Add server perf soak CI harness

durable-workflow-ops · durable-workflow-ops · commit acdd4dc4e69b · 2026-04-20T23:40:43.000Z
diff --git a/.github/workflows/server-perf.yml b/.github/workflows/server-perf.yml
@@ -0,0 +1,116 @@
+name: Server Perf
+
+on:
+  pull_request:
+    branches: [main]
+    paths:
+      - ".github/workflows/server-perf.yml"
+      - "Dockerfile"
+      - "docker-compose.yml"
+      - "app/Support/ServerPollingCache.php"
+      - "app/Support/WorkflowTaskPoller.php"
+      - "app/Support/WorkflowTaskPollRequestStore.php"
+      - "config/server.php"
+      - "scripts/perf/**"
+  push:
+    branches: [main]
+    paths:
+      - ".github/workflows/server-perf.yml"
+      - "Dockerfile"
+      - "docker-compose.yml"
+      - "app/Support/ServerPollingCache.php"
+      - "app/Support/WorkflowTaskPoller.php"
+      - "app/Support/WorkflowTaskPollRequestStore.php"
+      - "config/server.php"
+      - "scripts/perf/**"
+  schedule:
+    - cron: "17 7 * * *"
+  workflow_dispatch:
+    inputs:
+      duration_seconds:
+        description: "Soak duration in seconds"
+        required: false
+        default: "7200"
+      concurrency:
+        description: "Concurrent long-poll workers"
+        required: false
+        default: "24"
+      grafana_remote_write:
+        description: "Enable Grafana Cloud remote_write when variables/secrets are configured"
+        required: false
+        type: boolean
+        default: true
+
+permissions:
+  contents: read
+
+concurrency:
+  group: server-perf-${{ github.event_name }}-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  smoke:
+    name: Polling cache bounded-growth smoke
+    if: github.event_name == 'pull_request' || github.event_name == 'push'
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+
+    steps:
+      - name: Checkout server
+        uses: actions/checkout@v6
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v4
+
+      - name: Run short perf smoke
+        env:
+          DW_PERF_DURATION_SECONDS: "120"
+          DW_PERF_CONCURRENCY: "8"
+          DW_PERF_NAMESPACES: "4"
+          DW_PERF_TASK_QUEUES: "8"
+          DW_PERF_MAX_SERVER_MEMORY_MB: "768"
+          DW_PERF_MAX_POLLING_KEYS: "512"
+          DW_PERF_MAX_FINAL_POLLING_KEYS: "0"
+        run: scripts/perf/run-server-soak.sh
+
+      - name: Upload perf artifacts
+        if: always()
+        uses: actions/upload-artifact@v7
+        with:
+          name: server-perf-smoke
+          path: build/perf/
+          if-no-files-found: warn
+
+  soak:
+    name: Vultr self-hosted polling cache soak
+    if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
+    runs-on: [self-hosted, linux, x64, vultr-perf, server-perf]
+    timeout-minutes: 390
+
+    steps:
+      - name: Checkout server
+        uses: actions/checkout@v6
+
+      - name: Run long perf soak
+        env:
+          DW_PERF_DURATION_SECONDS: ${{ github.event_name == 'workflow_dispatch' && inputs.duration_seconds || '7200' }}
+          DW_PERF_CONCURRENCY: ${{ github.event_name == 'workflow_dispatch' && inputs.concurrency || '24' }}
+          DW_PERF_NAMESPACES: "8"
+          DW_PERF_TASK_QUEUES: "16"
+          DW_PERF_MAX_SERVER_MEMORY_MB: "1024"
+          DW_PERF_MAX_POLLING_KEYS: "2048"
+          DW_PERF_MAX_FINAL_POLLING_KEYS: "0"
+          DW_PERF_MAX_SERVER_MEMORY_SLOPE_MB_HOUR: "128"
+          DW_PERF_GRAFANA_REMOTE_WRITE_ENABLED: ${{ github.event_name != 'workflow_dispatch' || inputs.grafana_remote_write }}
+          DW_PERF_GRAFANA_REMOTE_WRITE_URL: ${{ vars.DW_PERF_GRAFANA_REMOTE_WRITE_URL }}
+          DW_PERF_GRAFANA_USERNAME: ${{ vars.DW_PERF_GRAFANA_USERNAME }}
+          DW_PERF_GRAFANA_API_TOKEN: ${{ secrets.DW_PERF_GRAFANA_API_TOKEN }}
+        run: scripts/perf/run-server-soak.sh
+
+      - name: Upload perf artifacts
+        if: always()
+        uses: actions/upload-artifact@v7
+        with:
+          name: server-perf-soak
+          path: build/perf/
+          if-no-files-found: warn
diff --git a/.gitignore b/.gitignore
@@ -4,6 +4,9 @@
 /public/storage
 /storage/*.key
 /vendor
+/build/perf
+__pycache__/
+*.py[cod]
 .env
 .env.backup
 .env.production
diff --git a/docs/perf-runner.md b/docs/perf-runner.md
@@ -0,0 +1,76 @@
+# Server Perf Runner
+
+Issue `zorporation/durable-workflow#461` tracks bounded cache and metric-cardinality discipline. The server repo contributes the CI/perf harness for that work.
+
+## Runner Shape
+
+Use GitHub Actions as the control plane and one trusted self-hosted Vultr runner for long soaks.
+
+Initial Vultr size:
+
+- Product: High Performance Cloud Compute
+- Shape: 4 vCPU / 8 GB RAM / NVMe
+- Budget: about 48 USD/month monthly cap, or about 0.071 USD/hour
+- Backups: off for the first pass
+
+Vultr bills stopped instances, so destroy the server if the runner is no longer needed.
+
+## GitHub Runner Labels
+
+Register the runner with these labels:
+
+- `self-hosted`
+- `linux`
+- `x64`
+- `vultr-perf`
+- `server-perf`
+
+The long soak workflow targets all five labels. Do not attach these labels to general-purpose runners that may execute untrusted pull request code.
+
+Install the current GitHub Actions runner package when provisioning the box. The workflow uses current Node 24-based actions, so the runner must be at least `2.327.1`.
+
+## GitHub Configuration
+
+Required for the soak job:
+
+- A self-hosted runner with the labels above.
+
+Optional for Grafana Cloud remote write:
+
+- Repository variable `DW_PERF_GRAFANA_REMOTE_WRITE_URL`
+- Repository variable `DW_PERF_GRAFANA_USERNAME`
+- Repository secret `DW_PERF_GRAFANA_API_TOKEN`
+
+When those values are absent, the harness still runs and uploads local JSON, log, and Prometheus exposition artifacts. When all are present, the wrapper starts a short-lived Prometheus sidecar that scrapes the harness endpoint and remote-writes to Grafana Cloud.
+
+## Harness Behavior
+
+The harness starts the production Docker Compose stack with isolated ports and a unique Compose project name, then drives the real worker polling route:
+
+- creates perf namespaces,
+- registers workers across multiple task queues,
+- repeatedly calls `POST /api/worker/workflow-tasks/poll` with unique `poll_request_id` values,
+- samples server, Redis, MySQL, and polling-cache counts,
+- waits for the polling-result TTL window to drain,
+- fails if cache keys, memory ceiling, request errors, or long-run memory slope exceed the configured budgets.
+
+The short smoke job runs on GitHub-hosted runners and proves the harness plus cache-key drain path. The long soak runs on the Vultr self-hosted runner and enforces the memory slope budget after the run is long enough to make that signal meaningful.
+
+## Local Run
+
+From the server repo:
+
+```bash
+DW_PERF_DURATION_SECONDS=120 \
+DW_PERF_CONCURRENCY=8 \
+scripts/perf/run-server-soak.sh
+```
+
+Artifacts land in `build/perf/` by default. The script removes the Compose project and volumes on exit.
+
+## Safety Rules
+
+- Do not run the self-hosted soak job for pull requests from forks.
+- Keep the runner dedicated to trusted workflows.
+- Keep Docker cleanup in the job even on failure.
+- Do not commit Grafana tokens, runner registration tokens, or generated Prometheus configs.
diff --git a/scripts/perf/run-server-soak.sh b/scripts/perf/run-server-soak.sh
@@ -0,0 +1,180 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+ARTIFACT_DIR="${DW_PERF_ARTIFACT_DIR:-$ROOT_DIR/build/perf}"
+RUN_ID="${GITHUB_RUN_ID:-local}-$(date +%s)"
+PROJECT="${DW_PERF_COMPOSE_PROJECT:-dw-server-perf-$RUN_ID}"
+SERVER_PORT="${DW_PERF_SERVER_PORT:-18080}"
+MYSQL_PORT="${DW_PERF_MYSQL_PORT:-13306}"
+REDIS_PORT="${DW_PERF_REDIS_PORT:-16379}"
+METRICS_PORT="${DW_PERF_METRICS_PORT:-19090}"
+AUTH_TOKEN="${DW_PERF_AUTH_TOKEN:-perf-token}"
+POLL_TIMEOUT="${DW_PERF_POLL_TIMEOUT:-1}"
+PROMETHEUS_CONTAINER="${PROJECT}-prometheus"
+PROMETHEUS_CONFIG_DIR=""
+
+mkdir -p "$ARTIFACT_DIR"
+
+if [ -z "${APP_KEY:-}" ]; then
+  APP_KEY="base64:$(openssl rand -base64 32)"
+  export APP_KEY
+fi
+
+export APP_VERSION="${APP_VERSION:-2.0.0-perf}"
+export DW_AUTH_DRIVER="${DW_AUTH_DRIVER:-token}"
+export DW_AUTH_TOKEN="${DW_AUTH_TOKEN:-$AUTH_TOKEN}"
+export DW_WORKER_TOKEN="${DW_WORKER_TOKEN:-}"
+export DW_OPERATOR_TOKEN="${DW_OPERATOR_TOKEN:-}"
+export DW_ADMIN_TOKEN="${DW_ADMIN_TOKEN:-}"
+export DW_AUTH_BACKWARD_COMPATIBLE="${DW_AUTH_BACKWARD_COMPATIBLE:-true}"
+
+OVERRIDE_FILE="$ARTIFACT_DIR/docker-compose.perf.yml"
+cat > "$OVERRIDE_FILE" <<YAML
+services:
+  bootstrap:
+    environment:
+      LOG_LEVEL: warning
+      DW_WORKER_POLL_TIMEOUT: "$POLL_TIMEOUT"
+      DW_WORKER_POLL_INTERVAL_MS: "50"
+      DW_WORKER_POLL_SIGNAL_CHECK_INTERVAL_MS: "25"
+  server:
+    ports: !override
+      - "${SERVER_PORT}:8080"
+    environment:
+      LOG_LEVEL: warning
+      DW_WORKER_POLL_TIMEOUT: "$POLL_TIMEOUT"
+      DW_WORKER_POLL_INTERVAL_MS: "50"
+      DW_WORKER_POLL_SIGNAL_CHECK_INTERVAL_MS: "25"
+  worker:
+    environment:
+      LOG_LEVEL: warning
+      DW_WORKER_POLL_TIMEOUT: "$POLL_TIMEOUT"
+      DW_WORKER_POLL_INTERVAL_MS: "50"
+      DW_WORKER_POLL_SIGNAL_CHECK_INTERVAL_MS: "25"
+  scheduler:
+    environment:
+      LOG_LEVEL: warning
+  mysql:
+    ports: !override []
+    healthcheck:
+      test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
+      interval: 5s
+      timeout: 3s
+      retries: 24
+      start_period: 30s
+  redis:
+    ports: !override []
+YAML
+
+cleanup() {
+  local status=$?
+
+  docker logs "${PROJECT}-server-1" > "$ARTIFACT_DIR/server.log" 2>&1 || true
+  docker logs "${PROJECT}-worker-1" > "$ARTIFACT_DIR/worker.log" 2>&1 || true
+  docker logs "${PROJECT}-scheduler-1" > "$ARTIFACT_DIR/scheduler.log" 2>&1 || true
+  docker logs "${PROJECT}-mysql-1" > "$ARTIFACT_DIR/mysql.log" 2>&1 || true
+  docker logs "${PROJECT}-redis-1" > "$ARTIFACT_DIR/redis.log" 2>&1 || true
+
+  docker rm -f "$PROMETHEUS_CONTAINER" >/dev/null 2>&1 || true
+  if [ -n "$PROMETHEUS_CONFIG_DIR" ]; then
+    rm -rf "$PROMETHEUS_CONFIG_DIR"
+  fi
+
+  docker compose -p "$PROJECT" -f "$ROOT_DIR/docker-compose.yml" -f "$OVERRIDE_FILE" down -v --remove-orphans || true
+  exit "$status"
+}
+trap cleanup EXIT
+
+maybe_start_prometheus() {
+  if [ "${DW_PERF_GRAFANA_REMOTE_WRITE_ENABLED:-true}" != "true" ]; then
+    echo "Grafana Cloud remote_write disabled for this run; writing local perf artifacts only."
+    return
+  fi
+
+  if [ -z "${DW_PERF_GRAFANA_REMOTE_WRITE_URL:-}" ] \
+    || [ -z "${DW_PERF_GRAFANA_USERNAME:-}" ] \
+    || [ -z "${DW_PERF_GRAFANA_API_TOKEN:-}" ]; then
+    echo "Grafana Cloud remote_write is not configured; writing local perf artifacts only."
+    return
+  fi
+
+  PROMETHEUS_CONFIG_DIR="$(mktemp -d)"
+  cat > "$PROMETHEUS_CONFIG_DIR/prometheus.yml" <<YAML
+global:
+  scrape_interval: 15s
+scrape_configs:
+  - job_name: durable_workflow_server_perf
+    static_configs:
+      - targets:
+          - host.docker.internal:${METRICS_PORT}
+        labels:
+          repository: "${GITHUB_REPOSITORY:-local}"
+          workflow: "${GITHUB_WORKFLOW:-local}"
+          run_id: "${GITHUB_RUN_ID:-local}"
+          runner: "${RUNNER_NAME:-local}"
+remote_write:
+  - url: "${DW_PERF_GRAFANA_REMOTE_WRITE_URL}"
+    basic_auth:
+      username: "${DW_PERF_GRAFANA_USERNAME}"
+      password: "${DW_PERF_GRAFANA_API_TOKEN}"
+YAML
+
+  docker run -d --rm \
+    --name "$PROMETHEUS_CONTAINER" \
+    --add-host=host.docker.internal:host-gateway \
+    -v "$PROMETHEUS_CONFIG_DIR/prometheus.yml:/etc/prometheus/prometheus.yml:ro" \
+    "${DW_PERF_PROMETHEUS_IMAGE:-prom/prometheus:v2.55.1}" \
+    --config.file=/etc/prometheus/prometheus.yml \
+    --storage.tsdb.retention.time=2h \
+    --web.enable-lifecycle >/dev/null
+}
+
+server_base_url() {
+  local base_url="http://127.0.0.1:${SERVER_PORT}"
+  local docker_host_url
+  local docker_host_ip
+  local server_id
+  local server_ip
+
+  if curl -fsS --max-time 2 "$base_url/api/health" >/dev/null 2>&1; then
+    echo "$base_url"
+    return
+  fi
+
+  docker_host_ip="$(ip route 2>/dev/null | awk '/default/ {print $3; exit}')"
+  if [ -n "$docker_host_ip" ]; then
+    docker_host_url="http://${docker_host_ip}:${SERVER_PORT}"
+    if curl -fsS --max-time 2 "$docker_host_url/api/health" >/dev/null 2>&1; then
+      echo "$docker_host_url"
+      return
+    fi
+  fi
+
+  server_id="$(docker compose -p "$PROJECT" -f "$ROOT_DIR/docker-compose.yml" -f "$OVERRIDE_FILE" ps -q server)"
+  server_ip="$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' "$server_id" 2>/dev/null || true)"
+
+  if [ -n "$server_ip" ]; then
+    echo "http://${server_ip}:8080"
+    return
+  fi
+
+  echo "$base_url"
+}
+
+cd "$ROOT_DIR"
+
+echo "Starting perf stack with project ${PROJECT} on http://127.0.0.1:${SERVER_PORT}"
+docker compose -p "$PROJECT" -f "$ROOT_DIR/docker-compose.yml" -f "$OVERRIDE_FILE" up -d --build --wait
+
+maybe_start_prometheus
+BASE_URL="$(server_base_url)"
+echo "Running perf load against ${BASE_URL}"
+
+DW_PERF_BASE_URL="$BASE_URL" \
+DW_PERF_AUTH_TOKEN="$AUTH_TOKEN" \
+DW_PERF_ARTIFACT_DIR="$ARTIFACT_DIR" \
+DW_PERF_COMPOSE_PROJECT="$PROJECT" \
+DW_PERF_METRICS_PORT="$METRICS_PORT" \
+DW_PERF_POLL_TIMEOUT="$POLL_TIMEOUT" \
+  "$ROOT_DIR/scripts/perf/server_soak.py"
diff --git a/scripts/perf/server_soak.py b/scripts/perf/server_soak.py
