name: CIFuzz
permissions:
contents: read
on:
push:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
fuzzing:
name: Fuzzing
runs-on: ubuntu-latest
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 with:
egress-policy: audit
- name: Build Fuzzers
id: build
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@c4ba43bddbf3043c18ebc8f8d0fa16e95e7a41cb with:
language: rust
- name: Run Fuzzers
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@c4ba43bddbf3043c18ebc8f8d0fa16e95e7a41cb with:
fuzz-seconds: 300
language: rust
- name: Upload Crash
if: failure() && steps.build.outcome == 'success'
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a with:
name: artifacts
path: ./out/artifacts