open-policy-agent · sozercan · Dec 5, 2025 · Dec 5, 2025 · Dec 5, 2025 · Dec 5, 2025
@@ -30,10 +30,6 @@ jobs:
     name: "Test Gator"
     runs-on: ubuntu-22.04
     timeout-minutes: 5
-    strategy:
-      fail-fast: false
-      matrix:
-        KUBERNETES_VERSION: ["1.31.6", "1.32.3", "1.33.2"] # Latest available versions of Kubernetes at - https://hub.docker.com/r/kindest/node/tags
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
@@ -49,11 +45,115 @@ jobs:
           go-version: "1.25"
           check-latest: true
 
-      - name: Download e2e dependencies
-        run: |
-          mkdir -p $GITHUB_WORKSPACE/bin
-          echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
-          make e2e-dependencies KUBERNETES_VERSION=${{ matrix.KUBERNETES_VERSION }}
-
       - name: gator test
         run: make test-gator-containerized
+
+  gator_bench_test:
+    name: "Gator Bench E2E"
+    runs-on: ubuntu-22.04
+    timeout-minutes: 10
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        with:
+          egress-policy: audit
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+
+      - name: Set up Go
+        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
+        with:
+          go-version: "1.25"
+          check-latest: true
+
+      - name: Build gator
+        run: make gator
+
+      - name: Test basic Rego policy benchmark
+        run: |
+          ./bin/gator bench \
+            --filename test/gator/bench/basic/ \
+            --iterations 50 \
+            --engine rego \
+            --output table
+
+      - name: Test CEL policy benchmark
+        run: |
+          ./bin/gator bench \
+            --filename test/gator/bench/cel/ \
+            --iterations 50 \
+            --engine cel \
+            --output table
+
+      - name: Test dual-engine policy benchmark
+        run: |
+          ./bin/gator bench \
+            --filename test/gator/bench/both/ \
+            --iterations 50 \
+            --engine all \
+            --output table
+
+      - name: Test memory profiling
+        run: |
+          ./bin/gator bench \
+            --filename test/gator/bench/basic/ \
+            --iterations 20 \
+            --engine rego \
+            --memory \
+            --output table
+
+      - name: Test concurrent execution
+        run: |
+          ./bin/gator bench \
+            --filename test/gator/bench/basic/ \
+            --iterations 100 \
+            --engine rego \
+            --concurrency 4 \
+            --output table
+
+      - name: Test JSON output
+        run: |
+          ./bin/gator bench \
+            --filename test/gator/bench/basic/ \
+            --iterations 20 \
+            --engine rego \
+            --output json | jq .
+
+      - name: Test baseline save and compare
+        run: |
+          # Save baseline
+          ./bin/gator bench \
+            --filename test/gator/bench/basic/ \
+            --iterations 30 \
+            --engine rego \
+            --save /tmp/baseline.json
+
+          # Compare against baseline - using high min-threshold since we're testing
+          # functionality not actual performance values in CI
+          ./bin/gator bench \
+            --filename test/gator/bench/basic/ \
+            --iterations 30 \
+            --engine rego \
+            --compare /tmp/baseline.json \
+            --threshold 50 \
+            --min-threshold 100ms
+
+      - name: Test min-threshold
+        run: |
+          # Save baseline
+          ./bin/gator bench \
+            --filename test/gator/bench/basic/ \
+            --iterations 30 \
+            --engine rego \
+            --save /tmp/baseline-min.json
+
+          # Compare with strict threshold (0.1%) but loose min-threshold (1s)
+          # This ensures the flag prevents failure from small variations
+          ./bin/gator bench \
+            --filename test/gator/bench/basic/ \
+            --iterations 30 \
+            --engine rego \
+            --compare /tmp/baseline-min.json \
+            --threshold 0.1 \
+            --min-threshold 1s
@@ -271,6 +271,6 @@ jobs:
         uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         if: ${{ always() }}
         with:
-          name: logs-${{ matrix.KUBERNETES_VERSION }}
+          name: logs-ownerreferences-admission-plugin
           path: |
-            logs-*.json
+            logs-*.json