From e0bf759b635801ef07aae5ab8a557308d540bc8b Mon Sep 17 00:00:00 2001
From: phuslu <phus.lu@gmail.com>
Date: Fri, 23 Feb 2024 22:00:43 +0800
Subject: [PATCH] add performance pipeline

---
 .github/workflows/nginx.yml       |  6 +--
 .github/workflows/performance.yml | 70 +++++++++++++++++++++++++++++++
 2 files changed, 73 insertions(+), 3 deletions(-)
 create mode 100644 .github/workflows/performance.yml

diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml
index 785d14b..f28cb64 100644
--- a/.github/workflows/nginx.yml
+++ b/.github/workflows/nginx.yml
@@ -3,9 +3,9 @@ name: nginx
 on:
   schedule:
     - cron: '0 0 * * *'
-  push:
-    branches:
-      - master
+  # push:
+  #   branches:
+  #     - master
 
 jobs:
   tests:
diff --git a/.github/workflows/performance.yml b/.github/workflows/performance.yml
new file mode 100644
index 0000000..438855b
--- /dev/null
+++ b/.github/workflows/performance.yml
@@ -0,0 +1,70 @@
+name: performance
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+  push:
+    branches:
+      - master
+
+jobs:
+  benchmark:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        openssl: [openssl-3.2]
+        nginx: [release-1.25.3]
+    steps:
+      - name: Config
+        run: |
+          cat <<EOF > nginx.conf
+          worker_processes auto;
+          daemon off;
+          pid nginx.pid;
+          error_log nginx.log error;
+          events {
+              worker_connections  4096;
+          }
+          http {
+              server {
+                  listen                 0.0.0.0:4433 ssl http2;
+                  access_log             /dev/null;
+                  ssl_certificate_key    "data:-----BEGIN EC PARAMETERS-----\nBggqhkjOPQMBBw==\n-----END EC PARAMETERS-----\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIL02pwZutbzkmdIM0QpvD7W3pcL2dGaeWrbQ8pNCHPFeoAoGCCqGSM49\nAwEHoUQDQgAE0Jektzpg3tJx3iPU05WwG4GweCwGWv87kkZQGB+6vG/kQQeOhnZ7\n7TCroQgY4ZVnBRZTD0lvxSyR6rwt3lWQ4A==\n-----END EC PRIVATE KEY-----\n";
+                  ssl_certificate        "data:-----BEGIN CERTIFICATE-----\nMIIBtjCCAV2gAwIBAgIUN/O0uv7B+18ohuf05ygsoC82liswCgYIKoZIzj0EAwIw\nMTELMAkGA1UEBhMCVVMxDDAKBgNVBAsMA1dlYjEUMBIGA1UEAwwLZXhhbXBsZS5v\ncmcwHhcNMjIwNzI4MTgzMzA2WhcNMjMwNzI5MTgzMzA2WjAxMQswCQYDVQQGEwJV\nUzEMMAoGA1UECwwDV2ViMRQwEgYDVQQDDAtleGFtcGxlLm9yZzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNCXpLc6YN7Scd4j1NOVsBuBsHgsBlr/O5JGUBgfurxv\n5EEHjoZ2e+0wq6EIGOGVZwUWUw9Jb8Uskeq8Ld5VkOCjUzBRMB0GA1UdDgQWBBSH\n9cc3JRcpyPh3nEa41Ux6RDGjLTAfBgNVHSMEGDAWgBSH9cc3JRcpyPh3nEa41Ux6\nRDGjLTAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIChRR5U7MMYQ\ntMK0zhNnt2SqRy30VcPIm9qoEms5cNxdAiBb273P7vSkj/PmDd1WsFVkg9NymBaT\n0nsIem2LKav60g==\n-----END CERTIFICATE-----\n";
+                  default_type           "application/json";
+                  return                 200 "\$http_ssl_ja3\n\$http2_fingerprint\n\nPADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING PADDING";
+              }
+          }
+          EOF
+          cat nginx.conf
+      - name: Clone
+        run: |
+          git clone -b ${{ matrix.openssl }} --depth=1 https://github.com/openssl/openssl
+          git clone -b ${{ matrix.nginx }} --depth=1 https://github.com/nginx/nginx
+          git clone -b master https://github.com/${GITHUB_REPOSITORY}
+      - name: Baseline Build
+        run: |
+          cd nginx
+          ./auto/configure --with-openssl=$(pwd)/../openssl --with-http_ssl_module --with-stream_ssl_module --with-stream --with-http_v2_module
+          make
+      - name: Baseline Performance
+        run: |
+          pkill nginx
+          nginx/objs/nginx -p . -c nginx.conf
+          sleep 2
+          curl -kv https://127.0.0.1:4433
+      - name: Patch
+        run: |
+          patch -p1 -d openssl < nginx-ssl-fingerprint/patches/openssl.${{ matrix.openssl }}.patch
+          patch -p1 -d nginx < nginx-ssl-fingerprint/patches/nginx-$(echo ${{ matrix.nginx }} | cut -b9-12).patch
+      - name: Build
+        run: |
+          cd nginx
+          ./auto/configure --with-openssl=$(pwd)/../openssl --add-module=$(pwd)/../nginx-ssl-fingerprint --with-http_ssl_module --with-stream_ssl_module --with-stream --with-http_v2_module
+          make
+      - name: Performance
+        run: |
+          pkill nginx
+          nohup nginx/objs/nginx -p . -c nginx.conf </dev/null &>/dev/null &
+          sleep 2
+          curl -kv https://127.0.0.1:4433