Skip to content

Build on demand fuzz targets #504

Build on demand fuzz targets

Build on demand fuzz targets #504

name: Build on demand fuzz targets
on:
# Run when a new release or rc is created
release:
types: [released, prereleased]
# Run on-demand
workflow_dispatch:
inputs:
branch_type:
type: choice
required: true
options:
- master
- release
- rc
description: Type of branch to build fuzz targets
branch_ref:
type: string
required: true
description: Branch name or tag to build from
jobs:
build_fuzzers:
name: Build Fuzzers
runs-on: "ubuntu-20.04-32core"
permissions:
contents: "read"
id-token: "write"
steps:
- run: sudo fallocate -l 128G /swap-file
- run: sudo chmod 600 /swap-file
- run: sudo mkswap /swap-file
- run: sudo swapon /swap-file
- name: Checkout Release/RC branch
if: contains(fromJSON('["released", "prereleased"]'), github.event.action)
uses: actions/checkout@v4
- name: Checkout ${{ github.event.inputs.branch_ref }} branch
if: ${{ github.event_name == 'workflow_dispatch'}}
uses: actions/checkout@v4
with:
ref: ${{ github.event.inputs.branch_ref }}
- id: "auth"
name: Authenticate with Google Cloud
uses: "google-github-actions/auth@v2"
with:
workload_identity_provider: "projects/346595944828/locations/global/workloadIdentityPools/github-pool/providers/github-provider"
service_account: "github-service-account@nearone-clusterfuzz.iam.gserviceaccount.com"
- name: Installing nightly rust
run: |
rustup install nightly
rustup default nightly
- uses: baptiste0928/cargo-install@904927dbe77864e0f2281519fe9d5bd097a220b3
with:
crate: cargo-bolero
# TODO: remove the below once https://github.com/camshaft/bolero/pull/195 is released on crates.io
# and https://github.com/camshaft/bolero/pull/196 has a proper fix
git: https://github.com/camshaft/bolero
rev: 4ca2dcd6d658b33b4471081c900364043b018a9a
- run: rustup target add --toolchain nightly wasm32-unknown-unknown
- name: "Set up GCP SDK"
uses: "google-github-actions/setup-gcloud@v2"
with:
version: ">= 416.0.0"
- name: Build Release branch fuzz targets
if: ${{ github.event.action == 'released'}}
run: echo "branch_type=release" >> "$GITHUB_ENV"
- name: Build RC branch fuzz targets
if: ${{ github.event.action == 'prereleased'}}
run: echo "branch_type=rc" >> "$GITHUB_ENV"
- name: Build fuzz targets from ${{ github.event.inputs.branch_ref }}" branch
if: ${{ github.event_name == 'workflow_dispatch'}}
run: echo "branch_type=${{ github.event.inputs.branch_type }}" >> "$GITHUB_ENV"
- name: "Compile fuzzers and upload to GCS"
run: |
NAME="nearcore-$branch_type-$(env TZ=Etc/UTC date +"%Y%m%d%H%M%S")"
RUSTFLAGS="--cfg fuzz" cargo +nightly bolero build-clusterfuzz --all-features --profile fuzz
gsutil cp -Z target/fuzz/clusterfuzz.tar "gs://nearone_fuzzer_targets/$branch_type/$NAME.tar.gz"