SubTrackr/.github/workflows/fuzz-test.yml at main · Smartdevs17/SubTrackr · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
name: Cargo-Fuzz Pipeline

on:
  push:
    branches: [main, develop]
    paths:
      - 'contracts/subscription/**'
      - 'contracts/fuzz/**'
      - '.github/workflows/fuzz-test.yml'
      - '.github/corpus/**'
  pull_request:
    branches: [main, develop]
    paths:
      - 'contracts/subscription/**'
      - 'contracts/fuzz/**'
      - '.github/workflows/fuzz-test.yml'
  schedule:
    - cron: '0 6 * * 1'  # weekly: Monday 06:00 UTC

jobs:
  cargo-fuzz:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        target:
          - subscription
          - pricing
          - rate_limit
          - state_machine

    name: fuzz / ${{ matrix.target }}

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Install nightly toolchain (cargo-fuzz)
        uses: actions-rust-lang/setup-rust-toolchain@v1
        with:
          toolchain: nightly
          override: true
          components: llvm-tools

      - name: Install cargo-fuzz
        run: cargo install cargo-fuzz --locked

      - name: Restore seed corpus from cache
        uses: actions/cache@v4
        with:
          path: contracts/fuzz/corpus/${{ matrix.target }}
          key: corpus-${{ matrix.target }}-${{ hashFiles('.github/corpus/${{ matrix.target }}/**') }}
          restore-keys: |
            corpus-${{ matrix.target }}-

      - name: Copy seed corpus
        run: |
          mkdir -p contracts/fuzz/corpus/${{ matrix.target }}
          if [ -d ".github/corpus/${{ matrix.target }}" ]; then
            cp .github/corpus/${{ matrix.target }}/* contracts/fuzz/corpus/${{ matrix.target }}/ 2>/dev/null || true
          fi

      - name: Run cargo-fuzz (${{ matrix.target }})
        id: fuzz
        continue-on-error: true
        working-directory: contracts/fuzz
        run: |
          cargo fuzz run ${{ matrix.target }} \
            --sanitizer=address \
            -j 4 \
            -- \
            -max_total_time=1800 \
            -print_final_stats=1 \
            -artifact_prefix=artifacts/${{ matrix.target }}/

      - name: Upload crash artifacts
        if: steps.fuzz.outcome == 'failure'
        uses: actions/upload-artifact@v4
        with:
          name: crashes-${{ matrix.target }}-${{ github.run_id }}
          path: contracts/fuzz/artifacts/${{ matrix.target }}/
          retention-days: 14

      - name: Upload coverage corpus
        uses: actions/upload-artifact@v4
        with:
          name: corpus-${{ matrix.target }}-${{ github.run_id }}
          path: contracts/fuzz/corpus/${{ matrix.target }}/
          retention-days: 7

      - name: Save updated corpus to cache
        uses: actions/cache@v4
        with:
          path: contracts/fuzz/corpus/${{ matrix.target }}
          key: corpus-${{ matrix.target }}-${{ hashFiles('contracts/fuzz/corpus/${{ matrix.target }}/**') }}

      - name: Notify on crash
        if: steps.fuzz.outcome == 'failure'
        run: |
          echo "::error::cargo-fuzz target '${{ matrix.target }}' found a crash!"
          echo "Download artifacts from: crashes-${{ matrix.target }}-${{ github.run_id }}"
          echo "To reproduce locally: cd contracts/fuzz && cargo fuzz run ${{ matrix.target }} <crash-file>"