diff --git a/.github/actions/run-fuzzers/action.yml b/.github/actions/run-fuzzers/action.yml index 2e027aae15..c20635d40e 100644 --- a/.github/actions/run-fuzzers/action.yml +++ b/.github/actions/run-fuzzers/action.yml @@ -53,11 +53,11 @@ inputs: report-unreproducible-crashes: description: 'If True, then unreproducible crashes will be reported.' required: false - default: False + default: false minimize-crashes: description: 'If True, reportable crashes will be minimized.' required: false - default: False + default: false parallel-fuzzing: description: "Whether to use all available cores for fuzzing." required: false @@ -91,7 +91,11 @@ runs: REPORT_UNREPRODUCIBLE_CRASHES: ${{ inputs.report-unreproducible-crashes }} OUTPUT_SARIF: ${{ inputs.output-sarif }} MINIMIZE_CRASHES: ${{ inputs.minimize-crashes }} - CFL_PLATFORM: 'github' + CFL_PLATFORM: 'standalone' # don't access GitHub artifacts + FILESTORE_ROOT_DIR: '/no/such/dir' # no corpus is available + WORKSPACE: '/github/workspace' + REPOSITORY: 'trezor-firmware' + CIFUZZ_DEBUG: 'True' PARALLEL_FUZZING: ${{ inputs.parallel-fuzzing }} REPORT_TIMEOUTS: ${{ inputs.report-timeouts }} REPORT_OOMS: ${{ inputs.report-ooms}} diff --git a/.github/workflows/cflite.yml b/.github/workflows/cflite.yml index dc75831586..f53decea1d 100644 --- a/.github/workflows/cflite.yml +++ b/.github/workflows/cflite.yml @@ -21,6 +21,7 @@ jobs: matrix: sanitizer: [address] steps: + - uses: actions/checkout@v4 # needed to use the modified `run-fuzzers` action - name: Build Fuzzers (${{ matrix.sanitizer }}) id: build uses: google/clusterfuzzlite/actions/build_fuzzers@v1 @@ -29,7 +30,7 @@ jobs: language: c - name: Run Fuzzers (${{ matrix.sanitizer }}) id: run - uses: google/clusterfuzzlite/actions/run_fuzzers@v1 + uses: ./.github/actions/run-fuzzers with: github-token: ${{ secrets.GITHUB_TOKEN }} fuzz-seconds: 400