# Copyright 2025 syzkaller project authors. All rights reserved. # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. apiVersion: argoproj.io/v1alpha1 kind: Workflow metadata: generateName: series-workflow spec: entrypoint: main podGC: # Keep pods for 12 hours after completion. strategy: OnPodCompletion deleteDelayDuration: 12h ttlStrategy: # Keep finihed workflows for 12 hours after completion. secondsAfterCompletion: 43200 podMetadata: labels: tier: workflow arguments: parameters: - name: session-id value: "some-session-id" # TODO: there seems to be no way to pass env variables into the GC workflow. # Set ARGO_ARTIFACT_GC_ENABLED=0 for the local setup? # artifactGC: # strategy: OnWorkflowCompletion templates: - name: main # Note that failFast and parallelism only affect this template's steps. # Don't schedule new steps if any of the previous steps failed. failFast: true parallelism: 2 steps: - - name: run-triage templateRef: name: triage-action-template template: triage-action - - name: abort-on-skip-outcome template: exit-workflow when: "{{=jsonpath(steps['run-triage'].outputs.parameters.result, '$.skip_reason') != ''}}" - - name: run-process-target template: process-target arguments: parameters: - name: element value: "{{item}}" withParam: "{{=jsonpath(steps['run-triage'].outputs.parameters.result, '$.targets')}}" continueOn: failed: true - name: process-target inputs: parameters: - name: element steps: - - name: save-base-req template: convert-artifact arguments: parameters: - name: data value: "{{=jsonpath(inputs.parameters.element, '$.base')}}" - - name: base-build templateRef: name: build-action-template template: build-action arguments: parameters: - name: test-name value: "[{{=jsonpath(inputs.parameters.element, '$.track')}}] Build Base" - name: session-id value: "{{workflow.parameters.session-id}}" artifacts: - name: request from: "{{steps.save-base-req.outputs.artifacts.artifact}}" - - name: abort-if-base-build-failed template: exit-workflow when: "{{=jsonpath(steps['base-build'].outputs.parameters.result, '$.success') == false}}" - - name: save-patched-req template: convert-artifact arguments: parameters: - name: data value: "{{=jsonpath(inputs.parameters.element, '$.patched')}}" - - name: boot-test-base templateRef: name: boot-action-template template: boot-action arguments: artifacts: - name: kernel from: "{{steps.base-build.outputs.artifacts.kernel}}" parameters: - name: base-build-id value: "{{=jsonpath(steps['base-build'].outputs.parameters.result, '$.build_id')}}" - name: test-name value: "[{{=jsonpath(inputs.parameters.element, '$.track')}}] Boot test: Base" - - name: abort-if-base-boot-failed template: exit-workflow when: "{{=jsonpath(steps['boot-test-base'].outputs.parameters.result, '$.success') == false}}" - - name: patched-build templateRef: name: build-action-template template: build-action arguments: parameters: - name: test-name value: "[{{=jsonpath(inputs.parameters.element, '$.track')}}] Build Patched" - name: findings value: "true" - name: session-id value: "{{workflow.parameters.session-id}}" artifacts: - name: request from: "{{steps.save-patched-req.outputs.artifacts.artifact}}" - - name: abort-if-patched-build-failed template: exit-workflow when: "{{=jsonpath(steps['patched-build'].outputs.parameters.result, '$.success') == false}}" - - name: boot-test-patched templateRef: name: boot-action-template template: boot-action arguments: artifacts: - name: kernel from: "{{steps.patched-build.outputs.artifacts.kernel}}" parameters: - name: patched-build-id value: "{{=jsonpath(steps['patched-build'].outputs.parameters.result, '$.build_id')}}" - name: report-findings value: "true" - name: test-name value: "[{{=jsonpath(inputs.parameters.element, '$.track')}}] Boot test: Patched" - - name: abort-if-patched-boot-failed template: exit-workflow when: "{{=jsonpath(steps['boot-test-patched'].outputs.parameters.result, '$.success') == false}}" - - name: run-fuzz template: fuzz-campaign when: "{{=jsonpath(inputs.parameters.element, '$.fuzz') != nil}}" arguments: parameters: - name: config value: "{{=jsonpath(inputs.parameters.element, '$.fuzz')}}" - name: patched-build-id value: "{{=jsonpath(steps['patched-build'].outputs.parameters.result, '$.build_id')}}" - name: base-build-id value: "{{=jsonpath(steps['base-build'].outputs.parameters.result, '$.build_id')}}" - name: track value: "{{=jsonpath(inputs.parameters.element, '$.track')}}" artifacts: - name: base-kernel from: "{{steps.base-build.outputs.artifacts.kernel}}" - name: patched-kernel from: "{{steps.patched-build.outputs.artifacts.kernel}}" - name: run-retest template: retest-campaign when: "{{=jsonpath(inputs.parameters.element, '$.retest') != nil}}" arguments: parameters: - name: retest-data value: "{{=jsonpath(inputs.parameters.element, '$.retest')}}" - name: patched-build-id value: "{{=jsonpath(steps['patched-build'].outputs.parameters.result, '$.build_id')}}" - name: base-build-id value: "{{=jsonpath(steps['base-build'].outputs.parameters.result, '$.build_id')}}" - name: track value: "{{=jsonpath(inputs.parameters.element, '$.track')}}" artifacts: - name: base-kernel from: "{{steps.base-build.outputs.artifacts.kernel}}" - name: patched-kernel from: "{{steps.patched-build.outputs.artifacts.kernel}}" - name: fuzz-campaign inputs: parameters: - name: config - name: track - name: base-build-id - name: patched-build-id artifacts: - name: base-kernel - name: patched-kernel steps: - - name: save-fuzz-config template: convert-artifact arguments: parameters: - name: data value: "{{inputs.parameters.config}}" - - name: fuzz templateRef: name: fuzz-action-template template: fuzz-action arguments: parameters: - name: patched-build-id value: "{{inputs.parameters.patched-build-id}}" - name: base-build-id value: "{{inputs.parameters.base-build-id}}" - name: test-name value: "[{{inputs.parameters.track}}] Fuzz" artifacts: - name: base-kernel from: "{{inputs.artifacts.base-kernel}}" - name: patched-kernel from: "{{inputs.artifacts.patched-kernel}}" - name: config from: "{{steps.save-fuzz-config.outputs.artifacts.artifact}}" - name: retest-campaign inputs: parameters: - name: retest-data - name: base-build-id - name: patched-build-id - name: track artifacts: - name: base-kernel - name: patched-kernel steps: - - name: save-retest-task template: convert-artifact arguments: parameters: - name: data value: "{{inputs.parameters.retest-data}}" - - name: retest templateRef: name: retest-action-template template: retest-action arguments: parameters: - name: patched-build-id value: "{{inputs.parameters.patched-build-id}}" - name: base-build-id value: "{{inputs.parameters.base-build-id}}" - name: test-name value: "[{{inputs.parameters.track}}] Previous reproducers" artifacts: - name: base-kernel from: "{{inputs.artifacts.base-kernel}}" - name: patched-kernel from: "{{inputs.artifacts.patched-kernel}}" - name: retest-task from: "{{steps.save-retest-task.outputs.artifacts.artifact}}" - name: convert-artifact inputs: parameters: - name: data outputs: artifacts: - name: artifact path: /tmp/artifact container: image: alpine:latest command: [sh, -c] args: ["echo '{{inputs.parameters.data}}' > /tmp/artifact"] - name: exit-workflow inputs: parameters: - name: code value: 1 container: image: alpine:latest command: ['/bin/sh', '-c'] args: ["exit {{inputs.parameters.code}}"]