feat: another template injection sink (#1059) #14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # benchmark-base.yml: submit benchmarks to Bencher. | |
| # | |
| # This workflow provides baseline results, via the main branch. | |
| name: Benchmark baseline | |
| on: | |
| push: | |
| branches: [main] | |
| permissions: {} | |
| jobs: | |
| benchmark_base_branch: | |
| name: Continuous Benchmarking with Bencher | |
| runs-on: ubuntu-latest | |
| permissions: | |
| checks: write | |
| environment: | |
| name: bencher | |
| url: https://bencher.dev/console/projects/zizmor | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Bencher | |
| uses: bencherdev/bencher@f89d454e74a32a81b2eab29fe0afdb2316617342 # v0.5.3 | |
| - name: Installer hyperfine | |
| run: | | |
| sudo apt-get remove --purge man-db | |
| sudo apt install -y hyperfine | |
| - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0 | |
| - uses: astral-sh/setup-uv@7edac99f961f18b581bbd960d59d049f04c0002f # v6.4.1 | |
| # TODO: use actions/cache to cache the plan phase here. | |
| - name: Run benchmarks | |
| run: make bench | |
| - name: Upload benchmark results | |
| # Take each result file in bench/results/*.json and use | |
| # `bencher run` to upload it. | |
| run: | | |
| for file in bench/results/*.json; do | |
| bencher run \ | |
| --project zizmor \ | |
| --token "${BENCHER_API_TOKEN}" \ | |
| --branch main \ | |
| --testbed ubuntu-latest \ | |
| --err \ | |
| --adapter shell_hyperfine \ | |
| --github-actions "${GITHUB_TOKEN}" \ | |
| --file "${file}" | |
| done | |
| env: | |
| BENCHER_API_TOKEN: ${{ secrets.BENCHER_API_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |