81 lines
3.0 KiB
YAML
81 lines
3.0 KiB
YAML
name: Go Benchmark
|
|
|
|
on:
|
|
pull_request:
|
|
push:
|
|
branches:
|
|
- main
|
|
workflow_dispatch:
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.workflow_run.head_branch || github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
env:
|
|
GO_VERSION: '1.26.2'
|
|
GOTOOLCHAIN: auto
|
|
|
|
# Minimal permissions at workflow level; write permissions granted at job level for push only
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
benchmark:
|
|
name: Performance Regression Check
|
|
runs-on: ubuntu-latest
|
|
if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'pull_request' || github.event.workflow_run.conclusion == 'success' }}
|
|
# Grant write permissions for storing benchmark results (only used on push via step condition)
|
|
# Note: GitHub Actions doesn't support dynamic expressions in permissions block
|
|
permissions:
|
|
contents: write
|
|
deployments: write
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
|
|
with:
|
|
go-version: ${{ env.GO_VERSION }}
|
|
|
|
cache-dependency-path: backend/go.sum
|
|
|
|
- name: Run Benchmark
|
|
working-directory: backend
|
|
env:
|
|
CHARON_ENCRYPTION_KEY: ${{ secrets.CHARON_ENCRYPTION_KEY_TEST }}
|
|
run: go test -bench=. -benchmem -run='^$' ./... | tee output.txt
|
|
|
|
- name: Store Benchmark Result
|
|
# Only store results on pushes to main - PRs just run benchmarks without storage
|
|
# This avoids gh-pages branch errors and permission issues on fork PRs
|
|
if: github.event.workflow_run.event == 'push' && github.event.workflow_run.head_branch == 'main'
|
|
# Security: Pinned to full SHA for supply chain security
|
|
uses: benchmark-action/github-action-benchmark@4e0b38bc48375986542b13c0d8976b7b80c60c00 # v1
|
|
with:
|
|
name: Go Benchmark
|
|
tool: 'go'
|
|
output-file-path: backend/output.txt
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
auto-push: true
|
|
# Show alert with commit comment on detection of performance regression
|
|
# Threshold increased to 175% to account for CI variability
|
|
alert-threshold: '175%'
|
|
comment-on-alert: true
|
|
fail-on-alert: false
|
|
# Enable Job Summary
|
|
summary-always: true
|
|
|
|
- name: Run Perf Asserts
|
|
working-directory: backend
|
|
env:
|
|
PERF_MAX_MS_GETSTATUS_P95: 500ms
|
|
PERF_MAX_MS_GETSTATUS_P95_PARALLEL: 1500ms
|
|
PERF_MAX_MS_LISTDECISIONS_P95: 2000ms
|
|
CHARON_ENCRYPTION_KEY: ${{ secrets.CHARON_ENCRYPTION_KEY_TEST }}
|
|
run: |
|
|
echo "## 🔍 Running performance assertions (TestPerf)" >> "$GITHUB_STEP_SUMMARY"
|
|
go test -run TestPerf -v ./internal/api/handlers -count=1 | tee perf-output.txt
|
|
exit "${PIPESTATUS[0]}"
|