From b8e81e16e05c740a03cd9703a6372ce8de858130 Mon Sep 17 00:00:00 2001 From: Ray Walker Date: Sat, 23 May 2026 09:38:37 +1000 Subject: [PATCH] ci: make Deep Fuzzing actually run 8 hours per target MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The job was named "Deep Fuzzing (8 hours)" but the inline command ran `timeout 1800 cargo fuzz run ... -max_total_time=1800` — 30 minutes, not 8 hours. The name promised one thing, the runtime delivered ~6% of it. Changes: - timeout / -max_total_time: 1800s (30m) → 28800s (8h) - Step name: "30 minutes per target" → "8 hours per target" - Add `timeout-minutes: 540` (9h) so the job-level cap doesn't preempt the 8h fuzz; default is 360 (6h), which would kill it. Wall-time estimate: with up to 12 parallel ARC runners and 16 targets, ~11h per nightly cron. Fits inside the 24h cron cycle; the existing `cancel-in-progress` concurrency rule still protects against overlap. --- .github/workflows/security.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 95313ae..b6b3c1a 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -126,6 +126,7 @@ jobs: name: Deep Fuzzing (8 hours) runs-on: cachekit if: github.event_name == 'schedule' + timeout-minutes: 540 strategy: fail-fast: false matrix: @@ -172,13 +173,13 @@ jobs: # nightly rustc rejects. Let cargo resolve fresh deps. run: cargo install cargo-fuzz - - name: Run deep fuzz (30 minutes per target) + - name: Run deep fuzz (8 hours per target) run: | cd fuzz # Build first - fail fast on compile errors cargo fuzz build ${{ matrix.target }} # Run fuzz - timeout exit code 124 is acceptable (means it ran the full duration) - timeout 1800 cargo fuzz run ${{ matrix.target }} -- -max_total_time=1800 || [ $? -eq 124 ] + timeout 28800 cargo fuzz run ${{ matrix.target }} -- -max_total_time=28800 || [ $? -eq 124 ] - name: Upload crash artifacts if: always()