debian-mirror-gitlab/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.gitlab-ci.yml

38 lines
1.5 KiB
YAML
Raw Normal View History

2020-07-28 23:09:34 +05:30
# Read more about this feature https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing
variables:
# Which branch we want to run full fledged long running fuzzing jobs.
# All others will run fuzzing regression
2020-10-24 23:57:45 +05:30
COVFUZZ_BRANCH: "$CI_DEFAULT_BRANCH"
# This is using semantic version and will always download latest v2 gitlab-cov-fuzz release
COVFUZZ_VERSION: v2
2020-07-28 23:09:34 +05:30
# This is for users who have an offline environment and will have to replicate gitlab-cov-fuzz release binaries
# to their own servers
2020-10-24 23:57:45 +05:30
COVFUZZ_URL_PREFIX: "https://gitlab.com/gitlab-org/security-products/analyzers/gitlab-cov-fuzz/-/raw"
2020-07-28 23:09:34 +05:30
.fuzz_base:
stage: fuzz
allow_failure: true
before_script:
2020-10-24 23:57:45 +05:30
- export COVFUZZ_JOB_TOKEN=$CI_JOB_TOKEN
- export COVFUZZ_PRIVATE_TOKEN=$CI_PRIVATE_TOKEN
- export COVFUZZ_PROJECT_ID=$CI_PROJECT_ID
2020-07-28 23:09:34 +05:30
- if [ -x "$(command -v apt-get)" ] ; then apt-get update && apt-get install -y wget; fi
2020-10-24 23:57:45 +05:30
- wget -O gitlab-cov-fuzz "${COVFUZZ_URL_PREFIX}"/"${COVFUZZ_VERSION}"/binaries/gitlab-cov-fuzz_Linux_x86_64
2020-07-28 23:09:34 +05:30
- chmod a+x gitlab-cov-fuzz
- export REGRESSION=true
2020-10-24 23:57:45 +05:30
- if [[ $CI_COMMIT_BRANCH = $COVFUZZ_BRANCH ]]; then REGRESSION=false; fi;
2020-07-28 23:09:34 +05:30
artifacts:
paths:
- corpus
- crashes
- gl-coverage-fuzzing-report.json
reports:
coverage_fuzzing: gl-coverage-fuzzing-report.json
when: always
rules:
2020-10-24 23:57:45 +05:30
- if: $COVFUZZ_DISABLED
2020-07-28 23:09:34 +05:30
when: never
2020-11-24 15:15:51 +05:30
- if: $CI_COMMIT_BRANCH && $GITLAB_FEATURES =~ /\bcoverage_fuzzing\b/