fix(cifuzz): address Copilot review — checkout, permissions, Go sanitizer, SARIF always

This commit is contained in:
can olgun 2026-06-12 14:32:37 +03:00
parent 3b1c57f7f1
commit 9040029d9c

View File

@ -6,25 +6,29 @@ on:
- '.github/workflows/cifuzz.yml' - '.github/workflows/cifuzz.yml'
push: push:
branches: [main, master] branches: [main, master]
permissions: permissions:
contents: read contents: read
security-events: write
jobs: jobs:
fuzzing: fuzzing:
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
sanitizer: [address, memory] sanitizer: [address]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Build Fuzzers (${{ matrix.sanitizer }}) - name: Build Fuzzers (${{ matrix.sanitizer }})
id: build id: build
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@ba0e2e0 # v1.0.0 uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@ba0e2e0399a10b7b42afb16e7a6c4ccd3ff52431
with: with:
oss-fuzz-project-name: 'gin' oss-fuzz-project-name: 'gin'
language: go language: go
sanitizer: ${{ matrix.sanitizer }} sanitizer: ${{ matrix.sanitizer }}
- name: Run Fuzzers (${{ matrix.sanitizer }}) - name: Run Fuzzers (${{ matrix.sanitizer }})
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@ba0e2e0 # v1.0.0 uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@ba0e2e0399a10b7b42afb16e7a6c4ccd3ff52431
with: with:
oss-fuzz-project-name: 'gin' oss-fuzz-project-name: 'gin'
language: go language: go
@ -32,8 +36,8 @@ jobs:
sanitizer: ${{ matrix.sanitizer }} sanitizer: ${{ matrix.sanitizer }}
output-sarif: true output-sarif: true
- name: Upload Sarif - name: Upload Sarif
if: steps.build.outcome == 'success' if: always() && steps.build.outcome == 'success'
uses: github/codeql-action/upload-sarif@601d5b1 # v3.28.15 uses: github/codeql-action/upload-sarif@601d5b1bcb3e5ef5eea97a6d0dcdbbb8c2b80116
with: with:
sarif_file: cifuzz-sarif/results.sarif sarif_file: cifuzz-sarif/results.sarif
category: fuzz-${{ matrix.sanitizer }} category: fuzz-${{ matrix.sanitizer }}