Deploying OneFuzz jobs via GitHub Actions

October 1, 2021 ยท View on GitHub

This pipeline uses an AAD Service Principal to authenticate to Onefuzz.

To create work items upon finding crashes, this pipeline uses a GitHub Personal Access Token to report any crashes found during fuzzing as GitHub Issues.

Configuration

This example uses Encrypted Secrets to configure the workflow:

  • onefuzz_endpoint: The Onefuzz Instance. This should be the URL for the instance, such as https://onefuzz-playground.azurewebsites.net.
  • onefuzz_client_id: The Client ID for the service principal.
  • onefuzz_client_secret: The Client Secret for the service principal.
  • onefuzz_pat: The GitHub Personal Access Token.

This example uses environment variables to configure the workflow:

  • ONEFUZZ_PROJECT:The name of your project. As an example, "Browser".
  • ONEFUZZ_NAME: The name of your target application. As an example, "jpg-parser".
  • ONEFUZZ_POOL: The name of the fuzzing Pool to use. As an example, my-linux-pool.

GitHub Issues Configuration

In the notification configuration, there are a few items that are hard-coded that you should update for your instance:

  • Replace INSERT_YOUR_USERNAME_HERE with the name of your GitHub username used to file issues.
  • Replace organization with the name of your GitHub organization to file issues.
  • Replace repository with the name of your GitHub repository to file issues.