From ec2541b8e79d35c280301136717af707e844ae95 Mon Sep 17 00:00:00 2001 From: Nodar Ambroladze Date: Thu, 25 Jan 2024 15:33:24 +0100 Subject: [PATCH 01/13] Fix nitro-fuzzer entrypoint argument --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9f8a5a75df..8a4b40e1fd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -198,7 +198,7 @@ FROM debian:bookworm-slim as nitro-fuzzer COPY --from=fuzz-builder /workspace/fuzzers/*.fuzz /usr/local/bin/ COPY ./scripts/fuzz.bash /usr/local/bin RUN mkdir /fuzzcache -ENTRYPOINT [ "/usr/local/bin/fuzz.bash", "--binary-path", "/usr/local/bin/", "--fuzzcache-path", "/fuzzcache" ] +ENTRYPOINT [ "/usr/local/bin/fuzz.bash", "FuzzStateTransition", "--binary-path", "/usr/local/bin/", "--fuzzcache-path", "/fuzzcache" ] FROM debian:bookworm-slim as nitro-node-slim WORKDIR /home/user From 4445f9337909e5da6ab5118dd858feac244efe3d Mon Sep 17 00:00:00 2001 From: Nodar Ambroladze Date: Thu, 25 Jan 2024 15:44:07 +0100 Subject: [PATCH 02/13] Fix script to complain when neither build nor fuzzer name is specified --- scripts/fuzz.bash | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/fuzz.bash b/scripts/fuzz.bash index d236f90ce8..f1f84d9ba1 100755 --- a/scripts/fuzz.bash +++ b/scripts/fuzz.bash @@ -83,6 +83,11 @@ while [[ $# -gt 0 ]]; do esac done +if [[ "$run_build" == "false" && -z "$test_group" ]]; then + echo you must specify either --build flag or fuzzer-name + printusage +fi + if $run_build; then for build_group in system_tests arbstate; do go test -c ${nitropath}/${build_group} -fuzz Fuzz -o "$binpath"/${build_group}.fuzz From 2e5832e33b91fa851c2267ad76cddec59d335f36 Mon Sep 17 00:00:00 2001 From: Nodar Ambroladze Date: Thu, 25 Jan 2024 16:26:54 +0100 Subject: [PATCH 03/13] Add flag to fuzz script for timeout --- scripts/fuzz.bash | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/scripts/fuzz.bash b/scripts/fuzz.bash index f1f84d9ba1..91373d81f4 100755 --- a/scripts/fuzz.bash +++ b/scripts/fuzz.bash @@ -7,12 +7,14 @@ cd "$mydir" function printusage { echo Usage: $0 --build \[--binary-path PATH\] - echo " " $0 \ \[--binary-path PATH\] \[--fuzzcache-path PATH\] \[--nitro-path PATH\] + echo " " $0 \ \[--binary-path PATH\] \[--fuzzcache-path PATH\] \[--nitro-path PATH\] \[--duration DURATION\] echo echo fuzzer names: echo " " FuzzPrecompiles echo " " FuzzInboxMultiplexer echo " " FuzzStateTransition + echo + echo " " duration in minutes } if [[ $# -eq 0 ]]; then @@ -26,6 +28,7 @@ fuzzcachepath=../target/var/fuzz-cache nitropath=../ run_build=false test_group="" +duration=60 while [[ $# -gt 0 ]]; do case $1 in --nitro-path) @@ -55,6 +58,15 @@ while [[ $# -gt 0 ]]; do shift shift ;; + --duration) + duration="$2" + if ! [[ "$duration" =~ ^[0-9]+$ ]]; then + echo "Invalid timeout duration. Please specify positive integer (in minutes)" + exit 1 + fi + shift + shift + ;; --build) run_build=true shift @@ -95,5 +107,5 @@ if $run_build; then fi if [[ ! -z $test_group ]]; then - "$binpath"/${test_group}.fuzz -test.run "^$" -test.fuzzcachedir "$fuzzcachepath" -test.fuzz $test_name + timeout "$((60 * duration))" "$binpath"/${test_group}.fuzz -test.run "^$" -test.fuzzcachedir "$fuzzcachepath" -test.fuzz $test_name fi From 601681a1e758ee3bb0b09989fc76e27adb8b1739 Mon Sep 17 00:00:00 2001 From: Nodar Ambroladze Date: Thu, 25 Jan 2024 16:31:53 +0100 Subject: [PATCH 04/13] Add workflow for release ci that is triggered with PR tag, run nitro fuzzer in it --- .github/workflows/release-ci.yml | 37 ++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/workflows/release-ci.yml diff --git a/.github/workflows/release-ci.yml b/.github/workflows/release-ci.yml new file mode 100644 index 0000000000..729b2696ff --- /dev/null +++ b/.github/workflows/release-ci.yml @@ -0,0 +1,37 @@ +name: Release CI +run-name: Release CI triggered from @${{ github.actor }} of ${{ github.head_ref }} + +on: + pull_request: + types: + - master + - develop + +jobs: + build_and_run: + runs-on: ubuntu-8 + + steps: + - name: Checkout Repository + uses: actions/checkout@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Check PR Title For Release Candidate Tag ([Release]) + run: | + if [[ ${{ github.event.pull_request.title }} == "[Release]" ]]; then + echo "Release candidate." + else + echo "Not a release candidate. Skipping workflow." + exit 0 + fi + + - name: Build nitro-fuzzer Docker Image + run: docker build --target nitro-fuzzer -t nitro-fuzzer-image . + + - name: Run Docker Container + run: docker run --name nitro-fuzzer-container nitro-fuzzer-image & + + - name: Stop Docker Container + run: docker stop nitro-fuzzer-container From 86cf5ca837284a0f2671799be9c68aa457f070a3 Mon Sep 17 00:00:00 2001 From: Nodar Ambroladze Date: Thu, 25 Jan 2024 16:41:03 +0100 Subject: [PATCH 05/13] Trigger workflow from label instead of PR title --- .github/workflows/release-ci.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release-ci.yml b/.github/workflows/release-ci.yml index 729b2696ff..8dff82ec9d 100644 --- a/.github/workflows/release-ci.yml +++ b/.github/workflows/release-ci.yml @@ -18,9 +18,9 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 - - name: Check PR Title For Release Candidate Tag ([Release]) + - name: Check PR Label For Release label run: | - if [[ ${{ github.event.pull_request.title }} == "[Release]" ]]; then + if contains(github.event.pull_request.labels.*.name, 'release') echo "Release candidate." else echo "Not a release candidate. Skipping workflow." @@ -28,10 +28,7 @@ jobs: fi - name: Build nitro-fuzzer Docker Image - run: docker build --target nitro-fuzzer -t nitro-fuzzer-image . + run: docker build --target nitro-fuzzer -t nitro-fuzzer . - name: Run Docker Container - run: docker run --name nitro-fuzzer-container nitro-fuzzer-image & - - - name: Stop Docker Container - run: docker stop nitro-fuzzer-container + run: docker run nitro-fuzzer From 32ea163d1549ad40300370f09efa61b979ad8b45 Mon Sep 17 00:00:00 2001 From: Nodar Ambroladze Date: Thu, 25 Jan 2024 16:44:53 +0100 Subject: [PATCH 06/13] Update workflow triggering conditions --- .github/workflows/release-ci.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-ci.yml b/.github/workflows/release-ci.yml index 8dff82ec9d..14121e6ece 100644 --- a/.github/workflows/release-ci.yml +++ b/.github/workflows/release-ci.yml @@ -2,11 +2,13 @@ name: Release CI run-name: Release CI triggered from @${{ github.actor }} of ${{ github.head_ref }} on: + workflow_dispatch: + merge_group: pull_request: - types: + push: + branches: - master - develop - jobs: build_and_run: runs-on: ubuntu-8 From 991f055de6a9867c1b1d4514d1d9273114d24c50 Mon Sep 17 00:00:00 2001 From: Nodar Ambroladze Date: Thu, 25 Jan 2024 17:01:58 +0100 Subject: [PATCH 07/13] Fix workflow syntax --- .github/workflows/release-ci.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release-ci.yml b/.github/workflows/release-ci.yml index 14121e6ece..9fbe22d87d 100644 --- a/.github/workflows/release-ci.yml +++ b/.github/workflows/release-ci.yml @@ -21,13 +21,10 @@ jobs: uses: docker/setup-buildx-action@v1 - name: Check PR Label For Release label + if: !contains(github.event.pull_request.labels.*.name, 'release') run: | - if contains(github.event.pull_request.labels.*.name, 'release') - echo "Release candidate." - else - echo "Not a release candidate. Skipping workflow." - exit 0 - fi + echo "Not a release candidate. Skipping workflow." + exit 0 - name: Build nitro-fuzzer Docker Image run: docker build --target nitro-fuzzer -t nitro-fuzzer . From e71ca4b5148db599b304bb9849067ae39f230873 Mon Sep 17 00:00:00 2001 From: Nodar Ambroladze Date: Thu, 25 Jan 2024 17:08:32 +0100 Subject: [PATCH 08/13] Yet another attempt to fix workflow syntax --- .github/workflows/release-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-ci.yml b/.github/workflows/release-ci.yml index 9fbe22d87d..b5dae57458 100644 --- a/.github/workflows/release-ci.yml +++ b/.github/workflows/release-ci.yml @@ -21,7 +21,7 @@ jobs: uses: docker/setup-buildx-action@v1 - name: Check PR Label For Release label - if: !contains(github.event.pull_request.labels.*.name, 'release') + if: ${{ !contains(github.event.*.labels.*.name, 'release') }} run: | echo "Not a release candidate. Skipping workflow." exit 0 From ee8cc8d2350c05ba5b429748aec8a94e06cf58fa Mon Sep 17 00:00:00 2001 From: Nodar Ambroladze Date: Thu, 25 Jan 2024 17:17:45 +0100 Subject: [PATCH 09/13] Checout submodules recursively in the workflow, cache docker layers --- .github/workflows/release-ci.yml | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release-ci.yml b/.github/workflows/release-ci.yml index b5dae57458..4981513a13 100644 --- a/.github/workflows/release-ci.yml +++ b/.github/workflows/release-ci.yml @@ -14,11 +14,23 @@ jobs: runs-on: ubuntu-8 steps: - - name: Checkout Repository - uses: actions/checkout@v2 + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: recursive - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 + with: + driver-opts: network=host + + - name: Cache Docker layers + uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ hashFiles('Dockerfile') }} + restore-keys: ${{ runner.os }}-buildx- + - name: Check PR Label For Release label if: ${{ !contains(github.event.*.labels.*.name, 'release') }} From 14fb850901b57393809853b7d532537cf65c78d2 Mon Sep 17 00:00:00 2001 From: Nodar Ambroladze Date: Fri, 26 Jan 2024 12:04:44 +0100 Subject: [PATCH 10/13] Ignore timeout error, and error out only if the fuzzing binary errors out --- scripts/fuzz.bash | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/scripts/fuzz.bash b/scripts/fuzz.bash index 91373d81f4..6271b917b6 100755 --- a/scripts/fuzz.bash +++ b/scripts/fuzz.bash @@ -107,5 +107,12 @@ if $run_build; then fi if [[ ! -z $test_group ]]; then - timeout "$((60 * duration))" "$binpath"/${test_group}.fuzz -test.run "^$" -test.fuzzcachedir "$fuzzcachepath" -test.fuzz $test_name + timeout "$((60 * duration))" "$binpath"/${test_group}.fuzz -test.run "^$" -test.fuzzcachedir "$fuzzcachepath" -test.fuzz $test_name || exit_status=$? fi + +if [ -n "$exit_status" ] && [ $exit_status -ne 0 ] && [ $exit_status -ne 124 ]; then + echo "Fuzzing failed." + exit $exit_status +fi + +echo "Fuzzing succeeded." From 254de23352ce8f03398e249a4452207a8ec8851b Mon Sep 17 00:00:00 2001 From: Nodar Ambroladze Date: Tue, 30 Jan 2024 14:21:04 +0100 Subject: [PATCH 11/13] Revert running fuzzer in release-ci --- .github/workflows/release-ci.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/release-ci.yml b/.github/workflows/release-ci.yml index 4981513a13..29a1732f15 100644 --- a/.github/workflows/release-ci.yml +++ b/.github/workflows/release-ci.yml @@ -37,9 +37,3 @@ jobs: run: | echo "Not a release candidate. Skipping workflow." exit 0 - - - name: Build nitro-fuzzer Docker Image - run: docker build --target nitro-fuzzer -t nitro-fuzzer . - - - name: Run Docker Container - run: docker run nitro-fuzzer From 07c74c7d4cecd4e456e63bf87d71b59f55ae8ef1 Mon Sep 17 00:00:00 2001 From: Nodar Ambroladze Date: Wed, 31 Jan 2024 11:55:12 +0100 Subject: [PATCH 12/13] Change release workflow trigger condition --- .github/workflows/release-ci.yml | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/.github/workflows/release-ci.yml b/.github/workflows/release-ci.yml index 29a1732f15..0439b3f420 100644 --- a/.github/workflows/release-ci.yml +++ b/.github/workflows/release-ci.yml @@ -2,13 +2,9 @@ name: Release CI run-name: Release CI triggered from @${{ github.actor }} of ${{ github.head_ref }} on: - workflow_dispatch: - merge_group: - pull_request: - push: - branches: - - master - - develop + release: + types: [created, published] + jobs: build_and_run: runs-on: ubuntu-8 @@ -30,10 +26,3 @@ jobs: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ hashFiles('Dockerfile') }} restore-keys: ${{ runner.os }}-buildx- - - - - name: Check PR Label For Release label - if: ${{ !contains(github.event.*.labels.*.name, 'release') }} - run: | - echo "Not a release candidate. Skipping workflow." - exit 0 From 5969a112e883c0e9bd885cca15887a71536acc93 Mon Sep 17 00:00:00 2001 From: Nodar Ambroladze Date: Thu, 1 Feb 2024 13:54:59 +0100 Subject: [PATCH 13/13] Change trigger to workflow_dispatch only --- .github/workflows/release-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/release-ci.yml b/.github/workflows/release-ci.yml index 0439b3f420..036bf46538 100644 --- a/.github/workflows/release-ci.yml +++ b/.github/workflows/release-ci.yml @@ -2,8 +2,7 @@ name: Release CI run-name: Release CI triggered from @${{ github.actor }} of ${{ github.head_ref }} on: - release: - types: [created, published] + workflow_dispatch: jobs: build_and_run: