[CIFuzz] Prevent action from failing option (#3315)

* Adding opt to workflow to prevent failures

* fclose bug

* Undoing double negitive

* Undoing double negitive

* Undoing double negitive

* Syntax and formatting

* Olivers comments

* Presubmit fix

* Trying boolean argument

* cleaning

* cleaning fuzz disassembles

* Maxs comments pt.2

* Updating dry_run parse

* Comments added

* Formatting

* Olivers comments

2 files changed, 32 insertions, 8 deletions

diff --git a/infra/cifuzz/actions/action.yml b/infra/cifuzz/actions/action.yml
index 7af4bd49..72df36d5 100644
--- a/infra/cifuzz/actions/action.yml
+++ b/infra/cifuzz/actions/action.yml
@@ -9,9 +9,13 @@ inputs:
     description: 'The total time allotted for fuzzing in seconds.'
     required: true
     default: 360
+  dry-run:
+    description: 'If set, run the action without actually reporting a failure.'
+    default: false
 runs:
   using: 'docker'
   image: 'Dockerfile'
   env:
     PROJECT_NAME: ${{ inputs.project-name }}
     FUZZ_SECONDS: ${{ inputs.fuzz-seconds }}
+    DRY_RUN: ${{ inputs.dry-run}}
diff --git a/infra/cifuzz/actions/entrypoint.py b/infra/cifuzz/actions/entrypoint.py
index e6802074..7d924acf 100644
--- a/infra/cifuzz/actions/entrypoint.py
+++ b/infra/cifuzz/actions/entrypoint.py
@@ -17,6 +17,7 @@ import os
 import sys
 
 # pylint: disable=wrong-import-position
+# pylint: disable=import-error
 sys.path.append(os.path.join(os.environ['OSS_FUZZ_ROOT'], 'infra', 'cifuzz'))
 import cifuzz
 
@@ -49,24 +50,42 @@ def main():
   pr_ref = os.environ.get('GITHUB_REF')
   commit_sha = os.environ.get('GITHUB_SHA')
   event = os.environ.get('GITHUB_EVENT_NAME')
-
-  # Get the shared volume directory and create required directorys.
   workspace = os.environ.get('GITHUB_WORKSPACE')
+
+  # Check if failures should not be reported.
+  dry_run = (os.environ.get('DRY_RUN').lower() == 'true')
+
+  # The default return code when an error occurs.
+  error_code = 1
+  if dry_run:
+    # A testcase file is required in order for CIFuzz to surface bugs.
+    # If the file does not exist, the action will crash attempting to upload it.
+    # The dry run needs this file because it is set to upload a test case both
+    # on successful runs and on failures.
+    out_dir = os.path.join(workspace, 'out')
+    os.makedirs(out_dir, exist_ok=True)
+    file_handle = open(os.path.join(out_dir, 'testcase'), 'w')
+    file_handle.write('No bugs detected.')
+    file_handle.close()
+
+    # Sets the default return code on error to success.
+    error_code = 0
+
   if not workspace:
     logging.error('This script needs to be run in the Github action context.')
-    return 1
+    return error_code
 
   if event == 'push' and not cifuzz.build_fuzzers(
       oss_fuzz_project_name, github_repo_name, workspace,
       commit_sha=commit_sha):
     logging.error('Error building fuzzers for project %s with commit %s.',
                   oss_fuzz_project_name, commit_sha)
-    return 1
+    return error_code
   if event == 'pull_request' and not cifuzz.build_fuzzers(
       oss_fuzz_project_name, github_repo_name, workspace, pr_ref=pr_ref):
     logging.error('Error building fuzzers for project %s with pull request %s.',
                   oss_fuzz_project_name, pr_ref)
-    return 1
+    return error_code
 
   # Run the specified project's fuzzers from the build.
   run_status, bug_found = cifuzz.run_fuzzers(oss_fuzz_project_name,
@@ -74,11 +93,12 @@ def main():
   if not run_status:
     logging.error('Error occured while running fuzzers for project %s.',
                   oss_fuzz_project_name)
-    return 1
+    return error_code
   if bug_found:
     logging.info('Bug found.')
-    # Return 2 when a bug was found by a fuzzer causing the CI to fail.
-    return 2
+    if not dry_run:
+      # Return 2 when a bug was found by a fuzzer causing the CI to fail.
+      return 2
   return 0