name: benchmark description: "Run benchmarks" inputs: cloudProvider: description: "Which cloud provider to use." required: true attestationVariant: description: "Which attestation variant to use." required: true kubeconfig: description: "The kubeconfig of the cluster to test." required: true awsOpenSearchDomain: description: "AWS OpenSearch Endpoint Domain to upload the results." required: false awsOpenSearchUsers: description: "AWS OpenSearch User to upload the results." required: false awsOpenSearchPwd: description: "AWS OpenSearch Password to upload the results." required: false artifactNameSuffix: description: "Suffix for artifact naming." required: true encryptionSecret: description: 'The secret to use for encrypting the artifact.' required: true runs: using: "composite" steps: - name: Setup python uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 with: python-version: "3.10" - name: Install kubestr shell: bash env: KUBESTR_VER: "0.4.37" run: | HOSTOS="$(go env GOOS)" HOSTARCH="$(go env GOARCH)" curl -fsSLO https://github.com/kastenhq/kubestr/releases/download/v${KUBESTR_VER}/kubestr_${KUBESTR_VER}_${HOSTOS}_${HOSTARCH}.tar.gz tar -xzf kubestr_${KUBESTR_VER}_${HOSTOS}_${HOSTARCH}.tar.gz install kubestr /usr/local/bin - name: Checkout k8s-bench-suite uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 repository: "edgelesssys/k8s-bench-suite" ref: 67c64c854841165b778979375444da1c02e02210 path: k8s-bench-suite - name: Run FIO benchmark shell: bash env: KUBECONFIG: ${{ inputs.kubeconfig }} run: | if [[ "${{ inputs.cloudProvider }}" == "azure" ]] then cat < benchmarks/constellation-${{ inputs.attestationVariant }}.json name: "benchmarks-${{ inputs.artifactNameSuffix }}" encryptionSecret: ${{ inputs.encryptionSecret }} - name: Assume AWS role to retrieve and update benchmarks in S3 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: arn:aws:iam::795746500882:role/GithubActionUpdateBenchmarks aws-region: us-east-2 - name: Set S3 artifact store shell: bash env: ARTIFACT_BUCKET_CONSTELLATION: "edgeless-artifact-store/constellation" run: echo S3_PATH=s3://${ARTIFACT_BUCKET_CONSTELLATION}/benchmarks >> $GITHUB_ENV - name: Get previous benchmark records from S3 shell: bash run: | if aws s3 cp "${S3_PATH}/constellation-${{ inputs.attestationVariant }}.json" ./ --no-progress then mv "constellation-${{ inputs.attestationVariant }}.json" "benchmarks/constellation-${{ inputs.attestationVariant }}-previous.json" else echo "::warning::Couldn't retrieve previous benchmark records from s3" fi - name: Compare results shell: bash env: # Paths to benchmark results as JSON of the previous run and the current run PREV_BENCH: benchmarks/constellation-${{ inputs.attestationVariant }}-previous.json CURR_BENCH: benchmarks/constellation-${{ inputs.attestationVariant }}.json run: | if [[ -f "$PREV_BENCH" ]]; then # Fails if the results are outside the threshold range python .github/actions/e2e_benchmark/evaluate/compare.py >> $GITHUB_STEP_SUMMARY fi - name: Upload benchmark results to OpenSearch if: (!env.ACT) shell: bash env: OPENSEARCH_DOMAIN: ${{ inputs.awsOpenSearchDomain }} OPENSEARCH_USER: ${{ inputs.awsOpenSearchUsers }} OPENSEARCH_PWD: ${{ inputs.awsOpenSearchPwd }} run: | curl -XPOST \ -u "${OPENSEARCH_USER}:${OPENSEARCH_PWD}" \ "${OPENSEARCH_DOMAIN}/benchmarks-${{ inputs.attestationVariant }}-$(date '+%Y')"/_doc \ --data-binary @benchmarks/constellation-${{ inputs.attestationVariant }}.json \ -H 'Content-Type: application/json' - name: Update benchmark records in S3 if: github.ref_name == 'main' shell: bash run: | aws s3 cp benchmarks/constellation-${{ inputs.attestationVariant }}.json ${S3_PATH}/constellation-${{ inputs.attestationVariant }}.json