gh-143572: Run 'python3-libraries' fuzzer in CI using CIFuzz

[sethmlarson]

Created a list of files and directories that should trigger a re-run of the python3-libraries fuzzers. Now that the Python repository is the home for this fuzzer it should be easier for Python core developers to fix issues with the fuzzer in case there are issues.

• Issue: Begin running CIFuzz on standard library modules #143572

[hugovk]

I think we could also rename most of the "library"/"libraries"/"LIBRARY" to "stdlib"/"STDLIB" and it'd be clearer this is running on the standard library and not any third-party library code.

[sethmlarson]

I think we could also rename most of the "library"/"libraries"/"LIBRARY" to "stdlib"/"STDLIB" and it'd be clearer this is running on the standard library and not any third-party library code.

I agree with this, we can change most of our uses to "stdlib" within this PR except for oss-fuzz-project-name. I can handle that in a separate PR since we'll have to wait for OSS-Fuzz maintainers to rename the project.

[sethmlarson]

Thanks @StanFromIreland and @hugovk for the reviews! I've moved to a reusable workflows approach. I'll try pushing a commit modifying one of the libraries to check that the workflow fires correctly.

[hugovk]

(I resolved the conflict)

[sethmlarson]

@webknjaz I'm not sure why actionlint is refusing the contains([...], 'true') syntax used, checking on the allowed function definitions it seemed like this would be allowed?

[sethmlarson]

With the latest commit we got a run, but the values of oss-fuzz-project-name and sanitizer aren't being forwarded (the reusable workflow is seeing an empty string?) from the job matrix into the reusable workflow. I don't think I'm doing anything different than any of the other reusable workflows that use a matrix and forward parameters?

[webknjaz]

@webknjaz I'm not sure why actionlint is refusing the contains([...], 'true') syntax used, checking on the allowed function definitions it seemed like this would be allowed?

Not sure. Might be a bug in actionlint. Or maybe I misunderstood that this'd work from the docs 🤷‍♂️

[webknjaz]

With the latest commit we got a run, but the values of oss-fuzz-project-name and sanitizer aren't being forwarded (the reusable workflow is seeing an empty string?) from the job matrix into the reusable workflow. I don't think I'm doing anything different than any of the other reusable workflows that use a matrix and forward parameters?

Sounds like maybe I messed up the suggested conditionals or something. I'll double-check the current diff.

[webknjaz]

@sethmlarson I'm logging off now but meanwhile, could you restart the entire workflow ticking that debug checkbox in the rerun modal? I don't have privileges to do this myself yet.

[hugovk]

could you restart the entire workflow ticking that debug checkbox in the rerun modal?

Restarted with debug: https://github.com/python/cpython/actions/runs/20968452538?pr=143749

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[webknjaz]

Perfect!