biscuit-auth · Geal · May 26, 2024 · May 26, 2024 · May 26, 2024 · May 26, 2024
diff --git a/.github/workflows/codspeed.yml b/.github/workflows/codspeed.yml
@@ -0,0 +1,32 @@
+name: codspeed-benchmarks
+
+on:
+  push:
+    branches:
+      - "main"
+  pull_request:
+  # `workflow_dispatch` allows CodSpeed to trigger backtest
+  # performance analysis in order to generate initial data.
+  workflow_dispatch:
+
+jobs:
+  benchmarks:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Setup rust toolchain, cache and cargo-codspeed binary
+        uses: moonrepo/setup-rust@v0
+        with:
+          channel: stable
+          cache-target: release
+          bins: cargo-codspeed
+
+      - name: Build the benchmark target(s)
+        run: cargo codspeed build -p biscuit-auth
+
+      - name: Run the benchmarks
+        uses: CodSpeedHQ/action@v2
+        with:
+          run: cargo codspeed run -p biscuit-auth
+          token: ${{ secrets.CODSPEED_TOKEN }}
diff --git a/biscuit-auth/Cargo.toml b/biscuit-auth/Cargo.toml
@@ -59,6 +59,7 @@ colored-diff = "0.2.3"
 prost-build = "0.10"
 serde = { version = "1.0.130", features = ["derive"] }
 serde_json = "1.0.67"
+codspeed-bencher-compat = "2.6.0"
 
 #[build-dependencies]
 #prost-build = "0.10"

diff --git a/biscuit-auth/benches/token.rs b/biscuit-auth/benches/token.rs
@@ -1,12 +1,12 @@
-#[macro_use]
-extern crate bencher;
-
 extern crate biscuit_auth as biscuit;
 
-use bencher::Bencher;
+use std::time::Duration;
+
 use biscuit::{
-    builder::*, builder_ext::BuilderExt, datalog::SymbolTable, Biscuit, KeyPair, UnverifiedBiscuit,
+    builder::*, builder_ext::BuilderExt, datalog::SymbolTable, AuthorizerLimits, Biscuit, KeyPair,
+    UnverifiedBiscuit,
 };
+use codspeed_bencher_compat::{benchmark_group, benchmark_main, Bencher};
 use rand::rngs::OsRng;
 
 fn create_block_1(b: &mut Bencher) {
@@ -245,16 +245,25 @@ fn verify_block_2(b: &mut Bencher) {
     verifier.add_fact("resource(\"file1\")");
     verifier.add_fact("operation(\"read\")");
     verifier.allow();
-    verifier.authorize().unwrap();
-
+    verifier
+        .authorize_with_limits(AuthorizerLimits {
+            max_time: Duration::from_secs(10),
+            ..Default::default()
+        })
+        .unwrap();
     b.bytes = data.len() as u64;
     b.iter(|| {
         let token = Biscuit::from(&data, &root.public()).unwrap();
         let mut verifier = token.authorizer().unwrap();
         verifier.add_fact("resource(\"file1\")");
         verifier.add_fact("operation(\"read\")");
         verifier.allow();
-        verifier.authorize().unwrap();
+        verifier
+            .authorize_with_limits(AuthorizerLimits {
+                max_time: Duration::from_secs(10),
+                ..Default::default()
+            })
+            .unwrap();
     });
 }
 
@@ -314,7 +323,12 @@ fn verify_block_5(b: &mut Bencher) {
     verifier.add_fact("resource(\"file1\")");
     verifier.add_fact("operation(\"read\")");
     verifier.allow();
-    verifier.authorize().unwrap();
+    verifier
+        .authorize_with_limits(AuthorizerLimits {
+            max_time: Duration::from_secs(10),
+            ..Default::default()
+        })
+        .unwrap();
 
     b.bytes = data.len() as u64;
     b.iter(|| {
@@ -323,7 +337,12 @@ fn verify_block_5(b: &mut Bencher) {
         verifier.add_fact("resource(\"file1\")");
         verifier.add_fact("operation(\"read\")");
         verifier.allow();
-        verifier.authorize().unwrap();
+        verifier
+            .authorize_with_limits(AuthorizerLimits {
+                max_time: Duration::from_secs(10),
+                ..Default::default()
+            })
+            .unwrap();
     });
 }
 
@@ -356,7 +375,12 @@ fn check_signature_2(b: &mut Bencher) {
     verifier.add_fact("resource(\"file1\")");
     verifier.add_fact("operation(\"read\")");
     verifier.allow();
-    verifier.authorize().unwrap();
+    verifier
+        .authorize_with_limits(AuthorizerLimits {
+            max_time: Duration::from_secs(10),
+            ..Default::default()
+        })
+        .unwrap();
 
     b.bytes = data.len() as u64;
     b.iter(|| {
@@ -419,7 +443,12 @@ fn check_signature_5(b: &mut Bencher) {
     verifier.add_fact("resource(\"file1\")");
     verifier.add_fact("operation(\"read\")");
     verifier.allow();
-    verifier.authorize().unwrap();
+    verifier
+        .authorize_with_limits(AuthorizerLimits {
+            max_time: Duration::from_secs(10),
+            ..Default::default()
+        })
+        .unwrap();
 
     b.bytes = data.len() as u64;
     b.iter(|| {
@@ -456,7 +485,12 @@ fn checks_block_2(b: &mut Bencher) {
     verifier.add_fact("resource(\"file1\")");
     verifier.add_fact("operation(\"read\")");
     verifier.allow();
-    verifier.authorize().unwrap();
+    verifier
+        .authorize_with_limits(AuthorizerLimits {
+            max_time: Duration::from_secs(10),
+            ..Default::default()
+        })
+        .unwrap();
 
     let token = Biscuit::from(&data, &root.public()).unwrap();
     b.bytes = data.len() as u64;
@@ -465,7 +499,12 @@ fn checks_block_2(b: &mut Bencher) {
         verifier.add_fact("resource(\"file1\")");
         verifier.add_fact("operation(\"read\")");
         verifier.allow();
-        verifier.authorize().unwrap();
+        verifier
+            .authorize_with_limits(AuthorizerLimits {
+                max_time: Duration::from_secs(10),
+                ..Default::default()
+            })
+            .unwrap();
     });
 }
 
@@ -498,7 +537,12 @@ fn checks_block_create_verifier2(b: &mut Bencher) {
     verifier.add_fact("resource(\"file1\")");
     verifier.add_fact("operation(\"read\")");
     verifier.allow();
-    verifier.authorize().unwrap();
+    verifier
+        .authorize_with_limits(AuthorizerLimits {
+            max_time: Duration::from_secs(10),
+            ..Default::default()
+        })
+        .unwrap();
 
     let token = Biscuit::from(&data, &root.public()).unwrap();
     b.bytes = data.len() as u64;
@@ -536,15 +580,25 @@ fn checks_block_verify_only2(b: &mut Bencher) {
     verifier.add_fact("resource(\"file1\")");
     verifier.add_fact("operation(\"read\")");
     verifier.allow();
-    verifier.authorize().unwrap();
+    verifier
+        .authorize_with_limits(AuthorizerLimits {
+            max_time: Duration::from_secs(10),
+            ..Default::default()
+        })
+        .unwrap();
 
     let token = Biscuit::from(&data, &root.public()).unwrap();
     b.iter(|| {
         let mut verifier = token.authorizer().unwrap();
         verifier.add_fact("resource(\"file1\")");
         verifier.add_fact("operation(\"read\")");
         verifier.allow();
-        verifier.authorize().unwrap();
+        verifier
+            .authorize_with_limits(AuthorizerLimits {
+                max_time: Duration::from_secs(10),
+                ..Default::default()
+            })
+            .unwrap();
     });
 }