Build on demand fuzz targets #462
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build on demand fuzz targets | |
| on: | |
| # Run when a new release or rc is created | |
| release: | |
| types: [released, prereleased] | |
| # Run on-demand | |
| workflow_dispatch: | |
| inputs: | |
| branch_type: | |
| type: choice | |
| required: true | |
| options: | |
| - master | |
| - release | |
| - rc | |
| description: Type of branch to build fuzz targets | |
| branch_ref: | |
| type: string | |
| required: true | |
| description: Branch name or tag to build from | |
| jobs: | |
| build_fuzzers: | |
| name: Build Fuzzers | |
| runs-on: "ubuntu-20.04-32core" | |
| permissions: | |
| contents: "read" | |
| id-token: "write" | |
| steps: | |
| - run: sudo fallocate -l 128G /swap-file | |
| - run: sudo chmod 600 /swap-file | |
| - run: sudo mkswap /swap-file | |
| - run: sudo swapon /swap-file | |
| - id: "auth" | |
| uses: "google-github-actions/auth@v1" | |
| with: | |
| workload_identity_provider: "projects/968400232856/locations/global/workloadIdentityPools/project-identity-pool/providers/github-provider" | |
| service_account: "near-fuzzer-service-account@near-fuzzer.iam.gserviceaccount.com" | |
| - name: Installing nightly rust | |
| run: | | |
| rustup install nightly | |
| rustup default nightly | |
| - uses: baptiste0928/cargo-install@21a18ba3bf4a184d1804e8b759930d3471b1c941 | |
| with: | |
| crate: cargo-bolero | |
| # TODO: remove the below once https://github.com/camshaft/bolero/pull/195 is released on crates.io | |
| # and https://github.com/camshaft/bolero/pull/196 has a proper fix | |
| git: https://github.com/Ekleog-NEAR/bolero | |
| rev: 56da8e6d1d018519a30b36d85d3a53fe35a42eaf | |
| - run: rustup target add --toolchain nightly wasm32-unknown-unknown | |
| - name: "Set up GCP SDK" | |
| uses: "google-github-actions/setup-gcloud@v1" | |
| with: | |
| version: ">= 416.0.0" | |
| - name: Checkout Release/RC branch | |
| if: contains(fromJSON('["released", "prereleased"]'), github.event.action) | |
| uses: actions/checkout@master | |
| - name: Checkout ${{ github.event.inputs.branch_ref }} branch | |
| if: ${{ github.event_name == 'workflow_dispatch'}} | |
| uses: actions/checkout@master | |
| with: | |
| ref: ${{ github.event.inputs.branch_ref }} | |
| - name: Build Release branch fuzz targets | |
| if: ${{ github.event.action == 'released'}} | |
| run: echo "branch_type=release" >> "$GITHUB_ENV" | |
| - name: Build RC branch fuzz targets | |
| if: ${{ github.event.action == 'prereleased'}} | |
| run: echo "branch_type=rc" >> "$GITHUB_ENV" | |
| - name: Build fuzz targets from ${{ github.event.inputs.branch_ref }}" branch | |
| if: ${{ github.event_name == 'workflow_dispatch'}} | |
| run: echo "branch_type=${{ github.event.inputs.branch_type }}" >> "$GITHUB_ENV" | |
| - name: "Compile fuzzers and upload to GCS" | |
| run: | | |
| NAME="nearcore-$branch_type-$(env TZ=Etc/UTC date +"%Y%m%d%H%M%S")" | |
| RUSTFLAGS="-A warnings --cfg fuzz" cargo +nightly bolero build-clusterfuzz --all-features --profile fuzz | |
| gsutil cp -Z target/fuzz/clusterfuzz.tar "gs://fuzzer_targets/$branch_type/$NAME.tar.gz" |