5dfa722738
Consolidate redundant Rust compilation jobs to cut PR cycle time from 2+ hours to ~30 minutes by reducing parallel cold compilations and upgrading runners. CI Run (ci-run.yml): - Merge lint + workspace-check + package-check → quality-gate (25min, 8vcpu) - Merge test + build → test-and-build (30min, 8vcpu) - Unify cache keys: prefix-key=zeroclaw-ci-v1, shared-key=runner.os-rust - Update ci-required gate, lint-feedback deps to reference new job names Security Audit (sec-audit.yml): - Merge audit + deny + security-regressions → rust-security (25min, 8vcpu) - Merge sbom + unsafe-debt → compliance (lightweight runner) - Add fast-path: non-Rust PRs skip Rust compilation entirely Frequency optimization (off PR path): - sec-codeql.yml: push-to-main + weekly only (was PR + push) - ci-reproducible-build.yml: push-to-main + weekly only (was PR + push) - ci-change-audit.yml: push-to-main only (was PR + push) Runner upgrades: - All Rust compilation jobs: 2vcpu → blacksmith-8vcpu-ubuntu-2404 - ci-supply-chain-provenance, test-fuzz: upgraded to 8vcpu - test-e2e: upgraded to 8vcpu, fixed env indentation bug Feature matrix (feature-matrix.yml): - Non-default lanes (whatsapp-web, browser-native, nightly-all-features) skip on compile profile, run on nightly only - resolve-profile + summary jobs use ubuntu-latest (no Rust compilation) Docs/scripts: - lint_feedback.js: update job name references for quality-gate - required-check-mapping.md: document new consolidated job names - ci-map.md: update trigger map, triage guide, maintenance rules - self-hosted-runner-remediation.md: update job name reference Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
76 lines
2.5 KiB
YAML
76 lines
2.5 KiB
YAML
name: Test Fuzz
|
|
|
|
on:
|
|
schedule:
|
|
- cron: "0 2 * * 0" # Weekly Sunday 2am UTC
|
|
workflow_dispatch:
|
|
inputs:
|
|
fuzz_seconds:
|
|
description: "Seconds to run each fuzz target"
|
|
required: false
|
|
default: "300"
|
|
|
|
concurrency:
|
|
group: fuzz-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
permissions:
|
|
contents: read
|
|
issues: write
|
|
|
|
env:
|
|
GIT_CONFIG_COUNT: "1"
|
|
GIT_CONFIG_KEY_0: core.hooksPath
|
|
GIT_CONFIG_VALUE_0: /dev/null
|
|
CARGO_TERM_COLOR: always
|
|
|
|
jobs:
|
|
fuzz:
|
|
name: Fuzz (${{ matrix.target }})
|
|
runs-on: blacksmith-8vcpu-ubuntu-2404
|
|
timeout-minutes: 60
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
target:
|
|
- fuzz_config_parse
|
|
- fuzz_tool_params
|
|
steps:
|
|
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
|
|
|
|
- uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable
|
|
with:
|
|
toolchain: nightly
|
|
components: llvm-tools-preview
|
|
|
|
- name: Install cargo-fuzz
|
|
run: cargo install cargo-fuzz --locked
|
|
|
|
- name: Run fuzz target
|
|
run: |
|
|
SECONDS="${{ github.event.inputs.fuzz_seconds || '300' }}"
|
|
echo "Fuzzing ${{ matrix.target }} for ${SECONDS}s"
|
|
cargo +nightly fuzz run ${{ matrix.target }} -- \
|
|
-max_total_time="${SECONDS}" \
|
|
-max_len=4096
|
|
continue-on-error: true
|
|
id: fuzz
|
|
|
|
- name: Upload crash artifacts
|
|
if: failure() || steps.fuzz.outcome == 'failure'
|
|
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
|
|
with:
|
|
name: fuzz-crashes-${{ matrix.target }}
|
|
path: fuzz/artifacts/${{ matrix.target }}/
|
|
retention-days: 30
|
|
if-no-files-found: ignore
|
|
|
|
- name: Report fuzz results
|
|
run: |
|
|
echo "### Fuzz: ${{ matrix.target }}" >> "$GITHUB_STEP_SUMMARY"
|
|
if [ "${{ steps.fuzz.outcome }}" = "failure" ]; then
|
|
echo "- :x: Crashes found — see artifacts" >> "$GITHUB_STEP_SUMMARY"
|
|
else
|
|
echo "- :white_check_mark: No crashes found" >> "$GITHUB_STEP_SUMMARY"
|
|
fi
|