Merge security audited changes #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ClusterFuzzLite PR fuzzing | |
on: | |
pull_request: | |
paths: | |
- '**' | |
permissions: read-all | |
jobs: | |
PR: | |
runs-on: ubuntu-latest | |
concurrency: | |
group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} | |
cancel-in-progress: true | |
strategy: | |
fail-fast: false | |
matrix: | |
sanitizer: [address, undefined, memory] # Override this with the sanitizers you want. | |
steps: | |
- name: Build Fuzzers (${{ matrix.sanitizer }}) | |
id: build | |
uses: google/clusterfuzzlite/actions/build_fuzzers@v1 | |
with: | |
language: c # Change this to the language you are fuzzing. | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
sanitizer: ${{ matrix.sanitizer }} | |
# Optional but recommended: used to only run fuzzers that are affected | |
# by the PR. | |
# storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git | |
# storage-repo-branch: main # Optional. Defaults to "main" | |
# storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". | |
- name: Run Fuzzers (${{ matrix.sanitizer }}) | |
id: run | |
uses: google/clusterfuzzlite/actions/run_fuzzers@v1 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
fuzz-seconds: 300 # 5 minutes | |
mode: 'code-change' | |
sanitizer: ${{ matrix.sanitizer }} | |
output-sarif: true | |
# Optional but recommended: used to download the corpus produced by | |
# batch fuzzing. | |
# storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git | |
# storage-repo-branch: main # Optional. Defaults to "main" | |
# storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". |