summaryrefslogtreecommitdiffstats
path: root/.gitlab/ci/cifuzz.yml
diff options
context:
space:
mode:
Diffstat (limited to '.gitlab/ci/cifuzz.yml')
-rw-r--r--.gitlab/ci/cifuzz.yml46
1 files changed, 46 insertions, 0 deletions
diff --git a/.gitlab/ci/cifuzz.yml b/.gitlab/ci/cifuzz.yml
new file mode 100644
index 0000000..063b912
--- /dev/null
+++ b/.gitlab/ci/cifuzz.yml
@@ -0,0 +1,46 @@
+cifuzz:
+ variables:
+ OSS_FUZZ_PROJECT_NAME: cryptsetup
+ CFL_PLATFORM: gitlab
+ CIFUZZ_DEBUG: "True"
+ FUZZ_SECONDS: 300 # 5 minutes per fuzzer
+ ARCHITECTURE: "x86_64"
+ DRY_RUN: "False"
+ LOW_DISK_SPACE: "True"
+ BAD_BUILD_CHECK: "True"
+ LANGUAGE: "c"
+ DOCKER_HOST: "tcp://docker:2375"
+ DOCKER_IN_DOCKER: "true"
+ DOCKER_DRIVER: overlay2
+ DOCKER_TLS_CERTDIR: ""
+ image:
+ name: gcr.io/oss-fuzz-base/cifuzz-base
+ entrypoint: [""]
+ services:
+ - docker:dind
+
+ stage: test
+ parallel:
+ matrix:
+ - SANITIZER: [address, undefined, memory]
+ rules:
+ # Default code change.
+ # - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ # variables:
+ # MODE: "code-change"
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $BUILD_AND_RUN_FUZZERS != null
+ before_script:
+ # Get gitlab's container id.
+ - export CFL_CONTAINER_ID=`cut -c9- < /proc/1/cpuset`
+ script:
+ # Will build and run the fuzzers.
+ # We use a hack to override CI_JOB_ID, because otherwise a bad path is used
+ # in GitLab CI environment
+ - CI_JOB_ID="$CI_PROJECT_NAMESPACE/$CI_PROJECT_TITLE" python3 "/opt/oss-fuzz/infra/cifuzz/cifuzz_combined_entrypoint.py"
+ artifacts:
+ # Upload artifacts when a crash makes the job fail.
+ when: always
+ paths:
+ - artifacts/