| Message ID | f4c26e715af8909c7938b53fb1648cd85008976d.1726482764.git.echaudro@redhat.com |
|---|---|
| State | Accepted |
| Commit | 5c42db83b14f09b235ab956c03c0a1a10f9ae96e |
| Delegated to: | Eelco Chaudron |
| Headers | show |
| Series | [ovs-dev] ci: Run oss-fuzz build stage during CI. | expand |
| Context | Check | Description |
|---|---|---|
| ovsrobot/apply-robot | success | apply and check: success |
| ovsrobot/github-robot-_Build_and_Test | success | github build: passed |
On Mon, Sep 16, 2024 at 12:32:44PM +0200, Eelco Chaudron wrote: > The oss-fuzz project builds specific OVS fuzzing code located in the > tests/oss-fuzz/ directory of our repository. However, this code is > not currently built as part of our CI pipeline, creating a potential > risk that changes in the main OVS code could break the oss-fuzz > integration. This commit addresses that by ensuring the fuzzing code > is built during CI, preventing potential issues. The additional build > step takes approximately 4 minutes. > > Signed-off-by: Eelco Chaudron <echaudro@redhat.com> Thanks Eelco, I agree that it is a good idea for this code to get regular build coverage. Acked-by: Simon Horman <horms@ovn.org>
On 9/16/24 12:32, Eelco Chaudron wrote: > The oss-fuzz project builds specific OVS fuzzing code located in the > tests/oss-fuzz/ directory of our repository. However, this code is > not currently built as part of our CI pipeline, creating a potential > risk that changes in the main OVS code could break the oss-fuzz > integration. This commit addresses that by ensuring the fuzzing code > is built during CI, preventing potential issues. The additional build > step takes approximately 4 minutes. > > Signed-off-by: Eelco Chaudron <echaudro@redhat.com> > --- > .github/workflows/build-and-test.yml | 26 ++++++++++++++++++++++++++ > 1 file changed, 26 insertions(+) > > diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml > index 9d3a13ca1..5dd0cc2ad 100644 > --- a/.github/workflows/build-and-test.yml > +++ b/.github/workflows/build-and-test.yml > @@ -388,6 +388,32 @@ jobs: > - name: build > run: ./.ci/linux-build.sh > > + build-oss-fuzz: > + name: Build oss-fuzz fuzzers I'd change the 'Build' to lowercase here or remove it at all to be in line with other jobs. But otherwise seems fine to me: Acked-by: Ilya Maximets <i.maximets@ovn.org>
On 20 Sep 2024, at 11:51, Ilya Maximets wrote: > On 9/16/24 12:32, Eelco Chaudron wrote: >> The oss-fuzz project builds specific OVS fuzzing code located in the >> tests/oss-fuzz/ directory of our repository. However, this code is >> not currently built as part of our CI pipeline, creating a potential >> risk that changes in the main OVS code could break the oss-fuzz >> integration. This commit addresses that by ensuring the fuzzing code >> is built during CI, preventing potential issues. The additional build >> step takes approximately 4 minutes. >> >> Signed-off-by: Eelco Chaudron <echaudro@redhat.com> >> --- >> .github/workflows/build-and-test.yml | 26 ++++++++++++++++++++++++++ >> 1 file changed, 26 insertions(+) >> >> diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml >> index 9d3a13ca1..5dd0cc2ad 100644 >> --- a/.github/workflows/build-and-test.yml >> +++ b/.github/workflows/build-and-test.yml >> @@ -388,6 +388,32 @@ jobs: >> - name: build >> run: ./.ci/linux-build.sh >> >> + build-oss-fuzz: >> + name: Build oss-fuzz fuzzers > > I'd change the 'Build' to lowercase here or remove it at all to be in line > with other jobs. But otherwise seems fine to me: > > Acked-by: Ilya Maximets <i.maximets@ovn.org> Thanks Ilya (and Simon), applied the change on commit! //Eelco
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 9d3a13ca1..5dd0cc2ad 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -388,6 +388,32 @@ jobs: - name: build run: ./.ci/linux-build.sh + build-oss-fuzz: + name: Build oss-fuzz fuzzers + runs-on: ubuntu-22.04 + timeout-minutes: 30 + + steps: + - name: Checkout OVS + uses: actions/checkout@v4 + + - name: Checkout oss-fuzz + uses: actions/checkout@v4 + with: + repository: google/oss-fuzz + path: oss-fuzz + + - name: Build oss-fuzz image + run: | + cd oss-fuzz + python infra/helper.py build_image openvswitch --no-pull + + - name: Build oss-fuzz fuzzers + run: | + cd oss-fuzz + python infra/helper.py build_fuzzers --sanitizer address \ + --engine afl --architecture x86_64 openvswitch $GITHUB_WORKSPACE + build-osx: env: CC: clang
The oss-fuzz project builds specific OVS fuzzing code located in the tests/oss-fuzz/ directory of our repository. However, this code is not currently built as part of our CI pipeline, creating a potential risk that changes in the main OVS code could break the oss-fuzz integration. This commit addresses that by ensuring the fuzzing code is built during CI, preventing potential issues. The additional build step takes approximately 4 minutes. Signed-off-by: Eelco Chaudron <echaudro@redhat.com> --- .github/workflows/build-and-test.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+)