fix[fuzz]: longer retention for outputs

joseph-isaacs · joseph-isaacs · commit fce4a6c1f3de · 2026-02-11T10:11:34.000Z
Signed-off-by: Joe Isaacs &lt;joe.isaacs@live.co.uk&gt;
diff --git a/.github/scripts/fuzz_report/cli.py b/.github/scripts/fuzz_report/cli.py
@@ -14,6 +14,9 @@
 
 TEMPLATES_DIR = Path(__file__).parent / "templates"
 
+# Variables that must be set (non-empty) before creating or commenting on an issue.
+REQUIRED_REPORT_VARIABLES = ["FUZZ_TARGET", "CRASH_FILE", "ARTIFACT_URL"]
+
 
 def parse_var_arg(var_str: str) -> tuple[str, str]:
     """Parse a -v KEY=VALUE argument into (key, value)."""
@@ -142,6 +145,16 @@ def cmd_check_duplicate(args: argparse.Namespace) -> int:
     return 0
 
 
+def _validate_required_variables(variables: dict[str, str]) -> list[str]:
+    """Return the names of any required variables that are missing or empty."""
+    missing = []
+    for name in REQUIRED_REPORT_VARIABLES:
+        val = variables.get(name, "")
+        if not val or val == "(not set)":
+            missing.append(name)
+    return missing
+
+
 def cmd_report(args: argparse.Namespace) -> int:
     """Create or comment on a GitHub issue based on crash + dedup results."""
     if not Path(args.crash_info).exists():
@@ -163,6 +176,18 @@ def cmd_report(args: argparse.Namespace) -> int:
     variables = _build_template_variables(crash_info, args.var, claude_analysis)
     existing_issue = dedup.get("issue_number") if dedup else None
 
+    # Validate required variables before creating/commenting (skip is fine without them)
+    if action != "skip":
+        missing = _validate_required_variables(variables)
+        if missing:
+            print(
+                f"Error: Required variables not set: {', '.join(missing)}",
+                file=sys.stderr,
+            )
+            _write_github_output("validation_failed", "true")
+            _write_github_output("missing_variables", ", ".join(missing))
+            return 1
+
     if action == "skip":
         print(f"Exact duplicate of #{existing_issue}, skipping.", file=sys.stderr)
         _write_github_output("issue_number", str(existing_issue))
@@ -279,6 +304,15 @@ def cmd_dry_run(args: argparse.Namespace) -> int:
     variables = _build_template_variables(crash_info, args.var, claude_analysis)
     existing_issue = dedup.get("issue_number") if dedup else None
 
+    # Validate required variables (same check as real report)
+    if action != "skip":
+        missing = _validate_required_variables(variables)
+        if missing:
+            print(
+                f"Warning: Required variables not set: {', '.join(missing)}",
+                file=sys.stderr,
+            )
+
     print(f"=== Action: {action.upper()} ===", file=sys.stderr)
 
     if action == "skip":
diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml
@@ -48,6 +48,7 @@ jobs:
     secrets:
       claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
       gh_token: ${{ secrets.GITHUB_TOKEN }}
+      incident_io_alert_token: ${{ secrets.INCIDENT_IO_ALERT_TOKEN }}
 
   attempt-fix-io:
     name: "Attempt Fix for IO Fuzz Crash"
@@ -98,6 +99,7 @@ jobs:
     secrets:
       claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
       gh_token: ${{ secrets.GITHUB_TOKEN }}
+      incident_io_alert_token: ${{ secrets.INCIDENT_IO_ALERT_TOKEN }}
 
   # ============================================================================
   # Compress Roundtrip Fuzzer
diff --git a/.github/workflows/report-fuzz-crash.yml b/.github/workflows/report-fuzz-crash.yml
@@ -33,6 +33,9 @@ on:
         required: false
       gh_token:
         required: true
+      # incident.io alert source token from Alerts > Alert sources > Custom HTTP.
+      incident_io_alert_token:
+        required: false
 
 jobs:
   report:
@@ -126,3 +129,23 @@ jobs:
             -v "BRANCH=${{ inputs.branch }}" \
             -v "COMMIT=${{ inputs.commit }}" \
             -v "ARTIFACT_URL=${{ inputs.artifact_url }}"
+
+      - name: Alert incident.io on validation failure
+        if: failure() && steps.report.outputs.validation_failed == 'true' && secrets.incident_io_alert_token != ''
+        uses: incident-io/github-action@v0
+        with:
+          api-key: ${{ secrets.incident_io_alert_token }}
+          alert-source-id: 01KH4EYTH3HA4PDZPRAPEV1Q10
+          alert-title: "Fuzzer crash report failed: missing required variables"
+          alert-description: |
+            The fuzz_report pipeline failed because required variables were missing: ${{ steps.report.outputs.missing_variables }}.
+            The fuzzer found a crash but could not file a GitHub issue.
+          deduplication-key: fuzz-report-validation-${{ inputs.fuzz_target }}
+          source-url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+          custom-fields: |
+            {
+              "fuzz_target": "${{ inputs.fuzz_target }}",
+              "missing_variables": "${{ steps.report.outputs.missing_variables }}",
+              "branch": "${{ inputs.branch }}",
+              "commit": "${{ inputs.commit }}"
+            }
diff --git a/.github/workflows/test-incident-io.yml b/.github/workflows/test-incident-io.yml
@@ -0,0 +1,37 @@
+name: Test incident.io Alert
+
+on:
+  push: {}
+  workflow_dispatch: {}
+
+jobs:
+  test-alert:
+    runs-on: ubuntu-latest
+    timeout-minutes: 2
+    steps:
+      - name: Fire test alert
+        id: fire
+        uses: incident-io/github-action@v0
+        with:
+          api-key: ${{ secrets.INCIDENT_IO_ALERT_TOKEN }}
+          alert-source-id: 01KH4EYTH3HA4PDZPRAPEV1Q10
+          alert-title: "Test alert: ignore this"
+          alert-description: |
+            Testing incident.io integration from Vortex CI.
+            Safe to dismiss.
+          deduplication-key: test-alert-${{ github.run_id }}
+          source-url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+
+      - name: Print result
+        run: |
+          echo "Alert ID: ${{ steps.fire.outputs.alert-id }}"
+          echo "Alert URL: ${{ steps.fire.outputs.alert-url }}"
+
+      - name: Resolve test alert
+        uses: incident-io/github-action@v0
+        with:
+          api-key: ${{ secrets.INCIDENT_IO_ALERT_TOKEN }}
+          alert-source-id: 01KH4EYTH3HA4PDZPRAPEV1Q10
+          alert-title: "Test alert: resolved"
+          alert-status: resolved
+          deduplication-key: test-alert-${{ github.run_id }}
