From 59519b434282ff681037203d419d053e82e05a55 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 28 Feb 2026 17:53:22 +0000 Subject: [PATCH 1/3] Initial plan From 7c3fd1f75bbe2f96623e577d698d5864d9ccad40 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 28 Feb 2026 18:01:27 +0000 Subject: [PATCH 2/3] ci: parallelize fuzz tests into 4 matrix groups Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/ci.yml | 73 +++++++++++++++++++++++++--------------- 1 file changed, 45 insertions(+), 28 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 869927c9244..3b45029b378 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1248,8 +1248,44 @@ jobs: permissions: contents: read concurrency: - group: ci-${{ github.ref }}-fuzz + group: ci-${{ github.ref }}-fuzz-${{ matrix.group }} cancel-in-progress: true + strategy: + fail-fast: false + matrix: + include: + - group: Parser + tests: >- + FuzzParseFrontmatter:./pkg/parser/ + FuzzScheduleParser:./pkg/parser/ + FuzzRuntimeImportExpressionValidation:./pkg/parser/ + FuzzRuntimeImportProcessExpressions:./pkg/parser/ + - group: Workflow-Core + tests: >- + FuzzExpressionParser:./pkg/workflow/ + FuzzMentionsFiltering:./pkg/workflow/ + FuzzSanitizeOutput:./pkg/workflow/ + FuzzSanitizeIncomingText:./pkg/workflow/ + FuzzSanitizeLabelContent:./pkg/workflow/ + FuzzWrapExpressionsInTemplateConditionals:./pkg/workflow/ + - group: Workflow-Parsing + tests: >- + FuzzYAMLParsing:./pkg/workflow/ + FuzzTemplateRendering:./pkg/workflow/ + FuzzInputValidation:./pkg/workflow/ + FuzzNetworkPermissions:./pkg/workflow/ + FuzzSafeJobConfig:./pkg/workflow/ + FuzzParseLabelTriggerShorthand:./pkg/workflow/ + - group: Workflow-Triggers + tests: >- + FuzzExpandLabelTriggerShorthand:./pkg/workflow/ + FuzzValidateNoTemplateInjection:./pkg/workflow/ + FuzzRemoveHeredocContent:./pkg/workflow/ + FuzzMarkdownCodeRegionBalancer:./pkg/workflow/ + FuzzParseTriggerShorthand:./pkg/workflow/ + FuzzTriggerIRToYAMLMap:./pkg/workflow/ + FuzzParseInputDefinition:./pkg/workflow/ + FuzzParseInputDefinitions:./pkg/workflow/ steps: - name: Checkout code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -1295,7 +1331,7 @@ jobs: - name: Verify dependencies run: go mod verify - - name: Run fuzz tests + - name: Run fuzz tests (${{ matrix.group }}) run: | set -o pipefail # Create directory for fuzz results @@ -1326,31 +1362,12 @@ jobs: fi } - # Run fuzz tests and capture output - run_fuzz_test "FuzzParseFrontmatter" "./pkg/parser/" - run_fuzz_test "FuzzScheduleParser" "./pkg/parser/" - run_fuzz_test "FuzzRuntimeImportExpressionValidation" "./pkg/parser/" - run_fuzz_test "FuzzRuntimeImportProcessExpressions" "./pkg/parser/" - run_fuzz_test "FuzzExpressionParser" "./pkg/workflow/" - run_fuzz_test "FuzzMentionsFiltering" "./pkg/workflow/" - run_fuzz_test "FuzzSanitizeOutput" "./pkg/workflow/" - run_fuzz_test "FuzzSanitizeIncomingText" "./pkg/workflow/" - run_fuzz_test "FuzzSanitizeLabelContent" "./pkg/workflow/" - run_fuzz_test "FuzzWrapExpressionsInTemplateConditionals" "./pkg/workflow/" - run_fuzz_test "FuzzYAMLParsing" "./pkg/workflow/" - run_fuzz_test "FuzzTemplateRendering" "./pkg/workflow/" - run_fuzz_test "FuzzInputValidation" "./pkg/workflow/" - run_fuzz_test "FuzzNetworkPermissions" "./pkg/workflow/" - run_fuzz_test "FuzzSafeJobConfig" "./pkg/workflow/" - run_fuzz_test "FuzzParseLabelTriggerShorthand" "./pkg/workflow/" - run_fuzz_test "FuzzExpandLabelTriggerShorthand" "./pkg/workflow/" - run_fuzz_test "FuzzValidateNoTemplateInjection" "./pkg/workflow/" - run_fuzz_test "FuzzRemoveHeredocContent" "./pkg/workflow/" - run_fuzz_test "FuzzMarkdownCodeRegionBalancer" "./pkg/workflow/" - run_fuzz_test "FuzzParseTriggerShorthand" "./pkg/workflow/" - run_fuzz_test "FuzzTriggerIRToYAMLMap" "./pkg/workflow/" - run_fuzz_test "FuzzParseInputDefinition" "./pkg/workflow/" - run_fuzz_test "FuzzParseInputDefinitions" "./pkg/workflow/" + # Run fuzz tests for this matrix group + for entry in ${{ matrix.tests }}; do + fuzz_name="${entry%%:*}" + package="${entry##*:}" + run_fuzz_test "${fuzz_name}" "${package}" + done # Copy fuzz corpus data (testdata/fuzz directories) echo "Copying fuzz corpus data..." @@ -1364,7 +1381,7 @@ jobs: - name: Upload fuzz test results uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: - name: fuzz-results + name: fuzz-results-${{ matrix.group }} path: fuzz-results/ retention-days: 14 From 93ecaef9d97b87bcf32f62a4f78e90e2f72e3bb7 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 28 Feb 2026 18:11:25 +0000 Subject: [PATCH 3/3] ci: add if: always() to fuzz artifact upload step Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/ci.yml | 1 + .github/workflows/dependabot-go-checker.lock.yml | 2 +- .github/workflows/poem-bot.lock.yml | 2 +- .github/workflows/semantic-function-refactor.lock.yml | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3b45029b378..0253d05f7f4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1379,6 +1379,7 @@ jobs: done - name: Upload fuzz test results + if: always() uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: fuzz-results-${{ matrix.group }} diff --git a/.github/workflows/dependabot-go-checker.lock.yml b/.github/workflows/dependabot-go-checker.lock.yml index 9e61fe83224..e9a2d64636a 100644 --- a/.github/workflows/dependabot-go-checker.lock.yml +++ b/.github/workflows/dependabot-go-checker.lock.yml @@ -403,7 +403,7 @@ jobs: "name": "create_issue" }, { - "description": "Close a GitHub issue with a closing comment. You can and should always add a comment when closing an issue to explain the action or provide context. This tool is ONLY for closing issues - use update_issue if you need to change the title, body, labels, or other metadata without closing. Use close_issue when work is complete, the issue is no longer relevant, or it's a duplicate. The closing comment should explain the resolution or reason for closing. If the issue is already closed, a comment will still be posted. CONSTRAINTS: Maximum 20 issue(s) can be closed. Target: *.", + "description": "Close a GitHub issue with a closing comment. You can and should always add a comment when closing an issue to explain the action or provide context. This tool is ONLY for closing issues - use update_issue if you need to change the title, body, labels, or other metadata without closing. Use close_issue when work is complete, the issue is no longer relevant, or it's a duplicate. The closing comment should explain the resolution or reason for closing. If the issue is already closed, a comment will still be posted. CONSTRAINTS: Maximum 20 issue(s) can be closed. Target: *. Only issues with title prefix \"[deps]\" can be closed.", "inputSchema": { "additionalProperties": false, "properties": { diff --git a/.github/workflows/poem-bot.lock.yml b/.github/workflows/poem-bot.lock.yml index 56b64ad1785..e21aa97e55b 100644 --- a/.github/workflows/poem-bot.lock.yml +++ b/.github/workflows/poem-bot.lock.yml @@ -820,7 +820,7 @@ jobs: "name": "noop" }, { - "description": "Link an issue as a sub-issue of a parent issue. Use this to establish parent-child relationships between issues for better organization and tracking of related work items. CONSTRAINTS: Maximum 3 sub-issue link(s) can be created.", + "description": "Link an issue as a sub-issue of a parent issue. Use this to establish parent-child relationships between issues for better organization and tracking of related work items. CONSTRAINTS: Maximum 3 sub-issue link(s) can be created. The parent issue title must start with \"[🎭 POEM-BOT]\". The sub-issue title must start with \"[🎭 POEM-BOT]\".", "inputSchema": { "additionalProperties": false, "properties": { diff --git a/.github/workflows/semantic-function-refactor.lock.yml b/.github/workflows/semantic-function-refactor.lock.yml index cfc3642c124..563f2b1fab1 100644 --- a/.github/workflows/semantic-function-refactor.lock.yml +++ b/.github/workflows/semantic-function-refactor.lock.yml @@ -419,7 +419,7 @@ jobs: "name": "create_issue" }, { - "description": "Close a GitHub issue with a closing comment. You can and should always add a comment when closing an issue to explain the action or provide context. This tool is ONLY for closing issues - use update_issue if you need to change the title, body, labels, or other metadata without closing. Use close_issue when work is complete, the issue is no longer relevant, or it's a duplicate. The closing comment should explain the resolution or reason for closing. If the issue is already closed, a comment will still be posted. CONSTRAINTS: Maximum 10 issue(s) can be closed. Target: *.", + "description": "Close a GitHub issue with a closing comment. You can and should always add a comment when closing an issue to explain the action or provide context. This tool is ONLY for closing issues - use update_issue if you need to change the title, body, labels, or other metadata without closing. Use close_issue when work is complete, the issue is no longer relevant, or it's a duplicate. The closing comment should explain the resolution or reason for closing. If the issue is already closed, a comment will still be posted. CONSTRAINTS: Maximum 10 issue(s) can be closed. Target: *. Only issues with title prefix \"[refactor] \" can be closed.", "inputSchema": { "additionalProperties": false, "properties": {