fix: address CodeRabbit review — pin actions, narrow paths, add memory sanitizer

This commit is contained in:
can olgun 2026-06-12 11:58:34 +03:00
parent 1aa741f4b8
commit 3b1c57f7f1

View File

@ -2,7 +2,8 @@ name: CIFuzz
on: on:
pull_request: pull_request:
paths: paths:
- '**' - '**.go'
- '.github/workflows/cifuzz.yml'
push: push:
branches: [main, master] branches: [main, master]
permissions: permissions:
@ -13,17 +14,17 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
sanitizer: [address] sanitizer: [address, memory]
steps: steps:
- name: Build Fuzzers (${{ matrix.sanitizer }}) - name: Build Fuzzers (${{ matrix.sanitizer }})
id: build id: build
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@ba0e2e0 # v1.0.0
with: with:
oss-fuzz-project-name: 'gin' oss-fuzz-project-name: 'gin'
language: go language: go
sanitizer: ${{ matrix.sanitizer }} sanitizer: ${{ matrix.sanitizer }}
- name: Run Fuzzers (${{ matrix.sanitizer }}) - name: Run Fuzzers (${{ matrix.sanitizer }})
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@ba0e2e0 # v1.0.0
with: with:
oss-fuzz-project-name: 'gin' oss-fuzz-project-name: 'gin'
language: go language: go
@ -31,8 +32,8 @@ jobs:
sanitizer: ${{ matrix.sanitizer }} sanitizer: ${{ matrix.sanitizer }}
output-sarif: true output-sarif: true
- name: Upload Sarif - name: Upload Sarif
if: always() && steps.build.outcome == 'success' if: steps.build.outcome == 'success'
uses: github/codeql-action/upload-sarif@v3 uses: github/codeql-action/upload-sarif@601d5b1 # v3.28.15
with: with:
sarif_file: cifuzz-sarif/results.sarif sarif_file: cifuzz-sarif/results.sarif
category: fuzz-${{ matrix.sanitizer }} category: fuzz-${{ matrix.sanitizer }}