akanealw
eec8c28fb3
Some checks are pending
Go Benchmark / Performance Regression Check (push) Waiting to run
Cerberus Integration / Cerberus Security Stack Integration (push) Waiting to run
Upload Coverage to Codecov / Backend Codecov Upload (push) Waiting to run
Upload Coverage to Codecov / Frontend Codecov Upload (push) Waiting to run
CodeQL - Analyze / CodeQL analysis (go) (push) Waiting to run
CodeQL - Analyze / CodeQL analysis (javascript-typescript) (push) Waiting to run
CrowdSec Integration / CrowdSec Bouncer Integration (push) Waiting to run
Docker Build, Publish & Test / build-and-push (push) Waiting to run
Docker Build, Publish & Test / Security Scan PR Image (push) Blocked by required conditions
Quality Checks / Auth Route Protection Contract (push) Waiting to run
Quality Checks / Codecov Trigger/Comment Parity Guard (push) Waiting to run
Quality Checks / Backend (Go) (push) Waiting to run
Quality Checks / Frontend (React) (push) Waiting to run
Rate Limit integration / Rate Limiting Integration (push) Waiting to run
Security Scan (PR) / Trivy Binary Scan (push) Waiting to run
Supply Chain Verification (PR) / Verify Supply Chain (push) Waiting to run
WAF integration / Coraza WAF Integration (push) Waiting to run
81 lines
3.0 KiB
YAML
Executable File
81 lines
3.0 KiB
YAML
Executable File
name: Go Benchmark
|
|
|
|
on:
|
|
pull_request:
|
|
push:
|
|
branches:
|
|
- main
|
|
workflow_dispatch:
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.workflow_run.head_branch || github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
env:
|
|
GO_VERSION: '1.26.2'
|
|
GOTOOLCHAIN: auto
|
|
|
|
# Minimal permissions at workflow level; write permissions granted at job level for push only
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
benchmark:
|
|
name: Performance Regression Check
|
|
runs-on: ubuntu-latest
|
|
if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'pull_request' || github.event.workflow_run.conclusion == 'success' }}
|
|
# Grant write permissions for storing benchmark results (only used on push via step condition)
|
|
# Note: GitHub Actions doesn't support dynamic expressions in permissions block
|
|
permissions:
|
|
contents: write
|
|
deployments: write
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
|
|
with:
|
|
go-version: ${{ env.GO_VERSION }}
|
|
|
|
cache-dependency-path: backend/go.sum
|
|
|
|
- name: Run Benchmark
|
|
working-directory: backend
|
|
env:
|
|
CHARON_ENCRYPTION_KEY: ${{ secrets.CHARON_ENCRYPTION_KEY_TEST }}
|
|
run: go test -bench=. -benchmem -run='^$' ./... | tee output.txt
|
|
|
|
- name: Store Benchmark Result
|
|
# Only store results on pushes to main - PRs just run benchmarks without storage
|
|
# This avoids gh-pages branch errors and permission issues on fork PRs
|
|
if: github.event.workflow_run.event == 'push' && github.event.workflow_run.head_branch == 'main'
|
|
# Security: Pinned to full SHA for supply chain security
|
|
uses: benchmark-action/github-action-benchmark@a60cea5bc7b49e15c1f58f411161f99e0df48372 # v1.22.0
|
|
with:
|
|
name: Go Benchmark
|
|
tool: 'go'
|
|
output-file-path: backend/output.txt
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
auto-push: true
|
|
# Show alert with commit comment on detection of performance regression
|
|
# Threshold increased to 175% to account for CI variability
|
|
alert-threshold: '175%'
|
|
comment-on-alert: true
|
|
fail-on-alert: false
|
|
# Enable Job Summary
|
|
summary-always: true
|
|
|
|
- name: Run Perf Asserts
|
|
working-directory: backend
|
|
env:
|
|
PERF_MAX_MS_GETSTATUS_P95: 500ms
|
|
PERF_MAX_MS_GETSTATUS_P95_PARALLEL: 1500ms
|
|
PERF_MAX_MS_LISTDECISIONS_P95: 2000ms
|
|
CHARON_ENCRYPTION_KEY: ${{ secrets.CHARON_ENCRYPTION_KEY_TEST }}
|
|
run: |
|
|
echo "## 🔍 Running performance assertions (TestPerf)" >> "$GITHUB_STEP_SUMMARY"
|
|
go test -run TestPerf -v ./internal/api/handlers -count=1 | tee perf-output.txt
|
|
exit "${PIPESTATUS[0]}"
|