Merge branch 'main' of https://github.com/Azure/azure-osconfig into M…

…ariusNi/OsConfig_ASB_Nov07_2024
Azure · Nov 12, 2024 · 771c960 · 771c960
2 parents 5e04cc7 + 5b37603
commit 771c960
Show file tree

Hide file tree

Showing 3 changed files with 101 additions and 2 deletions.
diff --git a/.github/workflows/fuzzing-run.yml b/.github/workflows/fuzzing-run.yml
@@ -0,0 +1,61 @@
+name: Fuzzer execution
+
+on:
+  workflow_call:
+    inputs:
+      target:
+        required: true
+        type: string
+      arch:
+        required: true
+        type: string
+      package-type:
+        required: true
+        type: string
+      timeout-seconds:
+        description: The maximum time in seconds to run the fuzzer.
+        required: false
+        type: number
+        default: 600
+
+jobs:
+  package:
+    uses: ./.github/workflows/package-build.yml
+    with:
+      target: ${{ inputs.target }}
+      arch: ${{ inputs.arch }}
+      artifact: ${{ inputs.target }}-fuzzer
+      package-type: ${{ inputs.package-type }}
+      build-fuzzers: true
+
+  fuzzer-execution:
+    needs: package
+    runs-on: [self-hosted, 1ES.Pool=e2e-pool, '1ES.ImageOverride=${{ inputs.target }}']
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/download-artifact@v4
+        id: download
+        with:
+          name: ${{ inputs.target }}-fuzzer
+
+      - name: Install prerequisites
+        run: |
+          sudo apt update
+          sudo apt install -y clang
+          sudo chmod +x ${{ steps.download.outputs.download-path }}/fuzzer/osconfig-fuzzer
+          mkdir /tmp/corpus
+          mkdir /tmp/artifacts
+          cp -r ${{ steps.download.outputs.download-path }}/src/fuzzer/seed_corpus/* /tmp/corpus
+
+      - name: Run osconfig-fuzzer
+        working-directory: ${{ steps.download.outputs.download-path }}/fuzzer
+        run: ./osconfig-fuzzer -artifact_prefix=/tmp/artifacts/ -max_total_time=${{ inputs.timeout-seconds }} /tmp/corpus 2>&1 >/dev/null | tee /tmp/osconfig-fuzzer.log
+
+      - uses: actions/upload-artifact@v4
+        if: success() || failure()
+        with:
+          name: ${{ inputs.target }}-logs
+          path: |
+            /tmp/osconfig-fuzzer.log
+            /tmp/artifacts
diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml
@@ -0,0 +1,22 @@
+name: Fuzzer execution
+
+on:
+  workflow_dispatch:
+
+jobs:
+  fuzzer-execution:
+    name: Fuzzer execution matrix
+    uses: ./.github/workflows/fuzzing-run.yml
+    strategy:
+      fail-fast: false
+      matrix:
+        target:
+          [
+            { os: ubuntu, version: 22.04, package-type: DEB },
+          ]
+        arch: [amd64]
+    with:
+      target: ${{ matrix.target.os }}-${{ matrix.target.version }}
+      arch: ${{ matrix.arch }}
+      package-type: ${{ matrix.target.package-type }}
+      timeout-seconds: 3600
diff --git a/.github/workflows/package-build.yml b/.github/workflows/package-build.yml
@@ -45,6 +45,11 @@ on:
         type: boolean
         required: false
         default: false
+      build-fuzzers:
+        description: Build fuzzers. This implies building with clang compiler and code instrumentation enabled.
+        type: boolean
+        required: false
+        default: false
 
 env:
   BUILD_TYPE: Release
@@ -98,6 +103,8 @@ jobs:
           cmd: |
             if [ "${{ inputs.machine-config }}" = "true" ]; then
               cmake ../src -DCMAKE_BUILD_TYPE=${{ env.BUILD_TYPE }}
+            elif [ "${{ inputs.build-fuzzers }}" = "true" ]; then
+              cmake ../src -DCMAKE_BUILD_TYPE=Debug -DCMAKE_C_COMPILER="/usr/bin/clang" -DCMAKE_CXX_COMPILER="/usr/bin/clang++" -DTWEAK_VERSION=${{ steps.version.outputs.tweak }} -Duse_prov_client=ON -Dhsm_type_symm_key=ON -DCOMPILE_WITH_STRICTNESS=ON -DBUILD_TESTS=OFF -DBUILD_MODULETEST=OFF -DBUILD_SAMPLES=OFF -Duse_default_uuid=ON -DBUILD_ADAPTERS=ON -DBUILD_FUZZER=ON
             else
               cmake ../src -DCMAKE_C_COMPILER="/usr/bin/gcc" -DCMAKE_CXX_COMPILER="/usr/bin/g++" -DCMAKE_BUILD_TYPE=${{ env.BUILD_TYPE }} -DTWEAK_VERSION=${{ steps.version.outputs.tweak }} -Duse_prov_client=ON -Dhsm_type_symm_key=ON -DCOMPILE_WITH_STRICTNESS=ON -DBUILD_TESTS=OFF -DBUILD_MODULETEST=ON -DBUILD_SAMPLES=OFF -Duse_default_uuid=ON -DBUILD_ADAPTERS=ON
             fi
@@ -127,7 +134,7 @@ jobs:
           package-type: ${{ inputs.package-type }}
 
       - uses: actions/upload-artifact@v4
-        if: ${{ inputs.test }}
+        if: ${{ inputs.test && !inputs.build-fuzzers }}
         with:
           name: ${{ inputs.artifact }}
           path: |
@@ -137,7 +144,16 @@ jobs:
             ./build/modules/bin/*.so
 
       - uses: actions/upload-artifact@v4
-        if: ${{ !inputs.test }}
+        if: ${{ !inputs.test && inputs.build-fuzzers }}
+        with:
+          name: ${{ inputs.artifact }}
+          path: |
+            ./build/osconfig*
+            ./build/*.zip
+            ./build/fuzzer/osconfig-fuzzer
+
+      - uses: actions/upload-artifact@v4
+        if: ${{ !inputs.test && !inputs.build-fuzzers }}
         with:
           name: ${{ inputs.artifact }}
           path: |