ci: Integrate ClusterFuzzLite to run fuzzing in CI

Signed-off-by: Nikhil V <nikhilgreyshines@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/702>
2026-06-11 12:56:21 +09:00 · 2025-12-31 12:17:45 +05:30
parent dec1c8d8d8
commit c099892257
2 changed files with 54 additions and 0 deletions
--- a/.clusterfuzzlite/Dockerfile
+++ b/.clusterfuzzlite/Dockerfile
@@ -0,0 +1,17 @@
+FROM gcr.io/oss-fuzz-base/base-builder
+
+RUN apt-get update && apt-get install -y \
+    cmake \
+    zlib1g-dev \
+    libssl-dev \
+    libcmocka0 \
+    libcmocka-dev \
+    zip
+
+RUN git clone --depth=1 https://github.com/google/oss-fuzz.git /tmp/oss-fuzz && \
+    cp /tmp/oss-fuzz/projects/libssh/build.sh $SRC/build.sh && \
+    cp /tmp/oss-fuzz/projects/libssh/project.yaml $SRC/project.yaml && \
+    rm -rf /tmp/oss-fuzz
+
+COPY . $SRC/libssh
+WORKDIR $SRC/libssh
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -801,3 +801,40 @@ macos-m1:
    when: on_failure
    paths:
      - obj/
+
+###############################################################################
+#                               ClusterFuzzLite                               #
+###############################################################################
+clusterfuzzlite:
+  image:
+    name: gcr.io/oss-fuzz-base/clusterfuzzlite-run-fuzzers:v1
+    entrypoint: [""]
+  services:
+    - name: docker:dind
+  stage: analysis
+  variables:
+    CFL_PLATFORM: gitlab
+    DOCKER_HOST: "tcp://docker:2375"
+    DOCKER_IN_DOCKER: "true"
+    CIFUZZ_OUTPUT_DIR: /out/artifacts
+  parallel:
+    matrix:
+      - SANITIZER: [address, undefined]
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      variables:
+        MODE: "code-change"
+  before_script:
+    - mkdir -p $CI_PROJECT_DIR/artifacts
+    - mkdir -p $CI_PROJECT_DIR/build-out
+  script:
+    - wget -qO .clusterfuzzlite/project.yaml https://raw.githubusercontent.com/google/oss-fuzz/master/projects/libssh/project.yaml
+    - python3 "/opt/oss-fuzz/infra/cifuzz/cifuzz_combined_entrypoint.py"
+    - export TARGET_ID=$(docker ps -q -f "label=com.gitlab.gitlab-runner.job.id=$CI_JOB_ID")
+    - if [ -n "$TARGET_ID" ]; then docker cp $TARGET_ID:/out/artifacts/. $CI_PROJECT_DIR/artifacts/; fi
+  artifacts:
+    when: always
+    paths:
+      - artifacts/
+  tags:
+    - saas-linux-small-amd64