oso/.github/workflows/bench.yml at 316cabc83a91f4d03a0616cfa7a47243fef6e259 · osohq/oso · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
name: Rust benchmark
on:
  push:
    branches:
      - main
  pull_request_target:
    branches:

jobs:
  benchmark:
    name: Run Rust benchmark example
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
        with:
          # This prevents the Action from persisting the credentials it uses to
          # perform the fetch/checkout to the Runner's local Git config. On
          # `pull_request_target` events, the GITHUB_TOKEN provided to the
          # Runner has Write permissions to the base repository. We do **not**
          # want to allow untrusted code from forks to execute arbitrary Git
          # commands with those elevated permissions.
          #
          # More info:
          # https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/#improvements-for-public-repository-forks
          persist-credentials: false
          # Explicitly setting the `repository` and `ref` inputs ensures that
          # `pull_request_target` events trigger CI runs against the code from
          # the HEAD branch. By default, this Action checks out code from the
          # BASE branch. On `push` events, the `github.event.pull_request` path
          # will yield a null value, and passing nulls to these inputs causes
          # them to fall back to the defaults of `osohq/oso` and
          # `refs/heads/main`, respectively.
          repository: ${{ github.event.pull_request.head.repo.full_name }}
          ref: ${{ github.event.pull_request.head.sha }}
      - uses: actions/cache@v2
        with:
          path: |
            ~/.cargo/registry
            ~/.cargo/git
            target
          key: ${{ runner.os }}-cargo-release-${{ hashFiles('**/Cargo.lock') }}
      - name: Run benchmark
        run: cargo bench -- --output-format bencher | tee output.txt
      - name: Upload benchmark result artifact
        uses: actions/upload-artifact@v2
        with:
          name: bench_result
          path: output.txt

  # Split the benchmark testing step into a separate
  # step that runs against the existing code on the
  # _target_ branch (typically `main`)
  bench-check:
    name: Check benchmark result
    runs-on: ubuntu-latest
    needs: benchmark
    steps:
      - uses: actions/checkout@v2
      - uses: actions/download-artifact@v2
        with:
          name: bench_result
      - name: Get HEAD commit message
        id: head_commit
        run: echo "::set-output name=message::$(git log -1 --format=%B | tr -d '\n')"
      - name: Store benchmark result
        uses: rhysd/github-action-benchmark@v1
        with:
          name: Rust Benchmark
          tool: "cargo"
          output-file-path: output.txt
          github-token: ${{ secrets.GITHUB_TOKEN }}
          comment-on-alert: true
          alert-comment-cc-users: "@osohq/eng"
          alert-threshold: "150%"
          # Only push and save on pushes to main.
          auto-push: ${{ github.event_name == 'push' && github.repository == 'osohq/oso' && github.ref == 'refs/heads/main' }}
          # Comment on pushes to main AND on any commit that includes `[bench]`
          # in the message.
          comment-always: ${{ (github.event_name == 'push' && github.repository == 'osohq/oso' && github.ref == 'refs/heads/main') || contains(steps.head_commit.outputs.message, '[bench]') }}
          save-data-file: ${{ github.event_name == 'push' && github.repository == 'osohq/oso' && github.ref == 'refs/heads/main' }}