| # Copyright (c) uBPF contributors |
| # SPDX-License-Identifier: MIT |
| |
| name: Fuzzing |
| |
| permissions: |
| contents: write |
| |
| on: |
| schedule: # Run every day at 21:00 UTC |
| - cron: '00 21 * * *' |
| workflow_dispatch: # Run manually |
| |
| jobs: |
| build: |
| strategy: |
| matrix: |
| platform: |
| - ubuntu-latest |
| arch: |
| - x86_64 |
| |
| runs-on: ${{ matrix.platform }} |
| |
| steps: |
| - uses: actions/checkout@v4 |
| with: |
| submodules: 'recursive' |
| |
| - name: Generate the cache key |
| id: cache_key |
| run: echo "VALUE=platform-${{ matrix.platform }}_arch=${{ matrix.arch }}_type=fuzzing" >> $GITHUB_OUTPUT |
| |
| - name: Update the cache (ccache) |
| uses: actions/cache@v4.0.2 |
| with: |
| path: ccache |
| key: ${{ steps.cache_key.outputs.VALUE }}_ccache |
| |
| - name: Create the build folders |
| run: | |
| mkdir -p \ |
| ccache |
| |
| - name: Install system dependencies (Linux) |
| if: matrix.platform == 'ubuntu-latest' |
| run: | |
| sudo apt-get update |
| |
| sudo apt-get install -y \ |
| ccache \ |
| ninja-build \ |
| cmake \ |
| lcov \ |
| libboost-dev \ |
| libboost-program-options-dev \ |
| libboost-filesystem-dev \ |
| libelf-dev |
| |
| if [[ "${{ matrix.arch }}" == "arm64" ]] ; then |
| sudo apt install -y \ |
| g++-aarch64-linux-gnu \ |
| gcc-aarch64-linux-gnu \ |
| qemu-user |
| fi |
| |
| - name: Build/install libbpf From Source |
| if: matrix.platform == 'ubuntu-latest' |
| run: ./.github/scripts/build-libbpf.sh |
| shell: bash |
| |
| - name: Install system dependencies (macOS) |
| if: matrix.platform == 'macos-11' |
| run: | |
| brew install \ |
| cmake \ |
| ninja \ |
| ccache \ |
| lcov \ |
| boost |
| |
| - name: Configure uBPF |
| run: | |
| export CCACHE_DIR="$(pwd)/ccache" |
| |
| ${command_prefix} cmake \ |
| -G Ninja \ |
| -S . \ |
| -B build \ |
| -DCMAKE_BUILD_TYPE=Debug \ |
| -DCMAKE_C_COMPILER=clang \ |
| -DCMAKE_CXX_COMPILER=clang++ \ |
| -DUBPF_ENABLE_LIBFUZZER=1 \ |
| -DCMAKE_BUILD_TYPE=Debug |
| ${arch_flags} |
| |
| - name: Build uBPF |
| run: | |
| export CCACHE_DIR="$(pwd)/ccache" |
| |
| ${command_prefix} cmake \ |
| --build build |
| |
| - name: Upload fuzzer as artifacts |
| uses: actions/upload-artifact@v2 |
| with: |
| name: fuzzer |
| path: build/bin/ubpf_fuzzer |
| |
| - uses: actions/checkout@v4 |
| with: |
| submodules: 'recursive' |
| ref: fuzz/corpus |
| |
| - name: Download fuzzer artifacts |
| uses: actions/download-artifact@v4 |
| with: |
| name: fuzzer |
| |
| - name: Setup directory for fuzzing |
| run: | |
| ls -la |
| mkdir -p new_corpus |
| mkdir -p fuzz/corpus |
| cp -r fuzz/corpus/* new_corpus |
| mkdir -p artifacts |
| chmod a+x ubpf_fuzzer |
| |
| - name: Run fuzzing |
| run: | |
| ./ubpf_fuzzer new_corpus -artifact_prefix=artifacts/ -use_value_profile=1 -max_total_time=300 |
| |
| - name: Merge corpus into fuzz/corpus |
| run: | |
| ./ubpf_fuzzer -merge=1 fuzz/corpus new_corpus |
| git add fuzz/corpus |
| git config --global user.email 'ubpf@users.noreply.github.com' |
| git config --global user.name 'Github Action' |
| git commit -sm "Update fuzzing corpus" |
| git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{github.repository}}.git |
| git push |
| |
| - name: Upload artifacts |
| if: always() |
| uses: actions/upload-artifact@v2 |
| with: |
| name: fuzzing-artifacts |
| path: artifacts/ |