forked from microsoft/onefuzz-samples
-
Notifications
You must be signed in to change notification settings - Fork 0
/
azure-devops-pipeline.yml
48 lines (46 loc) · 1.65 KB
/
azure-devops-pipeline.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# Example Azure Devops pipeline
#
# This uses an AAD Service Principal to authenticate to Onefuzz.
# See https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals
#
# This example uses Azure Devops Personal Access Tokens to create work items upon finding crashes.
# See https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate
#
# This uses the following variables, defined in the variable group 'onefuzz-config':
# * endpoint: The Onefuzz Instance
# * client_id: The Client ID for the service principal
#
# This uses the following secret variables, defined in the variable group 'onefuzz-config':
# * client_secret: The Client Secret for the service principal
# * ado_pat: The Azure Devops PAT
trigger:
- master
jobs:
- job: Example
pool:
vmImage: 'ubuntu-latest'
variables:
- group: onefuzz-config
steps:
- bash: |
set -ex
cd examples/simple-libfuzzer
make
displayName: Build
- task: UsePythonVersion@0
inputs:
versionSpec: '3.x'
addToPath: true
architecture: 'x64'
displayName: setup python env
- bash: |
set -ex
pip -q install onefuzz
export ONEFUZZ_CLIENT_SECRET=$(client_secret)
onefuzz config --endpoint $(endpoint) --client_id $(client_id)
sed -i s/INSERT_PAT_HERE/${ado_pat}/ notifications/azure-devops-workitems.json
onefuzz template libfuzzer basic samples sample-1 $GITHUB_SHA --target_exe fuzz.exe --notification_config @../../notifications/azure-devops-workitems.json
displayName: submit onefuzz job
env:
client_secret: client_secret
ado_pat: ado_pat