From bb24137b0bebb94975e1f7c13fdda958f3f88de6 Mon Sep 17 00:00:00 2001
From: Paulo Gomes <paulo.gomes@weave.works>
Date: Thu, 13 Jan 2022 15:52:34 +0000
Subject: [PATCH 1/2] Fix fuzz issue at oss-fuzz More information:
 https://github.com/google/oss-fuzz/runs/4804502678?check_suite_focus=true

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
---
 tests/fuzz/events_fuzzer.go | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/tests/fuzz/events_fuzzer.go b/tests/fuzz/events_fuzzer.go
index 4ee293e9..8336c688 100644
--- a/tests/fuzz/events_fuzzer.go
+++ b/tests/fuzz/events_fuzzer.go
@@ -37,10 +37,10 @@ import (
 )
 
 var (
-	doOnce sync.Once
-	env    *testenv.Environment
-	ts     *httptest.Server
-	ctx    = ctrl.SetupSignalHandler()
+	doOnce  sync.Once
+	fuzzEnv *testenv.Environment
+	fuzzTs  *httptest.Server
+	fuzzCtx = ctrl.SetupSignalHandler()
 )
 
 const defaultBinVersion = "1.23"
@@ -82,7 +82,7 @@ func FuzzEventf(data []byte) int {
 		}
 	})
 
-	ts = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	fuzzTs = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		b, err := io.ReadAll(r.Body)
 		if err != nil {
 			return
@@ -94,24 +94,24 @@ func FuzzEventf(data []byte) int {
 			return
 		}
 	}))
-	defer ts.Close()
+	defer fuzzTs.Close()
 
 	scheme := runtime.NewScheme()
 	utilruntime.Must(corev1.AddToScheme(scheme))
 
-	env = testenv.New(
+	fuzzEnv = testenv.New(
 		testenv.WithScheme(scheme),
 	)
 
 	go func() {
 		fmt.Println("Starting the test environment")
-		if err := env.Start(ctx); err != nil {
+		if err := fuzzEnv.Start(fuzzCtx); err != nil {
 			panic(fmt.Sprintf("Failed to start the test environment manager: %v", err))
 		}
 	}()
-	<-env.Manager.Elected()
+	<-fuzzEnv.Manager.Elected()
 
-	eventRecorder, err := NewRecorder(env, ctrl.Log, ts.URL, "test-controller")
+	eventRecorder, err := NewRecorder(fuzzEnv, ctrl.Log, fuzzTs.URL, "test-controller")
 	if err != nil {
 		return 0
 	}
@@ -136,7 +136,7 @@ func FuzzEventf(data []byte) int {
 	}
 	eventRecorder.Eventf(&obj, eventtype, reason, obj.Name)
 
-	if err = env.Stop(); err != nil {
+	if err = fuzzEnv.Stop(); err != nil {
 		return 0
 	}
 

From 5f948ef3313f431595600805f05dc0c5ae47cad0 Mon Sep 17 00:00:00 2001
From: Paulo Gomes <paulo.gomes@weave.works>
Date: Thu, 13 Jan 2022 15:53:33 +0000
Subject: [PATCH 2/2] Replace cifuzz with custom smoke test The official git
 actions goes through all fluxcd repos, which in time will be extremely long
 and painful to run on each PR. This smoke test will ensure the fuzzer
 correctness until a new action is in place to run the process as advised by
 oss-fuzz.

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
---
 .github/workflows/cifuzz.yaml | 27 ++++++++++-----------------
 Makefile                      |  9 ++++-----
 tests/fuzz/oss_fuzz_run.sh    |  2 +-
 3 files changed, 15 insertions(+), 23 deletions(-)

diff --git a/.github/workflows/cifuzz.yaml b/.github/workflows/cifuzz.yaml
index ea71ebc9..202ce966 100644
--- a/.github/workflows/cifuzz.yaml
+++ b/.github/workflows/cifuzz.yaml
@@ -7,21 +7,14 @@ jobs:
   Fuzzing:
     runs-on: ubuntu-latest
     steps:
-    - name: Build Fuzzers
-      id: build
-      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+    - name: Checkout
+      uses: actions/checkout@v2
+    - name: Restore Go cache
+      uses: actions/cache@v1
       with:
-        oss-fuzz-project-name: 'fluxcd'
-        language: go
-    - name: Run Fuzzers
-      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
-      with:
-        oss-fuzz-project-name: 'fluxcd'
-        language: go
-        fuzz-seconds: 60
-    - name: Upload Crash
-      uses: actions/upload-artifact@v1
-      if: failure() && steps.build.outcome == 'success'
-      with:
-        name: artifacts
-        path: ./out/artifacts
+        path: /home/runner/work/_temp/_github_home/go/pkg/mod
+        key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-
+    - name: Smoke test Fuzzers
+      run: make fuzz-smoketest
diff --git a/Makefile b/Makefile
index 63d65673..e1b0b258 100644
--- a/Makefile
+++ b/Makefile
@@ -79,17 +79,16 @@ fuzz-build:
 	mkdir -p $(shell pwd)/build/fuzz/out/
 
 	docker build . --tag local-fuzzing:latest -f tests/fuzz/Dockerfile.builder
-	docker run --rm -it \
-		-e FUZZING_LANGUAGE=go -e FUZZ_SECONDS=600 -e MODE=batch \
+	docker run --rm \
+		-e FUZZING_LANGUAGE=go -e SANITIZER=address \
 		-e CIFUZZ_DEBUG='True' -e OSS_FUZZ_PROJECT_NAME=fluxcd \
-		-e SANITIZER=address \
 		-v "$(shell pwd)/build/fuzz/out":/out \
 		local-fuzzing:latest
 
 fuzz-smoketest: fuzz-build
-	docker run --rm -ti \
+	docker run --rm \
 		-v "$(shell pwd)/build/fuzz/out":/out \
 		-v "$(shell pwd)/tests/fuzz/oss_fuzz_run.sh":/runner.sh \
 		-e ENVTEST_BIN_VERSION=$(ENVTEST_KUBERNETES_VERSION) \
-		gcr.io/oss-fuzz/fluxcd \
+		local-fuzzing:latest \
 		bash -c "/runner.sh"
diff --git a/tests/fuzz/oss_fuzz_run.sh b/tests/fuzz/oss_fuzz_run.sh
index b812467f..4c87f489 100755
--- a/tests/fuzz/oss_fuzz_run.sh
+++ b/tests/fuzz/oss_fuzz_run.sh
@@ -17,4 +17,4 @@
 set -euxo pipefail
 
 # run each fuzzer once to ensure they are working properly
-find /out -type f -name "fuzz*" -exec '{}' {} \;
+find /out -type f -name "fuzz*" -exec echo {} -runs=1 \; | bash -e