Skip to content

Commit 3958c5d

Browse files
sethmlarsonwebknjaz
andcommitted
Move to matrix with excludes approach
Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <578543+webknjaz@users.noreply.github.com>
1 parent 2a9672f commit 3958c5d

4 files changed

Lines changed: 55 additions & 25 deletions

File tree

.github/workflows/build.yml

Lines changed: 38 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -642,17 +642,46 @@ jobs:
642642
"$BUILD_DIR/cross-python/bin/python3" -m test test_sysconfig test_site test_embed
643643
644644
cifuzz:
645+
name: CIFuzz
645646
needs: build-context
646-
if: needs.build-context.outputs.run-ci-fuzz == 'true'
647-
uses: ./.github/workflows/reusable-cifuzz.yml
648-
with:
649-
oss-fuzz-project-name: cpython3
650-
cifuzz-stdlib:
651-
needs: build-context
652-
if: needs.build-context.outputs.run-ci-fuzz-stdlib == 'true'
647+
if: >-
648+
contains(
649+
[
650+
needs.build-context.outputs.run-ci-fuzz,
651+
needs.build-context.outputs.run-ci-fuzz-stdlib
652+
],
653+
'true'
654+
)
655+
permissions:
656+
security-events: write
657+
strategy:
658+
fail-fast: false
659+
matrix:
660+
sanitizer:
661+
- address
662+
- undefined
663+
- memory
664+
oss-fuzz-project-name:
665+
- cpython3
666+
- python3-libraries
667+
exclude:
668+
- oss-fuzz-project-name: >-
669+
${{
670+
needs.build-context.outputs.run-ci-fuzz == 'true'
671+
&& ''
672+
|| 'cpython3'
673+
}}
674+
- oss-fuzz-project-name: >-
675+
${{
676+
needs.build-context.outputs.run-ci-fuzz-stdlib == 'true'
677+
&& ''
678+
|| 'python3-libraries'
679+
}}
653680
uses: ./.github/workflows/reusable-cifuzz.yml
654681
with:
655-
oss-fuzz-project-name: python3-libraries
682+
oss-fuzz-project-name: ${{ matrix.oss-fuzz-project-name }}
683+
sanitizer: ${{ matrix.sanitizer }}
684+
timeout-minutes: 60
656685

657686
all-required-green: # This job does nothing and is only used for the branch protection
658687
name: All required checks pass
@@ -677,7 +706,6 @@ jobs:
677706
- build-san
678707
- cross-build-linux
679708
- cifuzz
680-
- cifuzz-stdlib
681709
if: always()
682710

683711
steps:
@@ -709,7 +737,7 @@ jobs:
709737
}}
710738
${{ !fromJSON(needs.build-context.outputs.run-windows-tests) && 'build-windows,' || '' }}
711739
${{ !fromJSON(needs.build-context.outputs.run-ci-fuzz) && 'cifuzz,' || '' }}
712-
${{ !fromJSON(needs.build-context.outputs.run-ci-fuzz-stdlib) && 'cifuzz-stdlib,' || '' }}
740+
${{ !fromJSON(needs.build-context.outputs.run-ci-fuzz-stdlib) && 'cifuzz,' || '' }}
713741
${{ !fromJSON(needs.build-context.outputs.run-macos) && 'build-macos,' || '' }}
714742
${{
715743
!fromJSON(needs.build-context.outputs.run-ubuntu)

.github/workflows/reusable-cifuzz.yml

Lines changed: 15 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -8,39 +8,40 @@ on:
88
description: OSS-Fuzz project name
99
required: true
1010
type: string
11-
12-
permissions:
13-
contents: read
14-
security-events: write
11+
sanitizer:
12+
description: OSS-Fuzz sanitizer
13+
required: true
14+
type: string
15+
timeout-minutes:
16+
description: Timeout in minutes for the action
17+
required: false
18+
default: 60
19+
type: number
1520

1621
jobs:
1722
cifuzz:
1823
name: CIFuzz
1924
runs-on: ubuntu-latest
20-
timeout-minutes: 60
21-
strategy:
22-
fail-fast: false
23-
matrix:
24-
sanitizer: [address, undefined, memory]
25+
timeout-minutes: ${{ inputs.timeout-minutes }}
2526
steps:
26-
- name: Build fuzzers (${{ matrix.sanitizer }})
27+
- name: Build fuzzers (${{ inputs.sanitizer }})
2728
id: build
2829
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
2930
with:
3031
oss-fuzz-project-name: ${{ inputs.oss-fuzz-project-name }}
31-
sanitizer: ${{ matrix.sanitizer }}
32-
- name: Run fuzzers (${{ matrix.sanitizer }})
32+
sanitizer: ${{ inputs.sanitizer }}
33+
- name: Run fuzzers (${{ inputs.sanitizer }})
3334
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
3435
with:
3536
fuzz-seconds: 600
3637
oss-fuzz-project-name: ${{ inputs.oss-fuzz-project-name }}
3738
output-sarif: true
38-
sanitizer: ${{ matrix.sanitizer }}
39+
sanitizer: ${{ inputs.sanitizer }}
3940
- name: Upload crash
4041
if: failure() && steps.build.outcome == 'success'
4142
uses: actions/upload-artifact@v6
4243
with:
43-
name: ${{ matrix.sanitizer }}-artifacts
44+
name: ${{ inputs.sanitizer }}-artifacts
4445
path: ./out/artifacts
4546
- name: Upload SARIF
4647
if: always() && steps.build.outcome == 'success'

.github/workflows/reusable-context.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ on: # yamllint disable-line rule:truthy
2525
value: ${{ jobs.compute-changes.outputs.run-ci-fuzz }} # bool
2626
run-ci-fuzz-stdlib:
2727
description: Whether to run the CIFuzz job for 'python3-libraries' fuzzer
28-
value: ${{ jobs.compute-changes.outputs.run-ci-fuzz }} # bool
28+
value: ${{ jobs.compute-changes.outputs.run-ci-fuzz-stdlib }} # bool
2929
run-docs:
3030
description: Whether to build the docs
3131
value: ${{ jobs.compute-changes.outputs.run-docs }} # bool

Tools/build/compute-changes.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -94,6 +94,7 @@
9494
Path("Lib/xml/"),
9595
Path("Lib/_markupbase.py"),
9696
Path("Modules/expat/"),
97+
Path("Modules/pyexpat.c"),
9798
# zipfile
9899
Path("Lib/zipfile/"),
99100
})

0 commit comments

Comments
 (0)