From c52dc0ea4e0fed5898f6b1d1f1028bd20ac0fa86 Mon Sep 17 00:00:00 2001
From: Cosmin Cojocar <ccojocar@google.com>
Date: Mon, 26 Aug 2024 16:54:11 +0000
Subject: [PATCH] Add a build step to measure the scan perfomance

This step will measure the scan performance difference against the
master version.

Change-Id: I1b9196ef3348350cf818471f55d9024d14064ac6
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
---
 .github/workflows/ci.yml |  2 ++
 Makefile                 |  5 ++++-
 perf-diff.sh             | 44 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 50 insertions(+), 1 deletion(-)
 create mode 100755 perf-diff.sh

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ec446d2..a83947d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -37,6 +37,8 @@ jobs:
           args: ./...
       - name: Run Tests
         run: make test
+      - name: Perf Diff
+        run: make perf-diff
   coverage:
     needs: [test]
     runs-on: ubuntu-latest
diff --git a/Makefile b/Makefile
index 13ccf91..bcfda6c 100644
--- a/Makefile
+++ b/Makefile
@@ -92,4 +92,7 @@ image-push: image
 tlsconfig:
 	go generate ./...
 
-.PHONY: test build clean release image image-push tlsconfig
+perf-diff:
+	./perf-diff.sh
+
+.PHONY: test build clean release image image-push tlsconfig perf-diff
diff --git a/perf-diff.sh b/perf-diff.sh
new file mode 100755
index 0000000..cf3084c
--- /dev/null
+++ b/perf-diff.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+BIN="gosec"
+BUILD_DIR="/tmp/securego"
+
+# Scan the current folder and measure the duration.
+function scan() {
+  local scan_cmd=$1
+  s=$(date +%s%3N)
+  $scan_cmd -quiet ./...
+  e=$(date +%s%3N)
+  res=$(expr $e - $s)
+  echo $res
+}
+
+# Build the master reference version.
+mkdir -p ${BUILD_DIR}
+git clone --quiet https://github.com/securego/gosec.git ${BUILD_DIR} >/dev/null
+make -C ${BUILD_DIR} >/dev/null
+
+# Scan once with the main reference.
+duration_master=$(scan "${BUILD_DIR}/${BIN}")
+echo "gosec reference time: ${duration_master}ms"
+
+# Build the current version.
+make -C . >/dev/null
+
+# Scan once with the current version.
+duration=$(scan "./${BIN}")
+echo "gosec time: ${duration}ms"
+
+# Compute the difference of the execution time.
+diff=$(($duration - $duration_master))
+if [[ diff -lt 0 ]]; then
+  diff=$(($diff * -1))
+fi
+echo "diff: ${diff}ms"
+perf=$((100 - ($duration * 100) / $duration_master))
+echo "perf diff: ${perf}%"
+
+# Fail the build if there is a performance degradation of more than 10%.
+if [[ $perf -lt -10 ]]; then
+  exit 1
+fi