Skip to content

Various hardening for commonutils library internal calls for fuzzing #129

Various hardening for commonutils library internal calls for fuzzing

Various hardening for commonutils library internal calls for fuzzing #129

Workflow file for this run

name: CI with sanitizers enabled
on:
pull_request:
schedule:
- cron: '0 20 * * *' # Every day at 12pm PST (UTC-8)
env:
BUILD_TYPE: Debug
MOUNT: /azure-osconfig
REGISTRY: ghcr.io
SANITIZER_FLAGS: -fsanitize=address,undefined -fno-omit-frame-pointer -g -O1
jobs:
create-ci-matrix:
name: Build CI distro matrix
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.get-matrix.outputs.matrix }}
steps:
- name: Get matrix
id: get-matrix
run: |
matrix="$(cat <<'EOL'
[
{ "name": "ubuntu-22.04", "arch": "amd64", "tag": "latest" }
]
EOL
)"
echo Distros to perform CI on: $matrix
echo matrix=$matrix >> $GITHUB_OUTPUT
unit-test:
name: Unit test
needs: create-ci-matrix
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
target: ${{ fromJson(needs.create-ci-matrix.outputs.matrix) }}
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
clean: true
- name: Docker login
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Run container
id: container
uses: ./.github/actions/container-run
with:
registry: ${{ env.REGISTRY }}
container: azure/azure-osconfig/${{ matrix.target.name }}-${{ matrix.target.arch }}
mount: ${{ github.workspace }}:${{ env.MOUNT }}
tag: ${{ matrix.target.tag }}
- name: Generate build
uses: ./.github/actions/container-exec
with:
container: ${{ steps.container.outputs.id }}
cmd: |
mkdir build && cd build
cmake ../src -DCMAKE_C_COMPILER="/usr/bin/gcc" -DCMAKE_CXX_COMPILER="/usr/bin/g++" -DCMAKE_C_FLAGS="${{ env.SANITIZER_FLAGS }}" -DCMAKE_CXX_FLAGS="${{ env.SANITIZER_FLAGS }}" -DCMAKE_build-type=${{ env.BUILD_TYPE }} -Duse_prov_client=ON -Dhsm_type_symm_key=ON -DCOMPILE_WITH_STRICTNESS=ON -DBUILD_TESTS=ON -DBUILD_SAMPLES=ON -DBUILD_ADAPTERS=ON -Duse_default_uuid=ON
- name: Build Azure OSConfig
uses: ./.github/actions/container-exec
with:
container: ${{ steps.container.outputs.id }}
working-directory: ${{ env.MOUNT }}/build
cmd: cmake --build . --config ${{ env.BUILD_TYPE }} --parallel
- name: Run ctest
uses: ./.github/actions/container-exec
with:
container: ${{ steps.container.outputs.id }}
working-directory: ${{ env.MOUNT }}/build
cmd: ctest --verbose > ../${{ matrix.target.name }}-${{ matrix.target.arch }}-sanitizer.log
- name: Generate test report
uses: ./.github/actions/gtest-xml
if: success() || failure()
with:
path: ./build/gtest-output
output: ${{ matrix.target.name }}-${{ matrix.target.arch }}-sanitizer.xml
- uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: unit-test-${{ matrix.target.name }}-${{ matrix.target.arch }}-sanitizer
path: |
${{ matrix.target.name }}-${{ matrix.target.arch }}-sanitizer.log
${{ matrix.target.name }}-${{ matrix.target.arch }}-sanitizer.xml
report:
name: Report
needs: unit-test
runs-on: ubuntu-latest
permissions:
checks: write
pull-requests: write
if: always()
steps:
- name: Download Test Report Artifacts
uses: actions/download-artifact@v4
with:
path: ci-test
pattern: 'unit-test-*-sanitizer'
merge-multiple: true
- name: Publish Test Results
uses: EnricoMi/publish-unit-test-result-action@v2
with:
files: 'ci-test/*-sanitizer.xml'