name: benchmark description: "Run benchmarks" inputs: cloudProvider: description: "Which cloud provider to use." required: true # TODO: Create different report depending on the attestation variant attestationVariant: description: "Which attestation variant to use." required: true kubeconfig: description: "The kubeconfig of the cluster to test." required: true awsOpenSearchDomain: description: "AWS OpenSearch Endpoint Domain to upload the results." required: false awsOpenSearchUsers: description: "AWS OpenSearch User to upload the results." required: false awsOpenSearchPwd: description: "AWS OpenSearch Password to upload the results." required: false artifactNameSuffix: description: "Suffix for artifact naming." required: true encryptionSecret: description: 'The secret to use for encrypting the artifact.' required: true runs: using: "composite" steps: - name: Setup python uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 with: python-version: "3.10" - name: Install kubestr shell: bash env: KUBESTR_VER: "0.4.37" run: | HOSTOS="$(go env GOOS)" HOSTARCH="$(go env GOARCH)" curl -fsSLO https://github.com/kastenhq/kubestr/releases/download/v${KUBESTR_VER}/kubestr_${KUBESTR_VER}_${HOSTOS}_${HOSTARCH}.tar.gz tar -xzf kubestr_${KUBESTR_VER}_${HOSTOS}_${HOSTARCH}.tar.gz install kubestr /usr/local/bin - name: Checkout k8s-bench-suite uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 repository: "edgelesssys/k8s-bench-suite" ref: 67c64c854841165b778979375444da1c02e02210 path: k8s-bench-suite - name: Run FIO benchmark without caching in Azure if: inputs.cloudProvider == 'azure' shell: bash env: KUBECONFIG: ${{ inputs.kubeconfig }} run: | cat < benchmarks/constellation-${{ inputs.cloudProvider }}.json name: "benchmarks-${{ inputs.artifactNameSuffix }}" encryptionSecret: ${{ inputs.encryptionSecret }} - name: Assume AWS role to retrieve and update benchmarks in S3 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: arn:aws:iam::795746500882:role/GithubActionUpdateBenchmarks aws-region: us-east-2 - name: Set S3 artifact store shell: bash env: ARTIFACT_BUCKET_CONSTELLATION: "edgeless-artifact-store/constellation" run: echo S3_PATH=s3://${ARTIFACT_BUCKET_CONSTELLATION}/benchmarks >> $GITHUB_ENV - name: Get previous benchmark records from S3 shell: bash env: CSP: ${{ inputs.cloudProvider }} run: | aws s3 cp --recursive ${S3_PATH} ./ --no-progress if [[ -f constellation-${CSP}.json ]]; then mv constellation-${CSP}.json benchmarks/constellation-${CSP}-previous.json else echo "::warning::Couldn't retrieve previous benchmark records from s3" fi - name: Compare results shell: bash env: # Paths to benchmark results as JSON of the previous run and the current run PREV_BENCH: benchmarks/constellation-${{ inputs.cloudProvider }}-previous.json CURR_BENCH: benchmarks/constellation-${{ inputs.cloudProvider }}.json run: | if [[ -f "$PREV_BENCH" ]]; then # Fails if the results are outside the threshold range python .github/actions/e2e_benchmark/evaluate/compare.py >> $GITHUB_STEP_SUMMARY fi - name: Upload benchmark results to opensearch if: (!env.ACT) shell: bash env: OPENSEARCH_DOMAIN: ${{ inputs.awsOpenSearchDomain }} OPENSEARCH_USER: ${{ inputs.awsOpenSearchUsers }} OPENSEARCH_PWD: ${{ inputs.awsOpenSearchPwd }} run: | curl -XPOST \ -u "${OPENSEARCH_USER}:${OPENSEARCH_PWD}" \ "${OPENSEARCH_DOMAIN}/benchmarks-${{ inputs.cloudProvider }}-$(date '+%Y')"/_doc \ --data-binary @benchmarks/constellation-${{ inputs.cloudProvider }}.json \ -H 'Content-Type: application/json' - name: Update benchmark records in S3 if: github.ref_name == 'main' shell: bash env: CSP: ${{ inputs.cloudProvider }} run: | aws s3 cp benchmarks/constellation-${CSP}.json ${S3_PATH}/constellation-${CSP}.json