should not be reported.
+  dry_run = (os.environ.get('DRY_RUN').lower() == 'true')
+
+  # The default return code when an error occurs.
+  error_code = 1
+  if dry_run:
+    # A testcase file is required in order for CIFuzz to surface bugs.
+    # If the file does not exist, the action will crash attempting to upload it.
+    # The dry run needs this file because it is set to upload a test case both
+    # on successful runs and on failures.
+    out_dir = os.path.join(workspace, 'out')
+    os.makedirs(out_dir, exist_ok=True)
+    file_handle = open(os.path.join(out_dir, 'testcase'), 'w')
+    file_handle.write('No bugs detected.')
+    file_handle.close()
+
+    # Sets the default return code on error to success.
+    error_code = 0
+
   if not workspace:
     logging.error('This script needs to be run in the Github action context.')
-    return 1
+    return error_code
 
   if event == 'push' and not cifuzz.build_fuzzers(
       oss_fuzz_project_name, github_repo_name, workspace,
       commit_sha=commit_sha):
     logging.error('Error building fuzzers for project %s with commit %s.',
                   oss_fuzz_project_name, commit_sha)
-    return 1
+    return error_code
   if event == 'pull_request' and not cifuzz.build_fuzzers(
       oss_fuzz_project_name, github_repo_name, workspace, pr_ref=pr_ref):
     logging.error('Error building fuzzers for project %s with pull request %s.',
                   oss_fuzz_project_name, pr_ref)
-    return 1
+    return error_code
 
   # Run the specified project's fuzzers from the build.
   run_status, bug_found = cifuzz.run_fuzzers(oss_fuzz_project_name,
@@ -74,11 +93,12 @@ def main():
   if not run_status:
     logging.error('Error occured while running fuzzers for project %s.',
                   oss_fuzz_project_name)
-    return 1
+    return error_code
   if bug_found:
     logging.info('Bug found.')
-    # Return 2 when a bug was found by a fuzzer causing the CI to fail.
-    return 2
+    if not dry_run:
+      # Return 2 when a bug was found by a fuzzer causing the CI to fail.
+      return 2
   return 0
 
 
diff --git a/infra/cifuzz/cifuzz_test.py b/infra/cifuzz/cifuzz_test.py
index 7c17b6f8..800df1b5 100644
--- a/infra/cifuzz/cifuzz_test.py
+++ b/infra/cifuzz/cifuzz_test.py
@@ -55,7 +55,7 @@ class BuildFuzzersIntegrationTest(unittest.TestCase):
           cifuzz.build_fuzzers(EXAMPLE_PROJECT,
                                'oss-fuzz',
                                tmp_dir,
-                               pr_ref='refs/pull/3310/merge'))
+                               pr_ref='refs/pull/1757/merge'))
       self.assertTrue(os.path.exists(os.path.join(out_path, 'do_stuff_fuzzer')))
 
   def test_invalid_pull_request(self):
diff --git a/infra/repo_manager_test.py b/infra/repo_manager_test.py
index f489b2da..199df018 100644
--- a/infra/repo_manager_test.py
+++ b/infra/repo_manager_test.py
@@ -116,9 +116,9 @@ class RepoManagerCheckoutPullRequestUnitTests(unittest.TestCase):
     """Tests that the git checkout pull request works."""
     with tempfile.TemporaryDirectory() as tmp_dir:
       test_repo_manager = repo_manager.RepoManager(OSS_FUZZ_REPO, tmp_dir)
-      test_repo_manager.checkout_pr('refs/pull/3310/merge')
+      test_repo_manager.checkout_pr('refs/pull/1757/merge')
       self.assertEqual(test_repo_manager.get_current_commit(),
-                       'ff00c1685ccf32f729cf6c834e641223ce6262e4')
+                       '2a2b11cc3d370db8f7bdf73046f3290a39615347')
 
   def test_checkout_invalid_pull_request(self):
     """Tests that the git checkout invalid pull request fails."""