| name: Fuzzing |
| on: [pull_request] |
| permissions: # added using https://github.com/step-security/secure-workflows |
| contents: read |
| |
| jobs: |
| # Run all fuzzing tests. Some of them use Go 1.18's testing.F. |
| # Others use https://github.com/AdaLogics/go-fuzz-headers. |
| ci_fuzz: |
| name: CI Fuzz |
| if: github.repository == 'containerd/containerd' |
| runs-on: ubuntu-latest |
| timeout-minutes: 60 |
| steps: |
| - name: Build Fuzzers |
| id: build |
| uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@abe2c06d0e162320403dd10e8268adbb0b8923f8 # master |
| with: |
| oss-fuzz-project-name: 'containerd' |
| language: go |
| - name: Run Fuzzers |
| uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@abe2c06d0e162320403dd10e8268adbb0b8923f8 # master |
| with: |
| oss-fuzz-project-name: 'containerd' |
| fuzz-seconds: 300 |
| language: go |
| continue-on-error: true |
| - name: Upload Crash |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 |
| if: failure() && steps.build.outcome == 'success' |
| with: |
| name: artifacts |
| path: ./out/artifacts |
| |
| # Make sure all fuzzing tests which use Go 1.18's testing.F are |
| # runnable with go test -fuzz. |
| go_test_fuzz: |
| name : go test -fuzz |
| if: github.repository == 'containerd/containerd' |
| runs-on: ubuntu-latest |
| timeout-minutes: 30 |
| steps: |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 |
| - uses: ./.github/actions/install-go |
| - run: script/go-test-fuzz.sh |
