Merge pull request #8269 from roidelapluie/fuzz

Remove fuzzit, add oss-fuzz on PR

.circleci/config.yml

@@ -13,10 +13,6 @@ executors:
     docker:
     - image: circleci/golang:1.15-node
 
-  fuzzit:
-    docker:
-      - image: fuzzitdev/golang:1.12.7-buster
-
 jobs:
   test:
     executor: golang
@@ -95,22 +91,6 @@ jobs:
         command: git diff --exit-code
         working_directory: ~/project/documentation/prometheus-mixin
 
-  fuzzit_regression:
-    executor: fuzzit
-    working_directory: /go/src/github.com/prometheus/prometheus
-    steps:
-      - checkout
-      - setup_remote_docker
-      - run: ./fuzzit.sh local-regression
-
-  fuzzit_fuzzing:
-    executor: fuzzit
-    working_directory: /go/src/github.com/prometheus/prometheus
-    steps:
-      - checkout
-      - setup_remote_docker
-      - run: ./fuzzit.sh fuzzing
-
   repo_sync:
     executor: golang
     steps:
@@ -133,10 +113,6 @@ workflows:
         filters:
           tags:
             only: /.*/
-    - fuzzit_regression:
-        filters:
-          tags:
-            only: /.*/
     - prometheus/build:
         name: build
         filters:
@@ -173,5 +149,3 @@ workflows:
     jobs:
     - repo_sync:
         context: org-context
-    - fuzzit_fuzzing:
-        context: org-context

.github/workflows/fuzzing.yml

@@ -0,0 +1,29 @@
+name: CIFuzz
+on:
+  pull_request:
+    paths:
+      - 'go.sum'
+      - 'go.mod'
+      - '**.go'
+jobs:
+ Fuzzing:
+   runs-on: ubuntu-latest
+   steps:
+   - name: Build Fuzzers
+     id: build
+     uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+     with:
+       oss-fuzz-project-name: 'prometheus'
+       dry-run: false
+   - name: Run Fuzzers
+     uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+     with:
+       oss-fuzz-project-name: 'prometheus'
+       fuzz-seconds: 600
+       dry-run: false
+   - name: Upload Crash
+     uses: actions/upload-artifact@v1
+     if: failure() && steps.build.outcome == 'success'
+     with:
+       name: artifacts
+       path: ./out/artifacts

README.md

@@ -5,7 +5,6 @@
 [![Docker Pulls](https://img.shields.io/docker/pulls/prom/prometheus.svg?maxAge=604800)][hub]
 [![Go Report Card](https://goreportcard.com/badge/github.com/prometheus/prometheus)](https://goreportcard.com/report/github.com/prometheus/prometheus)
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/486/badge)](https://bestpractices.coreinfrastructure.org/projects/486)
-[![fuzzit](https://app.fuzzit.dev/badge?org_id=prometheus&branch=master)](https://fuzzit.dev)
 [![Gitpod ready-to-code](https://img.shields.io/badge/Gitpod-ready--to--code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/prometheus/prometheus)
 
 Visit [prometheus.io](https://prometheus.io) for the full documentation,

fuzzit.sh

@@ -1,30 +0,0 @@
-#!/bin/bash
-set -xe
-
-# Go-fuzz doesn't support modules yet, so ensure we do everything in the old style GOPATH way
-export GO111MODULE="off"
-
-# Install go-fuzz
-go get -u github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-build
-
-# Target names on fuzzit.dev
-TARGETS=("promql-parse-metric" "promql-parse-open-metric" "promql-parse-metric-selector" "promql-parse-expr")
-
-# Prometheus fuzz functions
-FUZZ_FUNCTIONS=("FuzzParseMetric" "FuzzParseOpenMetric" "FuzzParseMetricSelector" "FuzzParseExpr")
-
-# Compiling prometheus fuzz targets in fuzz.go with go-fuzz (https://github.com/dvyukov/go-fuzz) and libFuzzer support
-for ((i=0;i<${#TARGETS[@]};++i));
-do
-    go-fuzz-build -libfuzzer -func ${FUZZ_FUNCTIONS[i]} -o ${TARGETS[i]}.a ./promql
-    clang-9 -fsanitize=fuzzer ${TARGETS[i]}.a -o ${TARGETS[i]}
-done
-
-# Install fuzzit CLI
-wget -q -O fuzzit https://github.com/fuzzitdev/fuzzit/releases/download/v2.4.45/fuzzit_Linux_x86_64
-chmod a+x fuzzit
-
-for TARGET in "${TARGETS[@]}"
-do
-    ./fuzzit create job --type $1 prometheus/${TARGET} ${TARGET}
-done