From 290faa4d2d1034d37aababca5d7c2b3bae8435b0 Mon Sep 17 00:00:00 2001
From: phuslu <phus.lu@gmail.com>
Date: Fri, 23 Feb 2024 22:00:43 +0800
Subject: [PATCH] add performance pipeline

---
 .github/workflows/nginx.yml       |  6 +--
 .github/workflows/performance.yml | 69 +++++++++++++++++++++++++++++++
 2 files changed, 72 insertions(+), 3 deletions(-)
 create mode 100644 .github/workflows/performance.yml

diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml
index 785d14b..f28cb64 100644
--- a/.github/workflows/nginx.yml
+++ b/.github/workflows/nginx.yml
@@ -3,9 +3,9 @@ name: nginx
 on:
   schedule:
     - cron: '0 0 * * *'
-  push:
-    branches:
-      - master
+  # push:
+  #   branches:
+  #     - master
 
 jobs:
   tests:
diff --git a/.github/workflows/performance.yml b/.github/workflows/performance.yml
new file mode 100644
index 0000000..c346933
--- /dev/null
+++ b/.github/workflows/performance.yml
@@ -0,0 +1,69 @@
+name: performance
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+  push:
+    branches:
+      - master
+
+jobs:
+  benchmark:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        openssl: [openssl-3.2]
+        nginx: [release-1.25.3]
+    steps:
+      - name: Config
+        run: |
+          cat <<EOF > nginx.conf
+          worker_processes auto;
+          pid nginx.pid;
+          error_log /dev/stdout debug;
+          events {
+              worker_connections  4096;
+          }
+          http {
+              server {
+                  listen                 0.0.0.0:4433 ssl http2;
+                  access_log             /dev/null;
+                  ssl_certificate_key    "data:-----BEGIN EC PARAMETERS-----\nBggqhkjOPQMBBw==\n-----END EC PARAMETERS-----\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIL02pwZutbzkmdIM0QpvD7W3pcL2dGaeWrbQ8pNCHPFeoAoGCCqGSM49\nAwEHoUQDQgAE0Jektzpg3tJx3iPU05WwG4GweCwGWv87kkZQGB+6vG/kQQeOhnZ7\n7TCroQgY4ZVnBRZTD0lvxSyR6rwt3lWQ4A==\n-----END EC PRIVATE KEY-----\n";
+                  ssl_certificate        "data:-----BEGIN CERTIFICATE-----\nMIIBtjCCAV2gAwIBAgIUN/O0uv7B+18ohuf05ygsoC82liswCgYIKoZIzj0EAwIw\nMTELMAkGA1UEBhMCVVMxDDAKBgNVBAsMA1dlYjEUMBIGA1UEAwwLZXhhbXBsZS5v\ncmcwHhcNMjIwNzI4MTgzMzA2WhcNMjMwNzI5MTgzMzA2WjAxMQswCQYDVQQGEwJV\nUzEMMAoGA1UECwwDV2ViMRQwEgYDVQQDDAtleGFtcGxlLm9yZzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNCXpLc6YN7Scd4j1NOVsBuBsHgsBlr/O5JGUBgfurxv\n5EEHjoZ2e+0wq6EIGOGVZwUWUw9Jb8Uskeq8Ld5VkOCjUzBRMB0GA1UdDgQWBBSH\n9cc3JRcpyPh3nEa41Ux6RDGjLTAfBgNVHSMEGDAWgBSH9cc3JRcpyPh3nEa41Ux6\nRDGjLTAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIChRR5U7MMYQ\ntMK0zhNnt2SqRy30VcPIm9qoEms5cNxdAiBb273P7vSkj/PmDd1WsFVkg9NymBaT\n0nsIem2LKav60g==\n-----END CERTIFICATE-----\n";
+                  default_type           "application/json";
+                  return                 200 "\$http_ssl_ja3\n\$http2_fingerprint\n\nPADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING";
+              }
+          }
+          EOF
+          cat nginx.conf
+      - name: Clone
+        run: |
+          git clone -b ${{ matrix.openssl }} --depth=1 https://github.com/openssl/openssl
+          git clone -b ${{ matrix.nginx }} --depth=1 https://github.com/nginx/nginx
+          git clone -b master https://github.com/${GITHUB_REPOSITORY}
+      - name: Baseline Build
+        run: |
+          cd nginx
+          ./auto/configure --with-openssl=$(pwd)/../openssl --with-http_ssl_module --with-stream_ssl_module --with-stream --with-http_v2_module
+          make
+      - name: Baseline Performance
+        run: |
+          pkill nginx || true
+          nginx/objs/nginx -p . -c nginx.conf
+          sleep 2
+          curl -kv https://127.0.0.1:4433
+      - name: Patch
+        run: |
+          patch -p1 -d openssl < nginx-ssl-fingerprint/patches/openssl.${{ matrix.openssl }}.patch
+          patch -p1 -d nginx < nginx-ssl-fingerprint/patches/nginx-$(echo ${{ matrix.nginx }} | cut -b9-12).patch
+      - name: Build
+        run: |
+          cd nginx
+          ./auto/configure --with-openssl=$(pwd)/../openssl --add-module=$(pwd)/../nginx-ssl-fingerprint --with-http_ssl_module --with-stream_ssl_module --with-stream --with-http_v2_module
+          make
+      - name: Performance
+        run: |
+          pkill nginx || true
+          nginx/objs/nginx -p . -c nginx.conf
+          sleep 2
+          curl -kv https://127.0.0.1:4433