fix[fuzz]: longer retention for outputs #2
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Report Fuzz Crash | ||
|
Check failure on line 1 in .github/workflows/report-fuzz-crash.yml
|
||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| fuzz_target: | ||
| required: true | ||
| type: string | ||
| crash_file: | ||
| required: true | ||
| type: string | ||
| artifact_url: | ||
| required: true | ||
| type: string | ||
| artifact_name: | ||
| required: true | ||
| type: string | ||
| logs_artifact_name: | ||
| required: true | ||
| type: string | ||
| branch: | ||
| required: true | ||
| type: string | ||
| commit: | ||
| required: true | ||
| type: string | ||
| outputs: | ||
| issue_number: | ||
| description: "The issue number that was created or commented on" | ||
| value: ${{ jobs.report.outputs.issue_number }} | ||
| secrets: | ||
| claude_code_oauth_token: | ||
| required: false | ||
| gh_token: | ||
| required: true | ||
| # incident.io alert source token from Alerts > Alert sources > Custom HTTP. | ||
| incident_io_alert_token: | ||
| required: false | ||
| jobs: | ||
| report: | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 10 | ||
| outputs: | ||
| issue_number: ${{ steps.report.outputs.issue_number }} | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v6 | ||
| - name: Download fuzzer logs | ||
| uses: actions/download-artifact@v6 | ||
| with: | ||
| name: ${{ inputs.logs_artifact_name }} | ||
| path: ./logs | ||
| - name: Download crash artifacts | ||
| uses: actions/download-artifact@v6 | ||
| with: | ||
| name: ${{ inputs.artifact_name }} | ||
| path: ./crash_artifacts | ||
| - name: Install Python dependencies | ||
| run: pip install -e .github/scripts | ||
| - name: Extract crash info | ||
| run: | | ||
| python3 -m fuzz_report extract \ | ||
| logs/fuzz_output.log \ | ||
| --crash-dir crash_artifacts \ | ||
| --crash-name "${{ inputs.crash_file }}" \ | ||
| -o crash_info.json | ||
| - name: Fetch existing fuzzer issues | ||
| env: | ||
| GH_TOKEN: ${{ secrets.gh_token }} | ||
| run: | | ||
| gh issue list \ | ||
| --repo "${{ github.repository }}" \ | ||
| --label fuzzer \ | ||
| --state open \ | ||
| --json number,title,body,url \ | ||
| --limit 100 > fuzzer_issues.json | ||
| - name: Check for duplicates | ||
| id: dedup | ||
| run: | | ||
| python3 -m fuzz_report check-duplicate \ | ||
| crash_info.json \ | ||
| fuzzer_issues.json \ | ||
| -o dedup_result.json | ||
| - name: Claude analysis (optional) | ||
| id: claude_analysis | ||
| if: | | ||
| steps.dedup.outputs.duplicate != 'true' || | ||
| steps.dedup.outputs.confidence != 'exact' | ||
| continue-on-error: true | ||
| uses: anthropics/claude-code-action@v1 | ||
| with: | ||
| claude_code_oauth_token: ${{ secrets.claude_code_oauth_token }} | ||
| github_token: ${{ secrets.gh_token }} | ||
| show_full_output: true | ||
| prompt: | | ||
| Read the file crash_info.json and the fuzzer log at logs/fuzz_output.log. | ||
| Provide a brief (2-4 sentence) root cause analysis of the crash. Focus on: | ||
| - What the crash is (the error type and location) | ||
| - Why it likely happens (the root cause) | ||
| - A suggested fix direction if obvious | ||
| Write ONLY the analysis text (no headers, no markdown formatting) to the file claude_analysis.txt. | ||
| claude_args: | | ||
| --model claude-opus-4-6 | ||
| --max-turns 5 | ||
| --allowedTools "Read,Write,Bash(cat:*),Bash(jq:*)" | ||
| - name: Create or comment on issue | ||
| id: report | ||
| env: | ||
| GH_TOKEN: ${{ secrets.gh_token }} | ||
| run: | | ||
| python3 -m fuzz_report report \ | ||
| crash_info.json \ | ||
| --repo "${{ github.repository }}" \ | ||
| --dedup-result dedup_result.json \ | ||
| --claude-analysis claude_analysis.txt \ | ||
| -v "FUZZ_TARGET=${{ inputs.fuzz_target }}" \ | ||
| -v "CRASH_FILE=${{ inputs.crash_file }}" \ | ||
| -v "BRANCH=${{ inputs.branch }}" \ | ||
| -v "COMMIT=${{ inputs.commit }}" \ | ||
| -v "ARTIFACT_URL=${{ inputs.artifact_url }}" | ||
| - name: Alert incident.io on validation failure | ||
| if: failure() && steps.report.outputs.validation_failed == 'true' && secrets.incident_io_alert_token != '' | ||
| uses: incident-io/github-action@v0 | ||
| with: | ||
| api-key: ${{ secrets.incident_io_alert_token }} | ||
| alert-source-id: 01KH4EYTH3HA4PDZPRAPEV1Q10 | ||
| alert-title: "Fuzzer crash report failed: missing required variables" | ||
| alert-description: | | ||
| The fuzz_report pipeline failed because required variables were missing: ${{ steps.report.outputs.missing_variables }}. | ||
| The fuzzer found a crash but could not file a GitHub issue. | ||
| deduplication-key: fuzz-report-validation-${{ inputs.fuzz_target }} | ||
| source-url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | ||
| custom-fields: | | ||
| { | ||
| "fuzz_target": "${{ inputs.fuzz_target }}", | ||
| "missing_variables": "${{ steps.report.outputs.missing_variables }}", | ||
| "branch": "${{ inputs.branch }}", | ||
| "commit": "${{ inputs.commit }}" | ||
| } | ||
