From cc456a425c3305c9fab74aed3fc5c7f5a1caa3f4 Mon Sep 17 00:00:00 2001
From: Sergey Bronnikov <sergeyb@tarantool.org>
Date: Fri, 12 Feb 2021 19:08:10 +0300
Subject: [PATCH] github-ci: add workflow to run fuzzing testing

Tarantool has been integrated to OSS-Fuzz infrastructure, and
implemented fuzzers are passed now [1]. Patch adds a new workflow that
will execute fuzzers on each push to a master branch using OSS-Fuzz
infrastructure [2]. To reduce a load on testing machines job triggers on
changes in directory with Tarantool's source code, fuzzers source code,
corpus files and GH Actions workflow file for fuzzing.

OSS-Fuzz provides web interface with fuzzing statistics, found errors
and other useful information. Access to OSS-Fuzz web interface is
available for persons whose email addresses specified in project.yml,
committed to oss-fuzz repository [4]. Bugs found in OSS-Fuzz reported to
bugtracker [5].

Using fuzzing testing documented in Tarantool's wiki [6].

1. https://github.com/google/oss-fuzz/pull/4723
2. https://google.github.io/oss-fuzz/getting-started/continuous-integration/#integrating-into-your-repository
3. https://google.github.io/oss-fuzz/further-reading/clusterfuzz/
4. https://github.com/google/oss-fuzz
5. https://bugs.chromium.org/p/oss-fuzz/issues/list
6. https://github.com/tarantool/tarantool/wiki/Fuzzing

Follows up #1809
---
 .github/workflows/fuzzing.yml           | 45 +++++++++++++++++++++++++
 changelogs/unreleased/oss-fuzz-in-ci.md |  3 ++
 2 files changed, 48 insertions(+)
 create mode 100644 .github/workflows/fuzzing.yml
 create mode 100644 changelogs/unreleased/oss-fuzz-in-ci.md

diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml
new file mode 100644
index 0000000000..3179650b4a
--- /dev/null
+++ b/.github/workflows/fuzzing.yml
@@ -0,0 +1,45 @@
+name: fuzzing
+
+on:
+  push:
+    branches:
+      - 'master'
+    paths:
+      - '.github/workflows/**'
+      - 'src/**'
+      - 'test/fuzz/**'
+      - 'test/static/corpus/**'
+
+jobs:
+  fuzzing:
+    if: (github.repository == 'tarantool/tarantool')
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer: [address, undefined]
+
+    steps:
+      - name: build fuzzers (${{ matrix.sanitizer }})
+        id: build
+        uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+        with:
+          oss-fuzz-project-name: 'tarantool'
+          dry-run: false
+          sanitizer: ${{ matrix.sanitizer }}
+      - name: run fuzzers (${{ matrix.sanitizer }})
+        uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+        with:
+          oss-fuzz-project-name: 'tarantool'
+          fuzz-seconds: 600
+          dry-run: false
+          sanitizer: ${{ matrix.sanitizer }}
+      - name: upload crash
+        uses: actions/upload-artifact@v1
+        if: failure() && steps.build.outcome == 'success'
+        with:
+          name: ${{ matrix.sanitizer }}-artifacts
+          retention-days: 21
+          path: ./out/artifacts
diff --git a/changelogs/unreleased/oss-fuzz-in-ci.md b/changelogs/unreleased/oss-fuzz-in-ci.md
new file mode 100644
index 0000000000..dc0740dd3e
--- /dev/null
+++ b/changelogs/unreleased/oss-fuzz-in-ci.md
@@ -0,0 +1,3 @@
+## feature/testing
+
+* Run fuzzing testing continuously on per-push basis (gh-1809).
-- 
GitLab