diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 869927c9244..0253d05f7f4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1248,8 +1248,44 @@ jobs: permissions: contents: read concurrency: - group: ci-${{ github.ref }}-fuzz + group: ci-${{ github.ref }}-fuzz-${{ matrix.group }} cancel-in-progress: true + strategy: + fail-fast: false + matrix: + include: + - group: Parser + tests: >- + FuzzParseFrontmatter:./pkg/parser/ + FuzzScheduleParser:./pkg/parser/ + FuzzRuntimeImportExpressionValidation:./pkg/parser/ + FuzzRuntimeImportProcessExpressions:./pkg/parser/ + - group: Workflow-Core + tests: >- + FuzzExpressionParser:./pkg/workflow/ + FuzzMentionsFiltering:./pkg/workflow/ + FuzzSanitizeOutput:./pkg/workflow/ + FuzzSanitizeIncomingText:./pkg/workflow/ + FuzzSanitizeLabelContent:./pkg/workflow/ + FuzzWrapExpressionsInTemplateConditionals:./pkg/workflow/ + - group: Workflow-Parsing + tests: >- + FuzzYAMLParsing:./pkg/workflow/ + FuzzTemplateRendering:./pkg/workflow/ + FuzzInputValidation:./pkg/workflow/ + FuzzNetworkPermissions:./pkg/workflow/ + FuzzSafeJobConfig:./pkg/workflow/ + FuzzParseLabelTriggerShorthand:./pkg/workflow/ + - group: Workflow-Triggers + tests: >- + FuzzExpandLabelTriggerShorthand:./pkg/workflow/ + FuzzValidateNoTemplateInjection:./pkg/workflow/ + FuzzRemoveHeredocContent:./pkg/workflow/ + FuzzMarkdownCodeRegionBalancer:./pkg/workflow/ + FuzzParseTriggerShorthand:./pkg/workflow/ + FuzzTriggerIRToYAMLMap:./pkg/workflow/ + FuzzParseInputDefinition:./pkg/workflow/ + FuzzParseInputDefinitions:./pkg/workflow/ steps: - name: Checkout code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -1295,7 +1331,7 @@ jobs: - name: Verify dependencies run: go mod verify - - name: Run fuzz tests + - name: Run fuzz tests (${{ matrix.group }}) run: | set -o pipefail # Create directory for fuzz results @@ -1326,31 +1362,12 @@ jobs: fi } - # Run fuzz tests and capture output - run_fuzz_test "FuzzParseFrontmatter" "./pkg/parser/" - run_fuzz_test "FuzzScheduleParser" "./pkg/parser/" - run_fuzz_test "FuzzRuntimeImportExpressionValidation" "./pkg/parser/" - run_fuzz_test "FuzzRuntimeImportProcessExpressions" "./pkg/parser/" - run_fuzz_test "FuzzExpressionParser" "./pkg/workflow/" - run_fuzz_test "FuzzMentionsFiltering" "./pkg/workflow/" - run_fuzz_test "FuzzSanitizeOutput" "./pkg/workflow/" - run_fuzz_test "FuzzSanitizeIncomingText" "./pkg/workflow/" - run_fuzz_test "FuzzSanitizeLabelContent" "./pkg/workflow/" - run_fuzz_test "FuzzWrapExpressionsInTemplateConditionals" "./pkg/workflow/" - run_fuzz_test "FuzzYAMLParsing" "./pkg/workflow/" - run_fuzz_test "FuzzTemplateRendering" "./pkg/workflow/" - run_fuzz_test "FuzzInputValidation" "./pkg/workflow/" - run_fuzz_test "FuzzNetworkPermissions" "./pkg/workflow/" - run_fuzz_test "FuzzSafeJobConfig" "./pkg/workflow/" - run_fuzz_test "FuzzParseLabelTriggerShorthand" "./pkg/workflow/" - run_fuzz_test "FuzzExpandLabelTriggerShorthand" "./pkg/workflow/" - run_fuzz_test "FuzzValidateNoTemplateInjection" "./pkg/workflow/" - run_fuzz_test "FuzzRemoveHeredocContent" "./pkg/workflow/" - run_fuzz_test "FuzzMarkdownCodeRegionBalancer" "./pkg/workflow/" - run_fuzz_test "FuzzParseTriggerShorthand" "./pkg/workflow/" - run_fuzz_test "FuzzTriggerIRToYAMLMap" "./pkg/workflow/" - run_fuzz_test "FuzzParseInputDefinition" "./pkg/workflow/" - run_fuzz_test "FuzzParseInputDefinitions" "./pkg/workflow/" + # Run fuzz tests for this matrix group + for entry in ${{ matrix.tests }}; do + fuzz_name="${entry%%:*}" + package="${entry##*:}" + run_fuzz_test "${fuzz_name}" "${package}" + done # Copy fuzz corpus data (testdata/fuzz directories) echo "Copying fuzz corpus data..." @@ -1362,9 +1379,10 @@ jobs: done - name: Upload fuzz test results + if: always() uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: - name: fuzz-results + name: fuzz-results-${{ matrix.group }} path: fuzz-results/ retention-days: 14 diff --git a/.github/workflows/dependabot-go-checker.lock.yml b/.github/workflows/dependabot-go-checker.lock.yml index 9e61fe83224..e9a2d64636a 100644 --- a/.github/workflows/dependabot-go-checker.lock.yml +++ b/.github/workflows/dependabot-go-checker.lock.yml @@ -403,7 +403,7 @@ jobs: "name": "create_issue" }, { - "description": "Close a GitHub issue with a closing comment. You can and should always add a comment when closing an issue to explain the action or provide context. This tool is ONLY for closing issues - use update_issue if you need to change the title, body, labels, or other metadata without closing. Use close_issue when work is complete, the issue is no longer relevant, or it's a duplicate. The closing comment should explain the resolution or reason for closing. If the issue is already closed, a comment will still be posted. CONSTRAINTS: Maximum 20 issue(s) can be closed. Target: *.", + "description": "Close a GitHub issue with a closing comment. You can and should always add a comment when closing an issue to explain the action or provide context. This tool is ONLY for closing issues - use update_issue if you need to change the title, body, labels, or other metadata without closing. Use close_issue when work is complete, the issue is no longer relevant, or it's a duplicate. The closing comment should explain the resolution or reason for closing. If the issue is already closed, a comment will still be posted. CONSTRAINTS: Maximum 20 issue(s) can be closed. Target: *. Only issues with title prefix \"[deps]\" can be closed.", "inputSchema": { "additionalProperties": false, "properties": { diff --git a/.github/workflows/poem-bot.lock.yml b/.github/workflows/poem-bot.lock.yml index 56b64ad1785..e21aa97e55b 100644 --- a/.github/workflows/poem-bot.lock.yml +++ b/.github/workflows/poem-bot.lock.yml @@ -820,7 +820,7 @@ jobs: "name": "noop" }, { - "description": "Link an issue as a sub-issue of a parent issue. Use this to establish parent-child relationships between issues for better organization and tracking of related work items. CONSTRAINTS: Maximum 3 sub-issue link(s) can be created.", + "description": "Link an issue as a sub-issue of a parent issue. Use this to establish parent-child relationships between issues for better organization and tracking of related work items. CONSTRAINTS: Maximum 3 sub-issue link(s) can be created. The parent issue title must start with \"[🎭 POEM-BOT]\". The sub-issue title must start with \"[🎭 POEM-BOT]\".", "inputSchema": { "additionalProperties": false, "properties": { diff --git a/.github/workflows/semantic-function-refactor.lock.yml b/.github/workflows/semantic-function-refactor.lock.yml index cfc3642c124..563f2b1fab1 100644 --- a/.github/workflows/semantic-function-refactor.lock.yml +++ b/.github/workflows/semantic-function-refactor.lock.yml @@ -419,7 +419,7 @@ jobs: "name": "create_issue" }, { - "description": "Close a GitHub issue with a closing comment. You can and should always add a comment when closing an issue to explain the action or provide context. This tool is ONLY for closing issues - use update_issue if you need to change the title, body, labels, or other metadata without closing. Use close_issue when work is complete, the issue is no longer relevant, or it's a duplicate. The closing comment should explain the resolution or reason for closing. If the issue is already closed, a comment will still be posted. CONSTRAINTS: Maximum 10 issue(s) can be closed. Target: *.", + "description": "Close a GitHub issue with a closing comment. You can and should always add a comment when closing an issue to explain the action or provide context. This tool is ONLY for closing issues - use update_issue if you need to change the title, body, labels, or other metadata without closing. Use close_issue when work is complete, the issue is no longer relevant, or it's a duplicate. The closing comment should explain the resolution or reason for closing. If the issue is already closed, a comment will still be posted. CONSTRAINTS: Maximum 10 issue(s) can be closed. Target: *. Only issues with title prefix \"[refactor] \" can be closed.", "inputSchema": { "additionalProperties": false, "properties": {