5252 check-latest : true
5353 cache : true
5454 -
55- name : Install Tools
56- # TODO: pin version -> fork + update dedicated github action
57- run : |
58- go install gotest.tools/gotestsum@latest
55+ name : Install gotestsum
56+ uses : go-openapi/gh-actions/install/gotestsum@f20ba527e5c672716f01e7b27f52674c8f97b7db
5957 -
6058 name : Run unit tests
6159 shell : bash
6967 -timeout=20m
7068 -coverprofile='unit.coverage.${{ matrix.os }}-${{ matrix.go }}.out'
7169 -covermode=atomic
72- -coverpkg=$(go list)/...
70+ -coverpkg=" $(go list)" /...
7371 ./...
7472
7573 name : Upload coverage artifacts
8987 name : ' unit.report.${{ matrix.os }}-${{ matrix.go }}'
9088 retention-days : 1
9189
92- fuzz-test :
93- name : fuzz test
94- runs-on : ubuntu-latest
95- env :
96- CORPUS_MAX_SIZE_MB : 100
97- steps :
98- -
99- uses : actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
100- -
101- uses : actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
102- with :
103- go-version : stable
104- check-latest : true
105- cache : true
106- -
107- name : Locate go fuzz cache
108- run : |
109- GOCACHE=$(go env GOCACHE)
110- echo "CORPUS_DIR=${GOCACHE}/fuzz" >> "${GITHUB_ENV}"
111-
112- name : Retrieve fuzz corpus from cache
113- uses : actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
114- with :
115- key : ${{ runner.os }}-go-fuzz
116- path :
117- ${{ env.CORPUS_DIR }}
118- -
119- name : Manage fuzz corpus cache size
120- run : |
121- mkdir -p "${CORPUS_DIR}"
122- CURRENT_SIZE=$(du -sm "${CORPUS_DIR}"|cut -f1)
123- echo "corpus size: ${CURRENT_SIZE}MB"
124- if [[ "${CURRENT_SIZE}" -gt "${CORPUS_MAX_SIZE}" ]] ; then
125- # remove the 50 oldest corpus files
126- echo "::warning:Large fuzz corpus pruned"
127- find "${CORPUS_DIR}" -type f|ls -t|tail -n +50|xargs rm -f
128- fi
129-
130- name : Run go fuzz tests
131- run : >
132- go test
133- -fuzz=Fuzz
134- -run=Fuzz
135- -fuzztime=1m30s
136- -fuzzminimizetime=5m
137- ./...
138-
139- name : Upload failed corpus
140- if : ${{ failure() }}
141- uses : actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
142- with :
143- path : ${{ env.CORPUS_DIR }}
144- name : ' ${{ runner.os }}-fuzz-corpus-failure'
145- retention-days : 60
146- -
147- name : Report fuzz corpus cache size
148- run : |
149- FINAL_SIZE=$(du -m "${CORPUS_DIR}"|cut -f1)
150- echo "::notice title=fuzz corpus size:${FINAL_SIZE}MB"
151-
152-
15390 test-complete :
15491 # description: |
15592 # Be explicit about all tests being passed. This allows for setting up only a few status checks on PRs.
@@ -206,12 +143,6 @@ jobs:
206143 if : ${{ !cancelled() }}
207144 runs-on : ubuntu-latest
208145 steps :
209- -
210- uses : actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
211- with :
212- go-version : stable
213- check-latest : true
214- cache : true
215146 -
216147 name : Download test report artifacts
217148 uses : actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
@@ -220,6 +151,9 @@ jobs:
220151 pattern : " *.report.*"
221152 # artifacts resolve as folders
222153 path : reports/
154+ -
155+ name : Install go-junit-report
156+ uses : go-openapi/gh-actions/install/go-junit-report@f20ba527e5c672716f01e7b27f52674c8f97b7db
223157 -
224158 name : Convert test reports to a merged JUnit XML
225159 # NOTE: codecov test reports only support JUnit format at this moment. See https://docs.codecov.com/docs/test-analytics.
@@ -228,14 +162,10 @@ jobs:
228162 # As a contemplated alternative, we could use gotestsum above to produce the JUnit XML directly.
229163 # At this moment, we keep a json format to dispatch test reports to codecov as well as to CTRF reports.
230164 #
231- # TODO(fredbi): sec compliance - pin go-junit-report
232165 # TODO(fredbi): investigate - use mikepenz/action-junit-report@v5, that packages most of the following scripts
233166 # in a single action. Alternative: for that action.
234167 run : |
235- go install github.com/jstemmer/go-junit-report/v2@latest
236- go-junit-report -version
237-
238- find reports/ -name \*.json | xargs cat | go-junit-report -parser gojson -out=reports/junit_report.xml
168+ find reports/ -name \*.json -print0 | xargs -0 cat | go-junit-report -parser gojson -out=reports/junit_report.xml
239169
240170 name : Upload test results to Codecov
241171 # This allows for using the test results UI on codecov
@@ -246,14 +176,14 @@ jobs:
246176 fail_ci_if_error : false
247177 handle_no_reports_found : true
248178 verbose : true
179+ -
180+ name : Install go-ctrf-json-reporter
181+ uses : go-openapi/gh-actions/install/go-ctrf-json-reporter@f20ba527e5c672716f01e7b27f52674c8f97b7db
249182 -
250183 name : Convert test reports to CTRF JSON
251184 # description: |
252185 # This step publishes CTRF test reports on github UI (actions)
253- # TODO: pin this dependency
254186 run : |
255- go install github.com/ctrf-io/go-ctrf-json-reporter/cmd/go-ctrf-json-reporter@v0.0.10
256-
257187 appName="${{ github.repository }}"
258188 buildNumber="${{ github.run_id }}"
259189 appVersion="${{ github.event.pull_request.head.sha }}"
@@ -263,11 +193,9 @@ jobs:
263193 fi
264194
265195 # reconstruct platform information from the file name
266- # set -x
267- while read report ; do
268- # 'unit.report.${{ matrix.os }}-${{ matrix.go }}.json'
196+ while read -r report ; do
269197 reformated=$(echo "${report##*/}"|sed -E 's/(go)([[:digit:]]+)\.([[:digit:]]+)/\1\2\3/') # e.g. go1.24 becomes go124
270- mapfile -d'.' -t -s 2 -n 2 split < <(echo $reformated) # skip the first 2 parts, stop on 2 more parts
198+ mapfile -d'.' -t -s 2 -n 2 split < <(echo " $reformated" ) # skip the first 2 parts, stop on 2 more parts
271199 envstring="${split[0]}"
272200 osPlatform="${envstring%-*}"
273201 osRelease="${envstring##*-}"
@@ -306,3 +234,109 @@ jobs:
306234 summary-report : true # post a report to the github actions summary
307235 github-report : true
308236 failed-folded-report : true
237+
238+ fuzz-test :
239+ name : fuzz test
240+ runs-on : ubuntu-latest
241+ env :
242+ CORPUS_MAX_SIZE_MB : 250
243+ FUZZ_TIME : 1m30s
244+ FUZZ_MINIMIZE_TIME : 5m
245+ steps :
246+ -
247+ uses : actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
248+ -
249+ uses : actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
250+ with :
251+ go-version : stable
252+ check-latest : true
253+ cache : true
254+ -
255+ name : Locate go fuzz cache
256+ run : |
257+ GOCACHE=$(go env GOCACHE)
258+ echo "CORPUS_DIR=${GOCACHE}/fuzz" >> "${GITHUB_ENV}"
259+
260+ name : Retrieve fuzz corpus from cache
261+ uses : actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
262+ with :
263+ key : ${{ runner.os }}-go-fuzz
264+ path :
265+ ${{ env.CORPUS_DIR }}
266+ -
267+ name : Manage fuzz corpus cache size
268+ run : |
269+ mkdir -p "${CORPUS_DIR}"
270+ # This script checks that the size of the corpus cache doesn't exceed ${CORPUS_MAX_SIZE_MB},
271+ # and if it does, it removes all oldest files beyond that size.
272+
273+ function size() {
274+ local location=$1
275+ local unit=$2
276+
277+ du -s"${unit}" "${location}"|cut -f1
278+ }
279+
280+ function purge() {
281+ local location=$1
282+ local max_size_b=$2
283+ declare -i current_size_b=0 file_size_b=0 purged_files=0
284+
285+ while read -r filename ; do
286+ file_size_b="$(size "${filename}" "b")"
287+ ((current_size_b+=file_size_b))
288+
289+ if [[ ${current_size_b} -le ${max_size_b} ]] ; then
290+ continue
291+ fi
292+ if [[ ${file_size_b} -eq 0 ]] ; then
293+ continue
294+ fi
295+
296+ rm -f "${filename}"
297+ ((purged_files+=1))
298+ done < <(find "${location}" -type f -print0 | xargs -0 ls -t)
299+
300+ echo ${purged_files}
301+ }
302+
303+ CURRENT_SIZE_MB="$(size "${CORPUS_DIR}" "m")"
304+ if [[ "${CURRENT_SIZE_MB}" -lt "${MAX_SIZE_MB}" ]] ; then
305+ echo "::notice:cache size remains under the accepted size of ${MAX_SIZE_MB} MB: ${CURRENT_SIZE_MB} MB"
306+
307+ exit 0
308+ fi
309+
310+ declare -i max_size_b=$(("${CORPUS_MAX_SIZE_MB}" * 1024 * 1024))
311+ purged_files=$(purge "${purged_dir}" "${max_size_b}");
312+ echo "::notice:cache size is ${CURRENT_SIZE_MB} MB: purging oldest files to keep it under ${CORPUS_MAX_SIZE_MB} MB"
313+ if [[ ${purged_files} -gt 0 ]] ; then
314+ echo "::notice:removed ${purged_files} files to keep the cache size below ${CORPUS_MAX_SIZE_MB} MB"
315+ fi
316+ FINAL_SIZE_MB="$(size "${CORPUS_DIR}" "m")"
317+ echo "::notice:purged cache size: ${FINAL_SIZE_MB} MB"
318+
319+ name : Run go fuzz tests
320+ # TODO(fredbi): ./... is not supported: we should run as a matrix test multiple fuzz tests
321+ run : >
322+ go test
323+ -fuzz=Fuzz
324+ -run=Fuzz
325+ -fuzztime='${{ env.FUZZ_TIME }}'
326+ -fuzzminimizetime='${{ env.FUZZ_MINIMIZE_TIME }}'
327+ ./...
328+
329+ name : Upload failed corpus
330+ if : ${{ failure() }}
331+ uses : actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
332+ # TODO(fredbi): ideally, after uploading, we should fire a pull request to add
333+ # this corpus to testdata.
334+ with :
335+ path : ${{ env.CORPUS_DIR }}
336+ name : ' ${{ runner.os }}-fuzz-corpus-failure'
337+ retention-days : 60
338+ -
339+ name : Report fuzz corpus cache size
340+ run : |
341+ FINAL_SIZE=$(du -m "${CORPUS_DIR}"|cut -f1)
342+ echo "::notice title=fuzz corpus size:${FINAL_SIZE}MB"
0 commit comments