1#
2#  Copyright (c) 2020, The OpenThread Authors.
3#  All rights reserved.
4#
5#  Redistribution and use in source and binary forms, with or without
6#  modification, are permitted provided that the following conditions are met:
7#  1. Redistributions of source code must retain the above copyright
8#     notice, this list of conditions and the following disclaimer.
9#  2. Redistributions in binary form must reproduce the above copyright
10#     notice, this list of conditions and the following disclaimer in the
11#     documentation and/or other materials provided with the distribution.
12#  3. Neither the name of the copyright holder nor the
13#     names of its contributors may be used to endorse or promote products
14#     derived from this software without specific prior written permission.
15#
16#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
17#  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18#  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19#  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
20#  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21#  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22#  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23#  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24#  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25#  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26#  POSSIBILITY OF SUCH DAMAGE.
27#
28
29name: CIFuzz
30
31on:
32  pull_request:
33    branches:
34      - 'main'
35
36concurrency:
37  group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }}
38  cancel-in-progress: true
39
40permissions:  # added using https://github.com/step-security/secure-workflows
41  contents: read
42
43jobs:
44 Fuzzing:
45   runs-on: ubuntu-20.04
46   steps:
47   - name: Harden Runner
48     uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
49     with:
50       egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
51
52   - name: Build Fuzzers
53     uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@c0e4bb8d15a68b7f8cc731ea75523e48a2301bcf # master
54     with:
55       oss-fuzz-project-name: 'openthread'
56       dry-run: false
57   - name: Run Fuzzers
58     uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@c0e4bb8d15a68b7f8cc731ea75523e48a2301bcf # master
59     with:
60       oss-fuzz-project-name: 'openthread'
61       fuzz-seconds: 1800
62       dry-run: false
63   - name: Upload Crash
64     uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
65     if: failure()
66     with:
67       name: artifacts
68       path: ./out/artifacts
69