forked from mirrors/kingfisher
3e0569d741
Move write permissions from workflow top-level to job-level in cflite_batch, cflite_pr, and release-docker workflows. Add sigstore build provenance attestation to the release workflow via actions/attest-build-provenance. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
35 lines
916 B
YAML
35 lines
916 B
YAML
name: ClusterFuzzLite batch fuzzing
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
BatchFuzzing:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
security-events: write
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
sanitizer:
|
|
- address
|
|
steps:
|
|
- name: Build Fuzzers (${{ matrix.sanitizer }})
|
|
id: build
|
|
uses: google/clusterfuzzlite/actions/build_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1
|
|
with:
|
|
language: rust
|
|
sanitizer: ${{ matrix.sanitizer }}
|
|
|
|
- name: Run Fuzzers (${{ matrix.sanitizer }})
|
|
id: run
|
|
uses: google/clusterfuzzlite/actions/run_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1
|
|
with:
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
fuzz-seconds: 3600
|
|
mode: 'batch'
|
|
sanitizer: ${{ matrix.sanitizer }}
|
|
output-sarif: true
|