Add CIFuzz GitHub Action

[DavidKorczynski]

Add CIFuzz workflow action to have fuzzers build and run on each PR.

This is a service offered by OSS-Fuzz where Bincode already runs. CIFuzz can help detect regressions and catch fuzzing build issues early, and has a variety of features (see the URL above). In the current PR the fuzzers gets build on a pull request and will run for 300 seconds

[codecov]

Codecov Report

Base: 54.19% // Head: 54.22% // Increases project coverage by +0.02% 🎉

Coverage data is based on head (5218056) compared to base (efd4f96).
Patch has no changes to coverable lines.

Additional details and impacted files

@@            Coverage Diff             @@
##            trunk     #604      +/-   ##
==========================================
+ Coverage   54.19%   54.22%   +0.02%     
==========================================
  Files          50       50              
  Lines        4406     4406              
==========================================
+ Hits         2388     2389       +1     
+ Misses       2018     2017       -1     

Impacted Files	Coverage Δ
src/de/decoder.rs	75.00% <0.00%> (+5.00%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[VictorKoenders]

Thanks for this!

I'm thinking that additionally we should also run this every night for a longer time. Maybe 30 minutes (1800 seconds)? We'd need another CI step with the following trigger:

{
  "name": "CIFuzz (nightly run)",
  "on": {
    "schedule": [
      {
        "cron": "0 0 * * *"
      }
    ]
  },
  // ...

Additionally can you run this through a yaml-to-json converter to match the other CI steps? There are several of them online

[DavidKorczynski]

Additionally can you run this through a yaml-to-json converter to match the other CI step

done

I'm thinking that additionally we should also run this every night for a longer time. Maybe 30 minutes (1800 seconds)?

I wouldn't recommend this -- this is the duty of OSS-Fuzz which will run it continuously, generate an increasingly larger corpus and then CIFuzz uses this corpus in the CI action as well. Bincode was integrated into OSS-Fuzz here: google/oss-fuzz#8045 and you can find the relevant files for the project here: https://github.com/google/oss-fuzz/tree/master/projects/bincode -- it looks like @nmccarty was added as a primary contact in the project configuration, should more be added?

[VictorKoenders]

Both nmccarty and I were unaware that bincode was already in google's open source fuzzing system. Zoey knew about it but only because someone else pointed this out.

I guess it's a good thing we never knew that bincode was actively being fuzzed because it means we're doing something right.

it looks like @nmccarty was added as a primary contact in the project configuration, should more be added?

Keeping nmccarty as a primary contact is fine, thanks!

[VictorKoenders]

LGTM, thanks!