From 9040029d9caa7373784bdbc3b604710a962081bb Mon Sep 17 00:00:00 2001 From: can olgun Date: Fri, 12 Jun 2026 14:32:37 +0300 Subject: [PATCH] =?UTF-8?q?fix(cifuzz):=20address=20Copilot=20review=20?= =?UTF-8?q?=E2=80=94=20checkout,=20permissions,=20Go=20sanitizer,=20SARIF?= =?UTF-8?q?=20always?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/cifuzz.yml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml index f23238d3..10100853 100644 --- a/.github/workflows/cifuzz.yml +++ b/.github/workflows/cifuzz.yml @@ -6,25 +6,29 @@ on: - '.github/workflows/cifuzz.yml' push: branches: [main, master] + permissions: contents: read + security-events: write + jobs: fuzzing: runs-on: ubuntu-latest strategy: fail-fast: false matrix: - sanitizer: [address, memory] + sanitizer: [address] steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Build Fuzzers (${{ matrix.sanitizer }}) id: build - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@ba0e2e0 # v1.0.0 + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@ba0e2e0399a10b7b42afb16e7a6c4ccd3ff52431 with: oss-fuzz-project-name: 'gin' language: go sanitizer: ${{ matrix.sanitizer }} - name: Run Fuzzers (${{ matrix.sanitizer }}) - uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@ba0e2e0 # v1.0.0 + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@ba0e2e0399a10b7b42afb16e7a6c4ccd3ff52431 with: oss-fuzz-project-name: 'gin' language: go @@ -32,8 +36,8 @@ jobs: sanitizer: ${{ matrix.sanitizer }} output-sarif: true - name: Upload Sarif - if: steps.build.outcome == 'success' - uses: github/codeql-action/upload-sarif@601d5b1 # v3.28.15 + if: always() && steps.build.outcome == 'success' + uses: github/codeql-action/upload-sarif@601d5b1bcb3e5ef5eea97a6d0dcdbbb8c2b80116 with: sarif_file: cifuzz-sarif/results.sarif category: fuzz-${{ matrix.sanitizer }}