# Copyright (C) 2025 Sebastian Pipping <sebastian@pipping.org>
# Licensed under the MIT license

name: Run fuzzing regression tests

on:
  pull_request:
  push:
  schedule:
    - cron: '0 2 * * 5'  # Every Friday at 2am
  workflow_dispatch:

permissions:
  contents: read

jobs:
  run_fuzzers:
    name: ${{ matrix.fuzzer_name }}
    strategy:
      fail-fast: false
      matrix:
        fuzzer_name:
          - uri_dissect_query_malloc_fuzzer
          - uri_dissect_query_mallocw_fuzzer
          - uri_free_fuzzer
          - uri_freew_fuzzer
          - uri_parse_fuzzer
          - uri_parsew_fuzzer
    runs-on: ubuntu-24.04
    env:
      fuzzer_name: ${{ matrix.fuzzer_name }}
    steps:
    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2

    - name: Install Clang 21
      run: |-
        set -x
        source /etc/os-release
        wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
        sudo add-apt-repository "deb https://apt.llvm.org/${UBUNTU_CODENAME}/ llvm-toolchain-${UBUNTU_CODENAME}-21 main"
        sudo apt-get update  # due to new repository
        sudo apt-get install --yes --no-install-recommends -V \
            clang-21 \
            libclang-rt-21-dev \
            llvm-21
        echo /usr/lib/llvm-21/bin >>"${GITHUB_PATH}"

    - name: Build uriparser fuzzers
      run: |
        args=(
            # Build nothing but fuzzers
            -DURIPARSER_BUILD_DOCS=OFF
            -DURIPARSER_BUILD_FUZZERS=ON
            -DURIPARSER_BUILD_TOOLS=OFF
            -DURIPARSER_ENABLE_INSTALL=OFF
            -DURIPARSER_OSSFUZZ_BUILD=OFF

            # Tune compilation of fuzzers to use Clang with ASan and UBSan
            -DCMAKE_C_COMPILER=clang-21
            -DCMAKE_CXX_COMPILER=clang++-21
            -DCMAKE_{C,CXX}_FLAGS='-Wall -Wextra -pedantic -O1 -g -fsanitize=address,undefined -fno-sanitize-recover=all -fno-omit-frame-pointer -fno-common'
            -DCMAKE_{EXE,MODULE,SHARED}_LINKER_FLAGS='-g -fsanitize=address,undefined'
            -DURIPARSER_WARNINGS_AS_ERRORS=ON
        )
        set -x -o pipefail
        cmake "${args[@]}" -S . -B build
        make -C build VERBOSE=1 -j$(nproc)

    - name: Download and extract uriparser fuzzing corpora
      run: |-
        set -x -o pipefail
        cd build/
        wget -q "https://storage.googleapis.com/uriparser-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/uriparser_${fuzzer_name}/public.zip"
        unzip -q -d "corpus_${fuzzer_name}" public.zip
        rm public.zip

    - name: Run fuzzing regression tests
      run: |
        fuzz_args=(
            -jobs=$(nproc)
            -print_final_stats=1
            -rss_limit_mb=2560  # from OSS-Fuzz
            -timeout=25         # from OSS-Fuzz
        )

        set -x -o pipefail
        cd "build/corpus_${fuzzer_name}/"

        # Configure UBSan to show (non-default) stack traces for runtime errors
        # NOTE: "halt_on_error=1" we don't need to add because of the
        #       -fno-sanitize-recover=all for CFLAGS further up.
        # NOTE: "abort_on_error=1" we don't need here because to CI,
        #       a non-zero exit code is all that matters.
        export UBSAN_OPTIONS='print_stacktrace=1'

        find . -type f | sort | xargs -n 1000 "../fuzz/${fuzzer_name}" "${fuzz_args[@]}"
        find . -type f | wc -l

    - name: Store fuzzing logs of last batch
      if: always()
      uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a  # v7.0.1
      with:
        name: uriparser_fuzzing_logs_last_${{ github.sha }}_${{ matrix.fuzzer_name }}
        path: build/*/fuzz-*.log
        if-no-files-found: error