Add a build step to measure the scan perfomance

This step will measure the scan performance difference against the
master version.

Change-Id: I1b9196ef3348350cf818471f55d9024d14064ac6
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>

.github/workflows/ci.yml

@@ -37,6 +37,8 @@ jobs:
           args: ./...
       - name: Run Tests
         run: make test
+      - name: Perf Diff
+        run: make perf-diff
   coverage:
     needs: [test]
     runs-on: ubuntu-latest

Makefile

@@ -92,4 +92,7 @@ image-push: image
 tlsconfig:
 	go generate ./...
 
-.PHONY: test build clean release image image-push tlsconfig
+perf-diff:
+	./perf-diff.sh
+
+.PHONY: test build clean release image image-push tlsconfig perf-diff

perf-diff.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+
+BIN="gosec"
+BUILD_DIR="/tmp/securego"
+
+# Scan the current folder and measure the duration.
+function scan() {
+  local scan_cmd=$1
+  s=$(date +%s%3N)
+  $scan_cmd -quiet ./...
+  e=$(date +%s%3N)
+  res=$(expr $e - $s)
+  echo $res
+}
+
+# Build the master reference version.
+mkdir -p ${BUILD_DIR}
+git clone --quiet https://github.com/securego/gosec.git ${BUILD_DIR} >/dev/null
+make -C ${BUILD_DIR} >/dev/null
+
+# Scan once with the main reference.
+duration_master=$(scan "${BUILD_DIR}/${BIN}")
+echo "gosec reference time: ${duration_master}ms"
+
+# Build the current version.
+make -C . >/dev/null
+
+# Scan once with the current version.
+duration=$(scan "./${BIN}")
+echo "gosec time: ${duration}ms"
+
+# Compute the difference of the execution time.
+diff=$(($duration - $duration_master))
+if [[ diff -lt 0 ]]; then
+  diff=$(($diff * -1))
+fi
+echo "diff: ${diff}ms"
+perf=$((100 - ($duration * 100) / $duration_master))
+echo "perf diff: ${perf}%"
+
+# Fail the build if there is a performance degradation of more than 10%.
+if [[ $perf -lt -10 ]]; then
+  exit 1
+fi