# CIFuzz job based on https://google.github.io/oss-fuzz/getting-started/continuous-integration/
name: Reusable CIFuzz

on:
  workflow_call:
    inputs:
      oss-fuzz-project-name:
        description: OSS-Fuzz project name
        required: true
        type: string
      sanitizer:
        description: OSS-Fuzz sanitizer
        required: true
        type: string

permissions:
  contents: read

jobs:
  cifuzz:
    name: ${{ inputs.oss-fuzz-project-name }} (${{ inputs.sanitizer }})
    runs-on: ubuntu-latest
    timeout-minutes: 60
    steps:
      - name: Build fuzzers (${{ inputs.sanitizer }})
        id: build
        uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@ed23f8af80ff82b25ca67cd9b101e690b8897b3f # master
        with:
          oss-fuzz-project-name: ${{ inputs.oss-fuzz-project-name }}
          sanitizer: ${{ inputs.sanitizer }}
      - name: Run fuzzers (${{ inputs.sanitizer }})
        uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@ed23f8af80ff82b25ca67cd9b101e690b8897b3f # master
        with:
          fuzz-seconds: 600
          oss-fuzz-project-name: ${{ inputs.oss-fuzz-project-name }}
          output-sarif: true
          sanitizer: ${{ inputs.sanitizer }}
      - name: Upload crash
        if: failure() && steps.build.outcome == 'success'
        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: ${{ inputs.sanitizer }}-artifacts
          path: ./out/artifacts
      - name: Upload SARIF
        if: always() && steps.build.outcome == 'success'
        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
        with:
          sarif_file: cifuzz-sarif/results.sarif
          checkout_path: cifuzz-sarif