name: CIFuzz
on:
  workflow_dispatch:
  repository_dispatch:
  push:
    branches-ignore:
      - 'main'
      - 'feature'
      - 'v*.*-*'
    paths-ignore:
      - '**.md'
      - 'tools/**'
      - '.github/patches/duckdb-wasm/**'
      - '.github/workflows/**'
      - '!.github/workflows/cifuzz.yml'


concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || '' }}-${{ github.base_ref || '' }}-${{ github.ref != 'refs/heads/main' || github.sha }}
  cancel-in-progress: true

jobs:
  Fuzzing:
    name: OSSFuzz
    if: github.repository == 'duckdb/duckdb'
    strategy:
      fail-fast: false
      matrix:
        sanitizer: [address, undefined, memory]
    runs-on: ubuntu-latest
    steps:
    - name: Build Fuzzers ${{ matrix.sanitizer }}
      id: build
      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
      with:
        oss-fuzz-project-name: 'duckdb'
        dry-run: false
        sanitizer: ${{ matrix.sanitizer }}
    - name: Run Fuzzers ${{ matrix.sanitizer }}
      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
      with:
        oss-fuzz-project-name: 'duckdb'
        fuzz-seconds: 3600
        dry-run: false
        sanitizer: ${{ matrix.sanitizer }}
    - name: Upload Crash
      uses: actions/upload-artifact@v4
      if: failure() && steps.build.outcome == 'success'
      with:
        name: artifacts-${{ matrix.sanitizer }}
        path: ./out/artifacts