1+ #! /bin/bash
2+ set -e
3+ set -u
4+ set -o pipefail
5+
6+ # # DESCRIPTION:
7+ # #
8+ # # This script creates or updates GitHub issues when fuzzing jobs fail.
9+ # # It checks for existing open fuzzing failure issues and either creates
10+ # # a new one or adds a comment to an existing one.
11+ # #
12+ # # PRE-REQS:
13+ # #
14+ # # This script assumes that the gh cli is installed and in the PATH
15+ # # and that there is a GitHub PAT in the GITHUB_TOKEN env var
16+ # # with the following permissions:
17+ # # - repo (read/write)
18+ # # - issues (read/write)
19+ # # or that the user is logged into the gh cli with an account with those permissions
20+
21+ REPO=" ${GITHUB_REPOSITORY:- hyperlight-dev/ hyperlight} "
22+ WORKFLOW_RUN_URL=" ${GITHUB_SERVER_URL:- https:// github.com} /${REPO} /actions/runs/${GITHUB_RUN_ID:- unknown} "
23+ FUZZING_TARGETS=" ${1:- unknown} "
24+
25+ # Check if running in test mode (handle both first and second arguments)
26+ if [ " ${1:- } " = " --test" || [ " ${2:- } " = " --test" ; then
27+ echo " ✅ Running in test mode - script structure is valid"
28+ echo " Would check for fuzzing failure issues in $REPO "
29+ echo " Would create issue or comment for fuzzing targets: ${1:- unknown} "
30+ echo " Workflow URL would be: $WORKFLOW_RUN_URL "
31+ exit 0
32+ fi
33+
34+ echo " Checking for existing fuzzing failure issues in $REPO ..."
35+
36+ # Extract owner and repo name from the repository
37+ OWNER=$( echo " $REPO " | cut -d' /' )
38+ REPO_NAME=$( echo " $REPO " | cut -d' /' )
39+
40+ # Define the issue title and labels
41+ ISSUE_TITLE=" Fuzzing Job Failure - $( date ' +%Y-%m-%d' ) "
42+ FUZZING_LABEL=" area/testing"
43+ FAILURE_LABEL=" kind/bug"
44+ LIFECYCLE_LABEL=" lifecycle/needs-review"
45+
46+ # Search for existing open fuzzing failure issues
47+ echo " Searching for existing open fuzzing failure issues..."
48+ EXISTING_ISSUES=$( gh api graphql -f query='
49+ query($owner: String!, $repo: String!) {
50+ repository(owner: $owner, name: $repo) {
51+ issues(first: 10, states: OPEN, labels: ["area/testing"]) {
52+ totalCount
53+ nodes {
54+ number
55+ title
56+ url
57+ labels(first: 20) {
58+ nodes {
59+ name
60+ }
61+ }
62+ }
63+ }
64+ }
65+ }' -f owner=" $OWNER " " $REPO_NAME " ' .data.repository.issues' )
66+
67+ # Filter for fuzzing-related issues
68+ FUZZING_ISSUES=$( echo " $EXISTING_ISSUES " | jq ' .nodes[] | select(.title | test("Fuzzing.*[Ff]ailure"))' 2> /dev/null || echo " " )
69+ FUZZING_ISSUE_COUNT=0
70+ if [ -n " $FUZZING_ISSUES " ; then
71+ FUZZING_ISSUE_COUNT=$( echo " $FUZZING_ISSUES " | jq -s ' length' 2> /dev/null || echo " 0" )
72+ fi
73+
74+ echo " Found $FUZZING_ISSUE_COUNT existing fuzzing failure issue(s)"
75+
76+ if [ " $FUZZING_ISSUE_COUNT " -gt 0 ]; then
77+ # Get the most recent fuzzing failure issue
78+ ISSUE_NUMBER=$( echo " $FUZZING_ISSUES " | jq -r ' .number' | head -1)
79+ ISSUE_URL=$( echo " $FUZZING_ISSUES " | jq -r ' .url' | head -1)
80+
81+ if [ " $ISSUE_NUMBER " = " null" || [ -z " $ISSUE_NUMBER " ; then
82+ echo " ⚠️ Could not parse issue number from fuzzing issues, creating new issue instead"
83+ FUZZING_ISSUE_COUNT=0
84+ else
85+ echo " Adding comment to existing issue #$ISSUE_NUMBER "
86+
87+ # Create comment body
88+ COMMENT_BODY=" ## Fuzzing Job Failed Again
89+
90+ **Date:** $( date ' +%Y-%m-%d %H:%M:%S UTC' )
91+ **Workflow Run:** [$WORKFLOW_RUN_URL ]($WORKFLOW_RUN_URL )
92+ **Fuzzing Targets:** $FUZZING_TARGETS
93+
94+ The scheduled fuzzing job has failed again. Please check the workflow logs and artifacts for details.
95+
96+ ### Next Steps
97+ - [ ] Review the workflow logs for error details
98+ - [ ] Download and analyze any crash artifacts
99+ - [ ] Determine if this is a new issue or related to existing problems
100+ - [ ] Fix the underlying issue causing the fuzzing failures"
101+
102+ # Add comment to the existing issue
103+ if gh issue comment " $ISSUE_NUMBER " " $COMMENT_BODY " ; then
104+ echo " ✅ Added comment to existing issue #$ISSUE_NUMBER : $ISSUE_URL "
105+ else
106+ echo " ❌ Failed to add comment to existing issue. Creating new issue instead."
107+ FUZZING_ISSUE_COUNT=0
108+ fi
109+ fi
110+ fi
111+
112+ if [ " $FUZZING_ISSUE_COUNT " -eq 0 ]; then
113+ echo " No existing fuzzing failure issues found. Creating new issue..."
114+
115+ # Create issue body
116+ ISSUE_BODY=" ## Fuzzing Job Failure Report
117+
118+ **Date:** $( date ' +%Y-%m-%d %H:%M:%S UTC' )
119+ **Workflow Run:** [$WORKFLOW_RUN_URL ]($WORKFLOW_RUN_URL )
120+ **Fuzzing Targets:** $FUZZING_TARGETS
121+
122+ The scheduled fuzzing job has failed. This issue was automatically created to track the failure.
123+
124+ ### Details
125+ The fuzzing workflow failed during execution. Please check the workflow logs and any uploaded artifacts for more details.
126+
127+ ### Next Steps
128+ - [ ] Review the workflow logs for error details
129+ - [ ] Download and analyze any crash artifacts if available
130+ - [ ] Determine the root cause of the failure
131+ - [ ] Fix the underlying issue
132+ - [ ] Verify the fix by running fuzzing locally or waiting for the next scheduled run
133+
134+ ### Related Documentation
135+ - [Fuzzing README](https://github.com/$REPO /blob/main/fuzz/README.md)
136+ - [Security Guidance](https://github.com/$REPO /blob/main/docs/security-guidance-for-developers.md)
137+
138+ ---
139+ *This issue was automatically created by the fuzzing failure notification system.*"
140+
141+ # Create the new issue
142+ if ISSUE_URL=$( gh issue create \
143+ --title " $ISSUE_TITLE "
144+ --body " $ISSUE_BODY "
145+ --label " $FUZZING_LABEL "
146+ --label " $FAILURE_LABEL "
147+ --label " $LIFECYCLE_LABEL " ) ; then
148+ echo " ✅ Created new fuzzing failure issue: $ISSUE_URL "
149+ else
150+ echo " ❌ Failed to create new fuzzing failure issue"
151+ exit 1
152+ fi
153+ fi
154+
155+ echo " Fuzzing failure notification completed successfully"
0 commit comments