gh-143572: Run 'python3-libraries' fuzzer in CI using CIFuzz #143749
Conversation
sethmlarson
requested review from
AA-Turner,
ezio-melotti and
hugovk
as code owners
Misc/NEWS.d/next/Tools-Demos/2026-01-12-13-37-14.gh-issue-143572.WKV_Jk.rst
Outdated
Show resolved
Hide resolved
hugovk
left a comment
hugovk
left a comment
There was a problem hiding this comment.
I think we could also rename most of the "library"/"libraries"/"LIBRARY" to "stdlib"/"STDLIB" and it'd be clearer this is running on the standard library and not any third-party library code.
I agree with this, we can change most of our uses to "stdlib" within this PR except for |
|
Thanks @StanFromIreland and @hugovk for the reviews! I've moved to a reusable workflows approach. I'll try pushing a commit modifying one of the libraries to check that the workflow fires correctly. |
|
(I resolved the conflict) |
Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <578543+webknjaz@users.noreply.github.com>
|
@webknjaz I'm not sure why actionlint is refusing the |
|
With the latest commit we got a run, but the values of |
Not sure. Might be a bug in actionlint. Or maybe I misunderstood that this'd work from the docs 🤷♂️ |
Sounds like maybe I messed up the suggested conditionals or something. I'll double-check the current diff. |
webknjaz
added
needs backport to 3.13
|
One more thing — in general, it's a good idea to keep the CI infra the same (at least structurally) across branches since this will reduce conflicts when backporting more important changes. So this will need to be backported if possible. Either partially or, if there's no problems — in full. The backwards compat considerations would almost never apply to the CI infra the same way it'd apply to the user-facing changes. |
|
A brief note on CI time. These three jobs take about 22 minutes, which is fine:
https://github.com/python/cpython/actions/runs/21006197138/usage We have a few other jobs taking around this long, like Android and iOS and some Windows ones, with one free-threaded Windows being the bottleneck at 32 mins. 
Just something to keep an eye on. |
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
github-project-automation
bot
moved this from 🧐 @webknjaz's review queue 📋
to 🌈 Done 🦄
in 📅 Procrastinating in public
|
Thanks @sethmlarson for the PR, and @hugovk for merging it 🌮🎉.. I'm working now to backport this PR to: 3.13, 3.14. |
|
Sorry, @sethmlarson and @hugovk, I could not cleanly backport this to |
|
Sorry, @sethmlarson and @hugovk, I could not cleanly backport this to |
|
@hugovk I can work on creating backports. Thanks for the reviews, everyone! |
|
GH-143912 is a backport of this pull request to the 3.14 branch. |
…Fuzz (pythonGH-143749) (cherry picked from commit edeebe2) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <578543+webknjaz@users.noreply.github.com> Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua> Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
|
GH-143915 is a backport of this pull request to the 3.13 branch. |
| runs-on: ubuntu-latest | ||
| timeout-minutes: 60 | ||
| # ${{ '' } is a hack to nest jobs under the same sidebar category. | ||
| name: CIFuzz${{ '' }} # zizmor: ignore[obfuscation] |
There was a problem hiding this comment.
Reflecting on this a bit, I think we could've interpolated one of the factors to produce separate categories.
- name: CIFuzz${{ '' }} # zizmor: ignore[obfuscation]
+ name: CIFuzz (${{ matrix.oss-fuzz-project-name }})We can still do this in follow-ups if you @sethmlarson think it's a good idea.
5 participants
Created a list of files and directories that should trigger a re-run of the
python3-librariesfuzzers. Now that the Python repository is the home for this fuzzer it should be easier for Python core developers to fix issues with the fuzzer in case there are issues.