diff options
author | 2021-01-20 13:23:55 -0800 | |
---|---|---|
committer | 2021-01-20 13:23:55 -0800 | |
commit | b998058ef3c6a27fe179b0ab3db8cb08ad766d85 (patch) | |
tree | e2fde0dd5a9847ee34935d9c18fff77763e2b9ed /infra/cifuzz/actions | |
parent | 9d7f4f3100caf7aa731cf53c943a4e3ef62b0607 (diff) |
Move entrypoints for CIFuzz to cifuzz folder. (#5020)
Move entrypoints for CIFuzz to cifuzz.
This allows us to reduce some complexity by getting rid of
an unnecessary copy in docker and a hack to making importing work.
Diffstat (limited to 'infra/cifuzz/actions')
-rw-r--r-- | infra/cifuzz/actions/build_fuzzers/build_fuzzers_entrypoint.py | 134 | ||||
-rw-r--r-- | infra/cifuzz/actions/run_fuzzers/run_fuzzers_entrypoint.py | 95 |
2 files changed, 0 insertions, 229 deletions
diff --git a/infra/cifuzz/actions/build_fuzzers/build_fuzzers_entrypoint.py b/infra/cifuzz/actions/build_fuzzers/build_fuzzers_entrypoint.py deleted file mode 100644 index 5d467e7b..00000000 --- a/infra/cifuzz/actions/build_fuzzers/build_fuzzers_entrypoint.py +++ /dev/null @@ -1,134 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Builds and runs specific OSS-Fuzz project's fuzzers for CI tools.""" -import json -import logging -import os -import sys - -# pylint: disable=wrong-import-position,import-error -sys.path.append(os.path.join(os.environ['OSS_FUZZ_ROOT'], 'infra', 'cifuzz')) -import cifuzz - -# TODO: Turn default logging to INFO when CIFuzz is stable -logging.basicConfig( - format='%(asctime)s - %(name)s - %(levelname)s - %(message)s', - level=logging.DEBUG) - - -def get_pr_ref(event_path): - """Returns the PR ref from |event_path|.""" - with open(event_path, encoding='utf-8') as file_handle: - event = json.load(file_handle) - return 'refs/pull/{0}/merge'.format(event['pull_request']['number']) - - -def get_project_src_path(workspace): - """Returns the manually checked out path of the project's source if specified - or None.""" - # TODO(metzman): Get rid of MANUAL_SRC_PATH when Skia switches to - # project_src_path. - path = os.getenv('PROJECT_SRC_PATH', os.getenv('MANUAL_SRC_PATH')) - if not path: - logging.debug('No PROJECT_SRC_PATH.') - return path - - logging.debug('PROJECT_SRC_PATH set.') - if os.path.isabs(path): - return path - - # If |src| is not absolute, assume we are running in GitHub actions. - # TODO(metzman): Don't make this assumption. - return os.path.join(workspace, path) - - -def main(): - """Build OSS-Fuzz project's fuzzers for CI tools. - This script is used to kick off the Github Actions CI tool. It is the - entrypoint of the Dockerfile in this directory. This action can be added to - any OSS-Fuzz project's workflow that uses Github. - - Note: The resulting clusterfuzz binaries of this build are placed in - the directory: ${GITHUB_WORKSPACE}/out - - Required environment variables: - OSS_FUZZ_PROJECT_NAME: The name of OSS-Fuzz project. - GITHUB_REPOSITORY: The name of the Github repo that called this script. - GITHUB_SHA: The commit SHA that triggered this script. - GITHUB_EVENT_NAME: The name of the hook event that triggered this script. - GITHUB_EVENT_PATH: - The path to the file containing the POST payload of the webhook: - https://help.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners#filesystems-on-github-hosted-runners - GITHUB_WORKSPACE: The shared volume directory where input artifacts are. - DRY_RUN: If true, no failures will surface. - SANITIZER: The sanitizer to use when running fuzzers. - - Returns: - 0 on success or 1 on failure. - """ - oss_fuzz_project_name = os.getenv('OSS_FUZZ_PROJECT_NAME') - github_repo_name = os.path.basename(os.getenv('GITHUB_REPOSITORY')) - commit_sha = os.getenv('GITHUB_SHA') - event = os.getenv('GITHUB_EVENT_NAME') - workspace = os.getenv('GITHUB_WORKSPACE') - sanitizer = os.getenv('SANITIZER').lower() - project_src_path = get_project_src_path(workspace) - build_integration_path = os.getenv('BUILD_INTEGRATION_PATH') - allowed_broken_targets_percentage = os.getenv( - 'ALLOWED_BROKEN_TARGETS_PERCENTAGE') - - # Check if failures should not be reported. - dry_run = os.getenv('DRY_RUN').lower() == 'true' - if dry_run: - # Sets the default return code on error to success. - returncode = 0 - else: - # The default return code when an error occurs. - returncode = 1 - - if not workspace: - logging.error('This script needs to be run within Github actions.') - return returncode - - if event == 'pull_request': - event_path = os.getenv('GITHUB_EVENT_PATH') - pr_ref = get_pr_ref(event_path) - else: - pr_ref = None - - if not cifuzz.build_fuzzers(oss_fuzz_project_name, - github_repo_name, - workspace, - commit_sha=commit_sha, - pr_ref=pr_ref, - sanitizer=sanitizer, - project_src_path=project_src_path, - build_integration_path=build_integration_path): - logging.error( - 'Error building fuzzers for project %s (commit: %s, pr_ref: %s).', - oss_fuzz_project_name, commit_sha, pr_ref) - return returncode - - out_dir = os.path.join(workspace, 'out') - if cifuzz.check_fuzzer_build( - out_dir, - sanitizer=sanitizer, - allowed_broken_targets_percentage=allowed_broken_targets_percentage): - returncode = 0 - - return returncode - - -if __name__ == '__main__': - sys.exit(main()) diff --git a/infra/cifuzz/actions/run_fuzzers/run_fuzzers_entrypoint.py b/infra/cifuzz/actions/run_fuzzers/run_fuzzers_entrypoint.py deleted file mode 100644 index 9f748e7e..00000000 --- a/infra/cifuzz/actions/run_fuzzers/run_fuzzers_entrypoint.py +++ /dev/null @@ -1,95 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Runs specific OSS-Fuzz project's fuzzers for CI tools.""" -import logging -import os -import sys - -# pylint: disable=wrong-import-position,import-error -sys.path.append(os.path.join(os.environ['OSS_FUZZ_ROOT'], 'infra', 'cifuzz')) -import cifuzz - -# TODO: Turn default logging to INFO when CIFuzz is stable. -logging.basicConfig( - format='%(asctime)s - %(name)s - %(levelname)s - %(message)s', - level=logging.DEBUG) - - -def main(): - """Runs OSS-Fuzz project's fuzzers for CI tools. - This is the entrypoint for the run_fuzzers github action. - This action can be added to any OSS-Fuzz project's workflow that uses Github. - - NOTE: libFuzzer binaries must be located in the ${GITHUB_WORKSPACE}/out - directory in order for this action to be used. This action will only fuzz the - binaries that are located in that directory. It is recommended that you add - the build_fuzzers action preceding this one. - - NOTE: Any crash report will be in the filepath: - ${GITHUB_WORKSPACE}/out/testcase - This can be used in parallel with the upload-artifact action to surface the - logs. - - Required environment variables: - FUZZ_SECONDS: The length of time in seconds that fuzzers are to be run. - GITHUB_WORKSPACE: The shared volume directory where input artifacts are. - DRY_RUN: If true, no failures will surface. - OSS_FUZZ_PROJECT_NAME: The name of the relevant OSS-Fuzz project. - SANITIZER: The sanitizer to use when running fuzzers. - - Returns: - 0 on success or 1 on failure. - """ - fuzz_seconds = int(os.environ.get('FUZZ_SECONDS', 600)) - workspace = os.environ.get('GITHUB_WORKSPACE') - oss_fuzz_project_name = os.environ.get('OSS_FUZZ_PROJECT_NAME') - sanitizer = os.environ.get('SANITIZER').lower() - - # Check if failures should not be reported. - dry_run = (os.environ.get('DRY_RUN').lower() == 'true') - - # The default return code when an error occurs. - returncode = 1 - if dry_run: - # A testcase file is required in order for CIFuzz to surface bugs. - # If the file does not exist, the action will crash attempting to upload it. - # The dry run needs this file because it is set to upload a testcase both - # on successful runs and on failures. - out_dir = os.path.join(workspace, 'out', 'artifacts') - os.makedirs(out_dir, exist_ok=True) - - # Sets the default return code on error to success. - returncode = 0 - - if not workspace: - logging.error('This script needs to be run in the Github action context.') - return returncode - # Run the specified project's fuzzers from the build. - run_status, bug_found = cifuzz.run_fuzzers(fuzz_seconds, - workspace, - oss_fuzz_project_name, - sanitizer=sanitizer) - if not run_status: - logging.error('Error occurred while running in workspace %s.', workspace) - return returncode - if bug_found: - logging.info('Bug found.') - if not dry_run: - # Return 2 when a bug was found by a fuzzer causing the CI to fail. - return 2 - return 0 - - -if __name__ == '__main__': - sys.exit(main()) |