hyperlight/.github/workflows/Fuzzing.yml at cb1ceb5389111cee070482d91d3b68e3c04822e8 · hyperlight-dev/hyperlight · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
name: Fuzzing Workflow

on:
  schedule:
    - cron: '0 0 * * 0' # Runs at 00:00 every Sunday
  workflow_dispatch: # Allow manual triggering

permissions:
  contents: read

jobs:
  # Build guests first - fuzzing needs the release guest artifacts
  build-guests:
    uses: ./.github/workflows/dep_build_guests.yml
    secrets: inherit
    with:
      config: release

  fuzzing:
    needs: build-guests
    uses: ./.github/workflows/dep_fuzzing.yml
    with:
      targets: '["fuzz_host_print", "fuzz_guest_call", "fuzz_host_call", "fuzz_guest_estimate_trace_event", "fuzz_guest_trace"]' # Pass as a JSON array
      max_total_time: 18000 # 5 hours in seconds
    secrets: inherit

  notify-failure:
    runs-on: ubuntu-latest
    needs: [build-guests, fuzzing]
    if: always() && (needs.build-guests.result == 'failure' || needs.fuzzing.result == 'failure')
    permissions:
      issues: write
    steps:
      - name: Checkout code
        uses: actions/checkout@v6

      - name: Notify Fuzzing Failure
        run: ./dev/notify-ci-failure.sh --labels="area/fuzzing,area/testing,lifecycle/needs-review,release-blocker"
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}