Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setup basic perf CI #417

Open
wants to merge 11 commits into
base: master
Choose a base branch
from
Open

Setup basic perf CI #417

wants to merge 11 commits into from

Conversation

atuchin-m
Copy link
Collaborator

The PR:

  1. adds a CI job to estimate perf via github-action-benchmark that fails on +30% regression. The job also pushes the data to GH pages to make graphs.
    2 updates easylists*, remove file duplicates and add brave main list in the benchmarks. Also provides a script to do the next updates.
  2. adds a benchmark to measure the time to check the first request (~20ms).

An example (from a forked repo):
image
image

@atuchin-m atuchin-m self-assigned this Jan 24, 2025
boocmp
boocmp reviewed Jan 24, 2025
View reviewed changes
src/filters/network.rs Outdated Show resolved Hide resolved
boocmp
boocmp reviewed Jan 24, 2025
View reviewed changes
data/update-lists.sh Outdated Show resolved Hide resolved
github-actions[bot]
github-actions bot reviewed Jan 24, 2025
View reviewed changes
.github/workflows/perf-ci.yml
run: cargo bench --bench bench_memory -- --output-format bencher | tee -a output.txt

- name: Store benchmark result
uses: benchmark-action/[email protected]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.

Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/brave-third-party-action-not-pinned-to-commit-sha.yaml


Cc @thypon @kdenhartog

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SHA1 can't be used here, the action isn't designed for that:

File not found: '/home/runner/work/_actions/benchmark-action/github-action-benchmark/6bae118c112083251560ad8b3a1ff2e43aa23351/dist/src/index.js'

https://github.com/brave/adblock-rust/actions/runs/12953281281

I've set v1.20.4

github-actions[bot]
github-actions bot reviewed Jan 24, 2025
View reviewed changes
.github/workflows/perf-ci.yml
run: cargo bench --bench bench_memory -- --output-format bencher | tee -a output.txt

- name: Store benchmark result
uses: benchmark-action/[email protected]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.

Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/brave-third-party-action-not-pinned-to-commit-sha.yaml


Cc @thypon @kdenhartog

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@boocmp boocmp boocmp left review comments

@github-actions github-actions[bot] github-actions[bot] left review comments

@antonok-edm antonok-edm Awaiting requested review from antonok-edm

Assignees

@thypon thypon

@kdenhartog kdenhartog

@atuchin-m atuchin-m

Labels
needs-security-review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@atuchin-m @boocmp @thypon @kdenhartog