kingfisher/.github/workflows/cflite_pr.yml

name: ClusterFuzzLite PR fuzzing

on:
  pull_request:
    branches:
      - main

permissions:
  contents: read

jobs:
  PR:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
    concurrency:
      group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}
      cancel-in-progress: true
    strategy:
      fail-fast: false
      matrix:
        sanitizer:
          - address
    steps:
      - name: Build Fuzzers (${{ matrix.sanitizer }})
        id: build
        uses: google/clusterfuzzlite/actions/build_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1
        with:
          language: rust
          github-token: ${{ secrets.GITHUB_TOKEN }}
          sanitizer: ${{ matrix.sanitizer }}

      - name: Run Fuzzers (${{ matrix.sanitizer }})
        id: run
        uses: google/clusterfuzzlite/actions/run_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          fuzz-seconds: 300
          mode: 'code-change'
          sanitizer: ${{ matrix.sanitizer }}
          output-sarif: true