cipher-bench #6

	name: cipher-bench

	on:
	workflow_dispatch:

	permissions:
	contents: read

	concurrency:
	group: cipher-bench-${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	benchmark:
	name: Cipher benchmark (arm64)
	runs-on: ubuntu-24.04-arm

	steps:
	- name: Harden the runner (Audit all outbound calls)
	uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0
	with:
	egress-policy: audit

	- name: Checkout Repo
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

	- name: Set up Go
	uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
	with:
	go-version: "1.26"

	- name: Get CPU info
	shell: bash
	run: \|
	set -euo pipefail
	mkdir -p artifacts
	{
	echo "=== CPU Information ==="
	uname -a
	echo ""
	echo "=== Processor Details ==="
	lscpu \|\| true
	echo ""
	echo "=== /proc/cpuinfo ==="
	cat /proc/cpuinfo \|\| true
	} \| tee artifacts/cpu-info.txt

	- name: Run cipher with SM4NI benchmarks
	shell: bash
	run: \|
	set -euo pipefail
	mkdir -p artifacts
	go test -run '^$' -bench . -benchmem -benchtime=300ms ./cipher \| tee artifacts/cipher-sm4ni-bench.txt

	- name: Run cipher without SM4NI benchmarks
	shell: bash
	run: \|
	set -euo pipefail
	mkdir -p artifacts
	go test -run '^$' -bench . -benchmem -benchtime=300ms ./cipher \| tee artifacts/cipher-bench.txt
	env:
	DISABLE_SM4NI: 1

	- name: Upload benchmark artifacts
	uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
	with:
	name: cipher-bench-${{ github.run_id }}
	path: artifacts/

Provide feedback