Add cifuzz CI config for OSS-Fuzz (#7625)

ToastCheng · pavoljuhas · mhucka · web-flow · commit ca1c21ab0a67 · 2026-01-26T17:46:11.000Z
After adding the Cirq to OSS-Fuzz project list, we'll need to configure GitHub action to run the CI fuzzer. This PR basically follows https://google.github.io/oss-fuzz/getting-started/continuous-integration/ to enable the workflow. Partially implements #7515 --------- Co-authored-by: Pavol Juhas <juhas@google.com> Co-authored-by: Michael Hucka <mhucka@caltech.edu>
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
@@ -0,0 +1,50 @@
+name: CIFuzz
+run-name: >-
+  Perform fuzz testing on pull request ${{github.event.pull_request.number}}
+  by ${{github.actor}}
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+permissions: {}
+
+concurrency:
+  # Cancel any previously-started but still active runs on the same branch.
+  cancel-in-progress: true
+  group: ${{github.workflow}}-${{github.event.pull_request.number||github.ref}}
+
+jobs:
+  fuzzing:
+    name: Fuzz testing
+    runs-on: ubuntu-24.04
+    permissions:
+      security-events: write
+    steps:
+    - name: Checkout Code
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
+    - name: Build Fuzzers
+      id: build
+      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+      with:
+        oss-fuzz-project-name: cirq
+        language: python
+    - name: Run Fuzzers
+      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+      with:
+        oss-fuzz-project-name: cirq
+        language: python
+        fuzz-seconds: 600
+        output-sarif: true
+    - name: Upload artifacts to workflow page if a failure occurred
+      uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+      if: failure() && steps.build.outcome == 'success'
+      with:
+        name: artifacts
+        path: ./out/artifacts
+    - name: Upload SARIF file to results page
+      if: always() && steps.build.outcome == 'success'
+      uses: github/codeql-action/upload-sarif@d378195403bf7cd9c9b55e4713ede0962aa58b83 # v3
+      with:
+        # This the output SARIF file path generated by the 'run_fuzzers' action.
+        sarif_file: cifuzz-sarif/results.sarif
