basic ClusterFuzzLite integration (#4034)

.clusterfuzzlite/Dockerfile

@@ -0,0 +1,21 @@
+FROM gcr.io/oss-fuzz-base/base-builder-go:v1
+
+ARG TARGETPLATFORM
+RUN echo "TARGETPLATFORM: ${TARGETPLATFORM}"
+
+ENV GOVERSION=1.20.7
+
+RUN platform=$(echo ${TARGETPLATFORM} | tr '/' '-') && \
+  filename="go${GOVERSION}.${platform}.tar.gz" && \
+  wget https://dl.google.com/go/${filename} && \
+  mkdir temp-go && \
+  rm -rf /root/.go/* && \
+  tar -C temp-go/ -xzf ${filename} && \
+  mv temp-go/go/* /root/.go/ && \
+  rm -r ${filename} temp-go
+
+RUN apt-get update && apt-get install -y make autoconf automake libtool
+
+COPY . $SRC/quic-go
+WORKDIR quic-go
+COPY .clusterfuzzlite/build.sh $SRC/

.clusterfuzzlite/build.sh

@@ -0,0 +1,9 @@
+#!/bin/bash -eu
+
+export CXX="${CXX} -lresolv" # required by Go 1.20
+
+compile_go_fuzzer github.com/quic-go/quic-go/fuzzing/frames Fuzz frame_fuzzer
+compile_go_fuzzer github.com/quic-go/quic-go/fuzzing/header Fuzz header_fuzzer
+compile_go_fuzzer github.com/quic-go/quic-go/fuzzing/transportparameters Fuzz transportparameter_fuzzer
+compile_go_fuzzer github.com/quic-go/quic-go/fuzzing/tokens Fuzz token_fuzzer
+compile_go_fuzzer github.com/quic-go/quic-go/fuzzing/handshake Fuzz handshake_fuzzer

.clusterfuzzlite/project.yaml

@@ -0,0 +1 @@
+language: go

.github/workflows/clusterfuzz-lite-pr.yml

@@ -0,0 +1,48 @@
+name: ClusterFuzzLite PR fuzzing
+on:
+  pull_request:
+    paths:
+      - '**'
+
+permissions: read-all
+jobs:
+  PR:
+    runs-on: ${{ fromJSON(vars['CLUSTERFUZZ_LITE_RUNNER_UBUNTU'] || '"ubuntu-latest"') }}
+    concurrency:
+      group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}
+      cancel-in-progress: true
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer:
+        - address
+    steps:
+    - name: Build Fuzzers (${{ matrix.sanitizer }})
+      id: build
+      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+      with:
+        language: go
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        sanitizer: ${{ matrix.sanitizer }}
+        # Optional but recommended: used to only run fuzzers that are affected
+        # by the PR.
+        # See later section on "Git repo for storage".
+        # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
+        # storage-repo-branch: main   # Optional. Defaults to "main"
+        # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+    - name: Run Fuzzers (${{ matrix.sanitizer }})
+      id: run
+      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        fuzz-seconds: 480
+        mode: 'code-change'
+        sanitizer: ${{ matrix.sanitizer }}
+        output-sarif: true
+        parallel-fuzzing: true
+        # Optional but recommended: used to download the corpus produced by
+        # batch fuzzing.
+        # See later section on "Git repo for storage".
+        # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
+        # storage-repo-branch: main   # Optional. Defaults to "main"
+        # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".