Fix #341
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Fuzzing | |
| on: | |
| push: | |
| branches: [main, master, staging, try] | |
| pull_request: | |
| branches: [main, master] | |
| schedule: | |
| - cron: "0 0 * * *" # Daily sanity check | |
| permissions: | |
| contents: read | |
| jobs: | |
| fuzz: | |
| name: Fuzz ${{ matrix.target }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: [roundtrip, compat, zero_copy, sync_roundtrip, async_fiber] | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout repository | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| - name: Install Rust nightly | |
| uses: dtolnay/rust-toolchain@5b842231ba77f5c045dba54ac5560fed2db780e2 # nightly | |
| - name: Cache cargo bin | |
| id: cache-cargo-bin | |
| uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 | |
| with: | |
| path: ~/.cargo/bin/cargo-fuzz | |
| key: ${{ runner.os }}-cargo-fuzz-bin | |
| - name: Install cargo-fuzz | |
| if: steps.cache-cargo-bin.outputs.cache-hit != 'true' | |
| run: cargo install cargo-fuzz | |
| - name: Cache Fuzzing Corpus | |
| uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 | |
| with: | |
| path: fuzz/corpus/${{ matrix.target }} | |
| key: ${{ runner.os }}-fuzz-corpus-${{ matrix.target }}-${{ github.run_id }} | |
| restore-keys: | | |
| ${{ runner.os }}-fuzz-corpus-${{ matrix.target }}- | |
| - name: Cache build artifacts | |
| uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 | |
| with: | |
| path: | | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| fuzz/target/ | |
| target/ | |
| key: ${{ runner.os }}-fuzz-target-${{ matrix.target }}-${{ hashFiles('Cargo.lock', 'fuzz/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-fuzz-target-${{ matrix.target }}- | |
| - name: Run Fuzzer | |
| run: | | |
| cd fuzz | |
| if [[ "${{ github.event_name }}" == "pull_request" ]]; then | |
| # Run the fuzzer 5 times, each for 1 hour (3600 seconds) instead of 1 time for 5 hours. | |
| # Long single fuzzer runs can hit memory limits or cause CPU starvation in shared CI runners. | |
| for i in {1..5}; do | |
| echo "Starting PR fuzzer iteration $i of 5..." | |
| cargo +nightly fuzz run ${{ matrix.target }} -- -max_total_time=3600 -rss_limit_mb=16384Mb | |
| done | |
| else | |
| echo "Starting standard fuzzer iteration (1 hour)..." | |
| cargo +nightly fuzz run ${{ matrix.target }} -- -max_total_time=3600 -rss_limit_mb=16384Mb | |
| fi | |
| - name: Upload Crash Artifacts | |
| if: failure() | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: fuzzer-artifacts-${{ matrix.target }} | |
| path: fuzz/artifacts/${{ matrix.target }} | |
| if-no-files-found: ignore |