name: CIFuzz
on:
  pull_request:
    paths:
      - 'src/**'
      - 'fuzzing/**'
      - '.github/workflows/cifuzz.yml'

permissions: {}
jobs:
  Fuzzing:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
    steps:
    - name: Build Fuzzers
      id: build
      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
      with:
        oss-fuzz-project-name: 'unit'
        language: c
    - name: Run Fuzzers
      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
      with:
        oss-fuzz-project-name: 'unit'
        language: c
        fuzz-seconds: 300
        output-sarif: true
    - name: Upload Crash
      uses: actions/upload-artifact@v3
      if: failure() && steps.build.outcome == 'success'
      with:
        name: artifacts
        path: ./out/artifacts
    - name: Upload Sarif
      if: always() && steps.build.outcome == 'success'
      uses: github/codeql-action/upload-sarif@v3
      with:
        # Path to SARIF file relative to the root of the repository
        sarif_file: cifuzz-sarif/results.sarif
        checkout_path: cifuzz-sarif