From 955b41f906680563ec102b19b6209c366d78eb40 Mon Sep 17 00:00:00 2001 From: nathan-bo <103655431+nathan-bo@users.noreply.github.com> Date: Mon, 5 Sep 2022 16:52:51 +0300 Subject: [PATCH] ci: move fuzz testing to reusable workflow (#133) Move the definition of the fuzz testing jobs to a separate workflow so that it could be reused by workflows other than the main CI one. --- .github/workflows/ci_pipeline.yml | 107 ++---------------------------- .github/workflows/test_fuzz.yml | 71 +++++--------------- 2 files changed, 19 insertions(+), 159 deletions(-) diff --git a/.github/workflows/ci_pipeline.yml b/.github/workflows/ci_pipeline.yml index aa38fd7701..4f6ad5ab3e 100644 --- a/.github/workflows/ci_pipeline.yml +++ b/.github/workflows/ci_pipeline.yml @@ -104,106 +104,7 @@ jobs: Fuzz: if: ${{ github.event.review.state == 'approved' || github.event_name == 'workflow_dispatch' || startsWith(github.ref, 'refs/heads/release') }} needs: [Build] - runs-on: [self-hosted, ubuntu, asrunner] - container: - image: ubuntu:18.04 - strategy: - matrix: - include: - - name: db_fuzzer - - name: db_map_fuzzer - - steps: - - name: Pre-build - run: | - apt update && apt install -y sudo python3 git clang-tools cmake make automake ucommon-utils libtool gettext pkg-config build-essential clang-10 zlib1g-dev libbz2-dev ninja-build liblzma-dev autoconf libsnappy-dev libzstd-dev liblz4-dev binutils m4 g++-10 unzip - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" - unzip awscliv2.zip - sudo ./aws/install - echo "nameserver 8.8.8.8" > /etc/resolv.conf - - - uses: actions/checkout@v3 - - - name: Configure AWS credentials from Test account - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: eu-west-2 - - - name: ${{ matrix.name }} - run: | - echo 'git clone https://github.com/google/libprotobuf-mutator.git \n - cd libprotobuf-mutator \n - git checkout ffd86a32874e5c08a143019aad1aaf0907294c9f \n - cd .. \n - export CC=clang && export CXX=clang++ && mkdir LPM && cd LPM \n - ln -s /usr/lib/x86_64-linux-gnu/libstdc++.so.6 /usr/lib/x86_64-linux-gnu/libstdc++.so \n - ln -s /usr/bin/clang-10 /usr/bin/clang \n - ln -s /usr/bin/clang++-10 /usr/bin/clang++ \n - cmake ../libprotobuf-mutator -GNinja -DLIB_PROTO_MUTATOR_DOWNLOAD_PROTOBUF=ON -DLIB_PROTO_MUTATOR_TESTING=OFF -DCMAKE_BUILD_TYPE=Release \n - ninja \n - ninja install \n - export PKG_CONFIG_PATH=$PWD:$PWD/external.protobuf/lib/pkgconfig/ \n - export PATH=$PWD/external.protobuf/bin:$PATH \n - cd $GITHUB_WORKSPACE \n - COMPILE_WITH_ASAN=1 PORTABLE=1 make -j2 static_lib \n - cd $GITHUB_WORKSPACE/fuzz \n - make ${{ matrix.name }} \n - ls -alFh $GITHUB_WORKSPACE/fuzz/ \n - echo ASAN_OPTIONS=detect_leaks=0 ./db_fuzzer \n' > prepfuz.sh - chmod +x prepfuz.sh - bash -xv prepfuz.sh - mkdir -p $GITHUB_WORKSPACE/out/ - ASAN_OPTIONS=detect_odr_violation=0 $GITHUB_WORKSPACE/fuzz/${{ matrix.name }} 2>&1 | sudo tee $GITHUB_WORKSPACE/out/${{ matrix.name }}.log - tail -20 $GITHUB_WORKSPACE/out/${{ matrix.name }}.log | grep "==AddressSanitizer. Thread limit (4194304 threads) exceeded\. Dying\." || echo "${{ matrix.name }} failed!" - - - name: Copy ${{ matrix.name }} logs to S3 - run: | - aws s3 cp $GITHUB_WORKSPACE/out/${{ matrix.name }}.log s3://spdb-github-ci/ - - fuzzer_sum: - runs-on: [self-hosted, ubuntu, asrunner] - container: - image: ubuntu:18.04 - needs: [ Fuzz ] - - steps: - - uses: actions/checkout@v3 - - - name: pre - run: | - apt update && apt install -y sudo unzip curl - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" - unzip awscliv2.zip - sudo ./aws/install - - - name: Configure AWS credentials from Test account - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: eu-west-2 - - - name: download db_fuzzer.log from s3 - run: | - mkdir -p $GITHUB_WORKSPACE/out - aws s3 cp s3://spdb-github-ci/db_fuzzer.log $GITHUB_WORKSPACE/out/db_fuzzer.log || echo "db_fuzzer.log not found" - ls -alFh $GITHUB_WORKSPACE/out - - - name: download db_map_fuzzer.log from s3 - run: | - mkdir -p $GITHUB_WORKSPACE/out - aws s3 cp s3://spdb-github-ci/db_map_fuzzer.log $GITHUB_WORKSPACE/out/db_map_fuzzer.log || echo "db_map_fuzzer.log not found" - ls -alFh $GITHUB_WORKSPACE/out - - - name: fuzzersum - run: | - echo "~~~~ db_map_fuzzer LOGS ~~~~~" - tail -20 $GITHUB_WORKSPACE/out/db_map_fuzzer.log | grep "==AddressSanitizer. Thread limit (4194304 threads) exceeded\. Dying\." || echo "db_map_fuzzer failed!" - echo "~~~~ db_fuzzer LOGS ~~~~~" - tail -20 $GITHUB_WORKSPACE/out/db_fuzzer.log | grep "==AddressSanitizer. Thread limit (4194304 threads) exceeded\. Dying\." || echo "db_fuzzer failed!" - - - name: clear s3 bucket - run: | - aws s3 rm s3://spdb-github-ci/ --recursive --include "*" + uses: ./.github/workflows/test_fuzz.yml + secrets: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/test_fuzz.yml b/.github/workflows/test_fuzz.yml index f270ad7b33..96a410f03c 100644 --- a/.github/workflows/test_fuzz.yml +++ b/.github/workflows/test_fuzz.yml @@ -1,11 +1,16 @@ -name: new_fuzz +name: Fuzz Test on: workflow_dispatch: workflow_call: + secrets: + AWS_ACCESS_KEY_ID: + required: true + AWS_SECRET_ACCESS_KEY: + required: true jobs: - fuzz: + Fuzz: runs-on: [self-hosted, ubuntu, asrunner] container: image: ubuntu:18.04 @@ -16,15 +21,16 @@ jobs: - name: db_map_fuzzer steps: - - uses: actions/checkout@v3 - - name: Pre-build run: | + echo "nameserver 8.8.8.8" > /etc/resolv.conf apt update && apt install -y sudo python3 git clang-tools cmake make automake ucommon-utils libtool gettext pkg-config build-essential clang-10 zlib1g-dev libbz2-dev ninja-build liblzma-dev autoconf libsnappy-dev libzstd-dev liblz4-dev binutils m4 g++-10 unzip curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install + - uses: actions/checkout@v3 + - name: Configure AWS credentials from Test account uses: aws-actions/configure-aws-credentials@v1 with: @@ -56,57 +62,10 @@ jobs: chmod +x prepfuz.sh bash -xv prepfuz.sh mkdir -p $GITHUB_WORKSPACE/out/ - ASAN_OPTIONS=detect_odr_violation=0 $GITHUB_WORKSPACE/fuzz/${{ matrix.name }} 2>&1 | sudo tee $GITHUB_WORKSPACE/out/${{ matrix.name }}.log-$GITHUB_SHA - tail -20 $GITHUB_WORKSPACE/out/${{ matrix.name }}.log-$GITHUB_SHA | grep "==AddressSanitizer. Thread limit (4194304 threads) exceeded\. Dying\." || echo "${{ matrix.name }} failed!" + ASAN_OPTIONS=detect_odr_violation=0 $GITHUB_WORKSPACE/fuzz/${{ matrix.name }} 2>&1 | tee $GITHUB_WORKSPACE/out/${{ matrix.name }}.log + tail -20 $GITHUB_WORKSPACE/out/${{ matrix.name }}.log | grep "==AddressSanitizer. Thread limit (4194304 threads) exceeded\. Dying\." || { echo "${{ matrix.name }} failed!" && false; } - - name: Copy ${{ matrix.name }} logs to S3 - run: | - aws s3 cp $GITHUB_WORKSPACE/out/${{ matrix.name }}.log-$GITHUB_SHA s3://spdb-github-ci/ - - fuzzer_sum: - runs-on: ubuntu-latest - container: - image: ubuntu:18.04 - needs: [ fuzz ] - - steps: - - uses: actions/checkout@v3 - - - name: pre - run: | - apt update && apt install -y sudo unzip curl - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" - unzip awscliv2.zip - sudo ./aws/install - - - name: Configure AWS credentials from Test account - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: eu-west-2 - - - name: download db_fuzzer.log from s3 - run: | - mkdir -p $GITHUB_WORKSPACE/out - aws s3 cp s3://spdb-github-ci/db_fuzzer.log $GITHUB_WORKSPACE/out/db_fuzzer.log || echo "db_fuzzer.log not found" - ls -alFh $GITHUB_WORKSPACE/out - - - name: download db_map_fuzzer.log from s3 - run: | - mkdir -p $GITHUB_WORKSPACE/out - aws s3 cp s3://spdb-github-ci/db_map_fuzzer.log $GITHUB_WORKSPACE/out/db_map_fuzzer.log || echo "db_map_fuzzer.log not found" - ls -alFh $GITHUB_WORKSPACE/out - - - name: fuzzersum + - name: Copy ${{ matrix.name }} logs to S3 due to failure + if: steps.${{ matrix.name }}.outcome == 'failure' run: | - echo "~~~~ db_map_fuzzer LOGS ~~~~~" - tail -20 $GITHUB_WORKSPACE/out/db_map_fuzzer.log | grep "==AddressSanitizer. Thread limit (4194304 threads) exceeded\. Dying\." || echo "db_map_fuzzer failed!" - echo "~~~~ db_fuzzer LOGS ~~~~~" - tail -20 $GITHUB_WORKSPACE/out/db_fuzzer.log | grep "==AddressSanitizer. Thread limit (4194304 threads) exceeded\. Dying\." || echo "db_fuzzer failed!" - - - name: clear s3 bucket - run: | - aws s3 rm s3://spdb-github-ci/ --recursive --include "*" - - + aws s3 cp $GITHUB_WORKSPACE/out/${{ matrix.name }}.log s3://spdb-github-ci/$GITHUB_SHA-${{ matrix.name }}.log