diff options
author | 2020-01-29 11:03:43 -0800 | |
---|---|---|
committer | 2020-01-29 11:03:43 -0800 | |
commit | 8ffc6db00c83e5f75e92b3c4c63c1924597711a1 (patch) | |
tree | 7cca59f92af682000c57be2e0b8ad5e926e8701f /infra/cifuzz/actions | |
parent | 4dc4c0240f96105f2330a0fc1f5f321a6e796ddb (diff) |
[Infra] CIFuzz pipeline complete. (#3281)
* Testing action build
* Testing action build
* Testing action build
* Testing action build
* Testing action build
* Testing action build
* Testing action build
* Testing action build
* Testing action build
* Testing action build
* Testing action build
* Testing action build
* Testing action build
* Testing action build
* Testing action build
* Testing action build
* Testing action build
* Testing action build
* Testing action build
* Testing action build
* Testing action build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working build
* Working fuzzers with out error surface
* Working fuzzers with out error surface
* Working fuzzers with out error surface
* Printing std err
* Adding fuzzer timeout
* Adding fuzzer timeout
* Changing fuzzer timeout to fuzz time
* Formatting and refactoring
* Spelling in fuzz_target.py
* Spelling in fuzz_target.py
* Spelling in fuzz_target.py
* Upload artifact fix
* Upload artifact fix
* Upload artifact fix
* Upload artifact fix
* Upload artifact fix
* Upload artifact fix
* Upload artifact fix
* Refactoring error codes.
* reverting helper.py
* reverting helper.py
* reverting helper.py
* chaning method to static
* moving cifuzz file
* Jonathan changes
* Oliver and Jonathan comments
* Oliver and Jonathan comments
* Oliver and Jonathan comments
* Utils unit tests
* Test formatting and documentation
* Build fuzzer test added
* Changed repo manager errors
* Unit and integration tests complete
* Jonathan comments pt.1
* Jonathan comments pt.1
* Jonathan comments pt.1
* adding cifuzz_test
* Build fuzzer test completed
* Run fuzzers test finished.
* Removed SRC dependency
* Jonathan comments pt.2
* Max comments pt.1
* Max comments pt.2
* removing log specified out stream
* Max comments pt.3
* Adding OSS_FUZZ_HOME env var
* Jonathan comments pt.3
* Formatting
* Olivers comments
* Jonathan comments
Diffstat (limited to 'infra/cifuzz/actions')
-rw-r--r-- | infra/cifuzz/actions/Dockerfile | 3 | ||||
-rw-r--r-- | infra/cifuzz/actions/action.yml | 5 | ||||
-rw-r--r-- | infra/cifuzz/actions/entrypoint.py | 82 |
3 files changed, 60 insertions, 30 deletions
diff --git a/infra/cifuzz/actions/Dockerfile b/infra/cifuzz/actions/Dockerfile index 7cd44218..fe69d00c 100644 --- a/infra/cifuzz/actions/Dockerfile +++ b/infra/cifuzz/actions/Dockerfile @@ -34,7 +34,8 @@ RUN add-apt-repository \ RUN apt-get update && apt-get install docker-ce docker-ce-cli containerd.io -y -RUN git clone -b ci-fuzz https://github.com/google/oss-fuzz.git /src/oss-fuzz +ENV OSS_FUZZ_ROOT=/opt/oss-fuzz +RUN git clone https://github.com/google/oss-fuzz.git ${OSS_FUZZ_ROOT} # Copies your code file from action repository to the container COPY entrypoint.py /opt/entrypoint.py diff --git a/infra/cifuzz/actions/action.yml b/infra/cifuzz/actions/action.yml index 11095fbf..7af4bd49 100644 --- a/infra/cifuzz/actions/action.yml +++ b/infra/cifuzz/actions/action.yml @@ -5,8 +5,13 @@ inputs: project-name: description: 'Name of the corresponding OSS-Fuzz project.' required: true + fuzz-seconds: + description: 'The total time allotted for fuzzing in seconds.' + required: true + default: 360 runs: using: 'docker' image: 'Dockerfile' env: PROJECT_NAME: ${{ inputs.project-name }} + FUZZ_SECONDS: ${{ inputs.fuzz-seconds }} diff --git a/infra/cifuzz/actions/entrypoint.py b/infra/cifuzz/actions/entrypoint.py index 2a041533..5b07c81f 100644 --- a/infra/cifuzz/actions/entrypoint.py +++ b/infra/cifuzz/actions/entrypoint.py @@ -12,46 +12,70 @@ # See the License for the specific language governing permissions and # limitations under the License. """Builds and runs specific OSS-Fuzz project's fuzzers for CI tools.""" - +import logging import os -import subprocess import sys +# pylint: disable=wrong-import-position +sys.path.append(os.path.join(os.environ['OSS_FUZZ_ROOT'], 'infra', 'cifuzz')) +import cifuzz + +# TODO: Turn default logging to INFO when CIFuzz is stable +logging.basicConfig( + format='%(asctime)s - %(name)s - %(levelname)s - %(message)s', + level=logging.DEBUG) + def main(): - """Runs OSS-Fuzz project's fuzzers for CI tools.""" - project_name = os.environ['OSS_FUZZ_PROJECT_NAME'] - repo_name = os.environ['GITHUB_REPOSITORY'].rsplit('/', 1)[-1] - commit_sha = os.environ['GITHUB_SHA'] + """Runs OSS-Fuzz project's fuzzers for CI tools. + This script is used to kick off the Github Actions CI tool. It is the + entrypoint of the Dockerfile in this directory. This action can be added to + any OSS-Fuzz project's workflow that uses Github. + + Required environment variables: + PROJECT_NAME: The name of OSS-Fuzz project. + FUZZ_TIME: The length of time in seconds that fuzzers are to be run. + GITHUB_REPOSITORY: The name of the Github repo that called this script. + GITHUB_SHA: The commit SHA that triggered this script. + + Returns: + 0 on success or 1 on Failure. + """ + oss_fuzz_project_name = os.environ.get('PROJECT_NAME') + fuzz_seconds = int(os.environ.get('FUZZ_SECONDS', 360)) + github_repo_name = os.path.basename(os.environ.get('GITHUB_REPOSITORY')) + commit_sha = os.environ.get('GITHUB_SHA') + + # Get the shared volume directory and create required directorys. + workspace = os.environ.get('GITHUB_WORKSPACE') + if not workspace: + logging.error('This script needs to be run in the Github action context.') + return 1 + git_workspace = os.path.join(workspace, 'storage') + os.makedirs(git_workspace, exist_ok=True) + out_dir = os.path.join(workspace, 'out') + os.makedirs(out_dir, exist_ok=True) # Build the specified project's fuzzers from the current repo state. - print('Building fuzzers\nproject: {0}\nrepo name: {1}\ncommit: {2}'.format( - project_name, repo_name, commit_sha)) - command = [ - 'python3', '/src/oss-fuzz/infra/cifuzz.py', 'build_fuzzers', project_name, - repo_name, commit_sha - ] - print('Running command: "{0}"'.format(' '.join(command))) - try: - subprocess.check_call(command) - except subprocess.CalledProcessError as err: - sys.stderr.write('Error building fuzzers: "{0}"'.format(str(err))) - return err.returncode + if not cifuzz.build_fuzzers(oss_fuzz_project_name, github_repo_name, + commit_sha, git_workspace, out_dir): + logging.error('Error building fuzzers for project %s.', + oss_fuzz_project_name) + return 1 # Run the specified project's fuzzers from the build. - command = [ - 'python3', '/src/oss-fuzz/infra/cifuzz.py', 'run_fuzzers', project_name - ] - print('Running command: "{0}"'.format(' '.join(command))) - try: - subprocess.check_call(command) - except subprocess.CalledProcessError as err: - sys.stderr.write('Error running fuzzers: "{0}"'.format(str(err))) - return err.returncode - print('Fuzzers ran successfully.') + run_status, bug_found = cifuzz.run_fuzzers(oss_fuzz_project_name, + fuzz_seconds, out_dir) + if not run_status: + logging.error('Error occured while running fuzzers for project %s.', + oss_fuzz_project_name) + return 1 + if bug_found: + logging.info('Bug found.') + # Return 2 when a bug was found by a fuzzer causing the CI to fail. + return 2 return 0 if __name__ == '__main__': - sys.exit(main()) |