Use project cc groups for oss-fuzz tracker#5161
Closed
ViniciustCosta wants to merge 10 commits intomasterfrom
Closed
Use project cc groups for oss-fuzz tracker#5161ViniciustCosta wants to merge 10 commits intomasterfrom
ViniciustCosta wants to merge 10 commits intomasterfrom
Conversation
Fix feature flag for using the enum properties properly. --------- Signed-off-by: Javan Lacerda <javanlacerda@google.com>
It implements the a job limiter for the GCP Batch adapter for remote tasks. It uses a private API for checking the availability of the regions for scheduling jobs, if all of them are loaded, the tasks are returned as unscheduled tasks and sent back to the queue. Signed-off-by: Javan Lacerda <javanlacerda@google.com>
fix b/482257453 Update get_kernel_hash_and_build_id to return a tuple with None, None if the match fails. It avoids to have `TypeError: cannot unpack non-iterable NoneType object`. It also create unit tests for src/clusterfuzz/_internal/platforms/android/kernel_utils.py. --------- Signed-off-by: Javan Lacerda <javanlacerda@google.com>
…ersion (#5145) Clusterfuzz will now look for a file called clusterfuzz_manifest.json at the root of Chrome archives and decide how to interpret runtime dependencies based on the json's version field. Version 0 (or no manifest file found) means to keep using the legacy logic while version 1 means to interpret relative dependency paths as relative to the corresponding runtime_deps file instead of the archive root. Version 1 also stops expecting a src_root/ directory in the archive root. --------- Co-authored-by: Martin Verde <thesalsa@google.com>
Remove node selector from K8s jobs template. This node selector was necessary while we had a single cluster for running both the kata jobs and the cronjobs. Now we have a separate cluster for kata jobs, and removing the node selector allow us to have many different node pools able to run kata containers. Signed-off-by: Javan Lacerda <javanlacerda@google.com>
Doing `str()` for the value of customer ID from config was preventing the code from checking if it is missing, hindering our debug capability. Also, added a log for the start of the cronjob.
We already renamed "fuzz-" test cases from crash tests, so that clusterfuzz doesn't confuse them with output cases. This change expands this functionality to all synced folders, also external repos. BUG=http://b/379684065
#### Motivation In order to call the groups settings API to allow adding external members to groups, the service account credentials need to contain the correct scope `'https://www.googleapis.com/auth/apps.groups.settings'` to verify its admin role in the correspondent Google Workspace (oss-fuzz.com in this case). #### Rationale Calling the get default creds with this scope does not work correctly. My guess is that the GKE/GCE gets the Application Default Credentials via its metadata server, which is configured by default to issue tokens within a limited set of defined scopes (e.g., `cloud-platform`). An alternative is self-impersonating the service account to generate new Credentials with the right scopes. This avoids having to deal with creating a secret containing a new key for the default service account and then generating the credentials based on this key. Note: For this to work, the SA must have the `Service Account Token Creator` role. This is already set for the Compute Engine default account in all prod environments. #### Tests Tested in dev by running the oss_fuzz_cc_groups cronjob with test groups. logs: https://screenshot.googleplex.com/76a7vJjjKC4NhCe.png Check complete investigation on: b/477964128
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
b/477964128
TODO: Fix unit tests and add logic to all issue filing (e.g., build status)