-
Notifications
You must be signed in to change notification settings - Fork 37
59 lines (51 loc) · 1.91 KB
/
Copy pathfuzz.yml
File metadata and controls
59 lines (51 loc) · 1.91 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
name: Fuzz
# Continuous fuzzing of the source chunker — the most exposed parser in CodeRAG
# (it ingests arbitrary file bytes from any watched repo and must never crash).
# The harness in fuzz/ is an Atheris target; here it runs for a bounded burst on
# PRs that touch the chunker, and a longer burst on a weekly schedule. The same
# harness is OSS-Fuzz / ClusterFuzzLite-compatible via .clusterfuzzlite/.
on:
pull_request:
branches: [master]
paths:
- "coderag/chunking/**"
- "coderag/_lines.py"
- "coderag/types.py"
- "fuzz/**"
- ".github/workflows/fuzz.yml"
schedule:
- cron: "15 4 * * 1"
workflow_dispatch:
# Least privilege: the job only needs to read the repo.
permissions:
contents: read
concurrency:
group: fuzz-${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
atheris:
name: Atheris (chunker)
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
with:
# Atheris ships manylinux wheels for 3.11, so no clang build needed.
python-version: "3.11"
- name: Set up uv (fast installs + cache)
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
with:
enable-cache: true
- name: Install CodeRAG + Atheris
run: uv pip install --system -e . atheris
# Bounded run: a short, deterministic burst on PRs; a longer time-boxed run
# on the weekly schedule. A crash or a broken invariant fails the job.
- name: Fuzz the chunker
run: |
if [ "${{ github.event_name }}" = "schedule" ]; then
python fuzz/fuzz_chunk_file.py -max_total_time=600
else
python fuzz/fuzz_chunk_file.py -atheris_runs=50000
fi