.github/workflows/qns.yml

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

name: qns

env:
  CARGO_INCREMENTAL: 0
  CARGO_NET_RETRY: 10
  RUSTUP_MAX_RETRIES: 10
  RUST_BACKTRACE: 1
  # This kept breaking builds so we're pinning for now. We should do our best to keep
  # up with the changes, though.
  INTEROP_RUNNER_REF: e73ec56cdf5423fa6b1576a2b5fec5eb2171ec5d
  # This should be updated when updating wesleyrosenblum/quic-network-simulator
  NETWORK_SIMULATOR_REF: sha256:20abe0bed8c0e39e1d8750507b24295f7c978bdd7e05fa6f3a5afed4b76dc191
  IPERF_ENDPOINT_REF: sha256:cb50cc8019d45d9cad5faecbe46a3c21dd5e871949819a5175423755a9045106
  WIRESHARK_VERSION: 3.7.1
  CDN: https://dnglbrstg7yg.cloudfront.net
  LOG_URL: logs/latest/SERVER_CLIENT/TEST/index.html
  H3_SPEC_VERSION: v0.1.8
  QUINN_REF: 6e4bcbb2fcb57ced2ef261c9662521c5baf37f3c
  # enable unstable features for testing
  S2N_UNSTABLE_CRYPTO_OPT_TX: 100
  S2N_UNSTABLE_CRYPTO_OPT_RX: 100

# By default depandabot only receives read permissions. Explicitly give it write
# permissions which is needed by the ouzi-dev/commit-status-updater task.
#
# Updating status is relatively safe (doesnt modify source code) and caution
# should we taken before adding more permissions.
permissions:
  statuses: write

jobs:
  env:
    runs-on: ubuntu-latest
    outputs:
      matrix: ${{ steps.implementations.outputs.matrix }}
    steps:
      - uses: actions/checkout@v3
        with:
          path: s2n-quic

      - uses: actions/checkout@v3
        with:
          repository: marten-seemann/quic-interop-runner
          ref: ${{ env.INTEROP_RUNNER_REF }}
          path: quic-interop-runner

      - name: Patch quic-interop-runner
        working-directory: quic-interop-runner
        run: |
          git apply --3way ../s2n-quic/.github/interop/runner.patch

      - name: Define implementations
        id: implementations
        working-directory: quic-interop-runner
        run: |
          CLIENTS=$(cat implementations.json \
            | jq -c '[. | to_entries[] | select(.value.role == "both" or .value.role == "client") | {"client": .key, "server": "s2n-quic"}] | sort'
          )
          echo "Clients: $CLIENTS"
          SERVERS=$(cat implementations.json \
            | jq -c '[. | to_entries[] | select(.value.role == "both" or .value.role == "server") | {"client": "s2n-quic", "server": .key}] | sort'
          )
          echo "Servers: $SERVERS"
          MATRIX=$(echo "[$CLIENTS, $SERVERS]" | jq -c '{"include": . | flatten | sort | unique}')
          echo "Matrix: $MATRIX"
          echo "::set-output name=matrix::$MATRIX"

  s2n-quic-qns:
    runs-on: ubuntu-20.04
    strategy:
      matrix:
        mode: ["debug", "release"]
    # enable debug information
    env:
      RUSTFLAGS: "-g --cfg s2n_internal_dev --cfg s2n_quic_dump_on_panic"
    steps:
      - uses: actions/checkout@v3
        with:
          submodules: true

      - uses: actions-rs/toolchain@v1.0.7
        id: toolchain
        with:
          toolchain: stable
          profile: minimal
          override: true

      - uses: camshaft/rust-cache@v1
        with:
          key: ${{ matrix.mode }}-${{ env.RUSTFLAGS }}

      # apply patch to use forked version of the webpki crate
      # see https://github.com/aws/s2n-quic/issues/1836
      - name: Patch webpki
        run: |
          git apply --3way quic/s2n-quic-qns/etc/webpki.patch

      - name: Run cargo build
        uses: actions-rs/cargo@v1.0.3
        with:
          command: build
          args: --bin s2n-quic-qns ${{ matrix.mode == 'release' && '--release' || '' }}

      - name: Prepare artifact
        run: |
          mkdir -p s2n-quic-qns
          cp target/${{ matrix.mode }}/s2n-quic-qns s2n-quic-qns/s2n-quic-qns-${{ matrix.mode }}

      - uses: actions/upload-artifact@v3
        with:
          name: s2n-quic-qns-${{ matrix.mode }}
          path: s2n-quic-qns/

  quinn:
    runs-on: ubuntu-20.04
    # enable debug information
    env:
      RUSTFLAGS: "-g"
    steps:
      - uses: actions/checkout@v3
        with:
          repository: quinn-rs/quinn
          ref: ${{ env.QUINN_REF }}

      - uses: actions-rs/toolchain@v1.0.7
        id: toolchain
        with:
          toolchain: stable
          profile: minimal
          override: true

      - uses: camshaft/rust-cache@v1

      - name: Cache quinn
        id: cache
        uses: actions/cache@v3.3.1
        continue-on-error: true
        with:
          path: |
            target/release/perf_client
            target/release/perf_server
          key: ${{ runner.os }}-${{ steps.toolchain.outputs.rustc_hash }}-${{ github.job }}-quinn-${{ hashFiles('**/Cargo.*') }}-${{ hashFiles('**/*.rs') }}

      - name: Build quinn
        if: steps.cache.outputs.cache-hit != 'true'
        run: cargo build --bin perf_client --bin perf_server --release

      - name: Prepare artifact
        run: |
          mkdir -p quinn
          cp target/release/perf_client quinn/perf_client
          cp target/release/perf_server quinn/perf_server

      - uses: actions/upload-artifact@v3
        with:
          name: quinn
          path: quinn/

  interop:
    runs-on: ubuntu-latest
    needs: [env, s2n-quic-qns]
    strategy:
      matrix: ${{ fromJson(needs.env.outputs.matrix) }}
    steps:
      - uses: actions/checkout@v3
        with:
          path: s2n-quic

      - uses: actions/download-artifact@v3
        with:
          name: s2n-quic-qns-debug
          path: s2n-quic-qns/

      - uses: actions/download-artifact@v3
        with:
          name: s2n-quic-qns-release
          path: s2n-quic-qns/

      - name: Setup dockerfile
        working-directory: s2n-quic-qns
        run: |
          cp ../s2n-quic/.github/interop/Dockerfile .
          cp ../s2n-quic/quic/s2n-quic-qns/etc/run_endpoint.sh .

      - name: Run docker build
        working-directory: s2n-quic-qns
        run: |
          docker build . --file Dockerfile --tag aws/s2n-quic-qns --build-arg tls=s2n-tls
          docker build . --file Dockerfile --tag aws/s2n-quic-qns-rustls --build-arg tls=rustls

      - uses: actions/checkout@v3
        with:
          repository: marten-seemann/quic-interop-runner
          ref: ${{ env.INTEROP_RUNNER_REF }}
          path: quic-interop-runner

      - name: Patch quic-interop-runner
        working-directory: quic-interop-runner
        run: |
          git apply --3way ../s2n-quic/.github/interop/runner.patch

      - name: Run docker pull
        working-directory: quic-interop-runner
        run: |
          docker pull "wesleyrosenblum/quic-network-simulator@$NETWORK_SIMULATOR_REF"
          docker pull "martenseemann/quic-interop-iperf-endpoint@$IPERF_ENDPOINT_REF"

      - uses: actions/setup-python@v4
        with:
          python-version: 3.7

      - name: Install tshark
        run: |
          wget --no-verbose https://dnglbrstg7yg.cloudfront.net/tshark/v$WIRESHARK_VERSION/tshark
          chmod +x tshark
          sudo mv tshark /usr/bin
          /usr/bin/tshark -v

      - name: Install dependencies
        working-directory: quic-interop-runner
        run: |
          python3 -m pip install --upgrade pip
          pip3 install wheel
          pip3 install --upgrade -r requirements.txt

      - name: Run quic-interop-runner
        working-directory: quic-interop-runner
        run: |
          # enable IPv6 support
          sudo modprobe ip6table_filter
          python3 run.py --client ${{ matrix.client }} --server ${{ matrix.server }} --json results/result.json --debug --log-dir results/logs
          mkdir -p results/logs

      - name: Prepare artifacts
        working-directory: quic-interop-runner
        run: |
          ls -al results
          # clean up invalid path characters
          find results -name '*:*' | while read from; do
            echo "Invalid filename: $from"
            to=$(echo $from | sed 's/:/_/g')
            mv $from $to
          done
          # remove files we don't do anything with to reduce the artifact size
          find results -name '*.qlog' -exec rm {} \;
          # remove cross traffic and goodput packet captures as they are large and not useful
          find results -maxdepth 7 -type d -path "**/crosstraffic/*/sim" | xargs rm -rf \;
          find results -maxdepth 7 -type d -path "**/goodput/*/sim" | xargs rm -rf \;

          # Add index files for easy browsing
          find results -maxdepth 3 -type d -path "*/logs/*/*" | while read from; do
              tree -H "." \
                -h \
                -L 3 \
                -I 'index.html' \
                -T "${{ matrix.client }} client / ${{ matrix.server }} server - $(basename $from)" \
                --noreport \
                --charset utf-8 \
                -o $from/index.html \
                $from
          done

      - uses: aws-actions/configure-aws-credentials@v2.2.0
        if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-west-1

      - name: Upload to S3
        if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
        id: s3
        working-directory: quic-interop-runner
        run: |
          TARGET="${{ github.sha }}/interop/logs/latest"
          aws s3 sync results/logs "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks

      - uses: actions/upload-artifact@v3
        with:
          name: interop-${{ matrix.client }}-client-${{ matrix.server }}-server
          path: quic-interop-runner/results/result.json

      - name: Assert no crashes
        working-directory: quic-interop-runner
        run: |
          ! grep -Rq 'The s2n-quic-qns application shut down unexpectedly' results

  interop-report:
    runs-on: ubuntu-latest
    needs: [interop]
    steps:
      - uses: actions/checkout@v3

      - uses: actions/download-artifact@v3
        with:
          path: results/

      - name: Download latest results
        id: download
        run: |
          rm -f result.json
          INTEROP_BASE_URL="https://interop.seemann.io/logs/"
          wget ${INTEROP_BASE_URL}latest/result.json || echo '{}' > result.json
          mv result.json latest.json
          INTEROP_LOG_URL=${INTEROP_BASE_URL}$(jq --raw-output '.log_dir' latest.json)/SERVER_CLIENT/TEST/
          echo "::set-output name=INTEROP_LOG_URL::$INTEROP_LOG_URL"

      - name: Get latest successful interop commit SHA on main branch
        id: mainsha
        if: github.event.pull_request
        run: |
          curl \
          --url "$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/actions/workflows/qns.yml/runs?branch=main&status=success&per_page=1" \
          --header "Accept: application/vnd.github.v3+json" > latest_workflow_run.json
          MAIN_SHA=$(jq --raw-output '.workflow_runs[0] | .head_sha' latest_workflow_run.json)
          rm -f latest_workflow_run.json
          echo "::set-output name=MAIN_SHA::$MAIN_SHA"

      - name: Download latest main interop result
        if: github.event.pull_request
        run: |
          rm -f prev_result.json
          wget $CDN/${{ steps.mainsha.outputs.MAIN_SHA }}/interop/logs/latest/result.json || echo '{}' > result.json
          mv result.json prev_result.json

      - name: Generate report for pull request
        if: github.event.pull_request
        run: |
          mkdir -p web/logs/latest
          MAIN_SHA=${{ steps.mainsha.outputs.MAIN_SHA }}
          python3 .github/interop/merge.py \
            --prev_version prev_result.json \
            --new_version_suffix "pr${{github.event.pull_request.number}}" \
            --new_version_url "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/pull/${{github.event.pull_request.number}}" \
            --new_version_log_url "$LOG_URL" \
            --prev_version_log_url "$CDN/$MAIN_SHA/interop/$LOG_URL" \
            --prev_version_url "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/tree/$MAIN_SHA" \
            --interop_log_url "${{ steps.download.outputs.INTEROP_LOG_URL }}" \
            latest.json \
            results/**/result.json > \
              web/logs/latest/result.json

      - name: Generate report for push to main
        if: github.event_name == 'push'
        run: |
          mkdir -p web/logs/latest
          python3 .github/interop/merge.py \
            --new_version_log_url "$LOG_URL" \
            --new_version_url "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/tree/$GITHUB_SHA" \
            --interop_log_url "${{ steps.download.outputs.INTEROP_LOG_URL }}" \
            latest.json \
            results/**/result.json > \
              web/logs/latest/result.json

      - uses: aws-actions/configure-aws-credentials@v2.2.0
        if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-west-1

      - name: Upload to S3
        if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
        id: s3
        run: |
          cp .github/interop/*.html web/
          cp .github/interop/*.js web/
          TARGET="${{ github.sha }}/interop"
          aws s3 sync web "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks
          URL="$CDN/$TARGET/index.html"
          echo "::set-output name=URL::$URL"

      - uses: ouzi-dev/commit-status-updater@v2.0.1
        if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
        with:
          name: "interop / report"
          status: "success"
          url: "${{ steps.s3.outputs.URL }}"

      - name: Check for regressions
        run: |
          python3 .github/interop/check.py \
            --required .github/interop/required.json \
            web/logs/latest/result.json

  bench:
    runs-on: ubuntu-20.04
    needs: [env, s2n-quic-qns]
    steps:
      - uses: actions/checkout@v3
        with:
          submodules: true

      - uses: actions-rs/toolchain@v1.0.7
        id: toolchain
        with:
          toolchain: stable
          override: true

      - uses: camshaft/rust-cache@v1

      - name: Install tshark
        run: |
          wget --no-verbose https://dnglbrstg7yg.cloudfront.net/tshark/v$WIRESHARK_VERSION/tshark
          chmod +x tshark
          sudo mv tshark /usr/bin
          /usr/bin/tshark -v

      - name: Install gnuplot
        run: |
          sudo apt-get -o Acquire::Retries=3 update
          sudo apt-get -o Acquire::Retries=3 install -y gnuplot

      # authenticate pull to avoid hitting pull quota
      - name: Login to Amazon Elastic Container Registry Public
        if: github.repository == github.event.pull_request.head.repo.full_name
        uses: docker/login-action@v2.2.0
        with:
          registry: public.ecr.aws
          username: ${{ secrets.AWS_ACCESS_KEY_ID }}
          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

      - name: Pull s2n-quic-qns:main
        if: github.event.pull_request
        run: docker pull public.ecr.aws/s2n/s2n-quic-qns:main

      - uses: actions/download-artifact@v3
        with:
          name: s2n-quic-qns-debug
          path: s2n-quic-qns-build/

      - uses: actions/download-artifact@v3
        with:
          name: s2n-quic-qns-release
          path: s2n-quic-qns-build/

      - name: Setup dockerfile
        working-directory: s2n-quic-qns-build
        run: |
          cp ../.github/interop/Dockerfile .
          cp ../quic/s2n-quic-qns/etc/run_endpoint.sh .

      - name: Run docker build
        working-directory: s2n-quic-qns-build
        run: |
          docker build . --file Dockerfile --tag aws/s2n-quic-qns

      - name: Run script for pull request
        if: github.event.pull_request
        run: sudo env "PATH=$PATH" "BUILD_S2N_QUIC=false" "COMPARE_TO_MAIN=true" ./scripts/benchmark/run-all

      - name: Run script for push to main
        if: github.event_name == 'push'
        run: sudo env "PATH=$PATH" "BUILD_S2N_QUIC=false" ./scripts/benchmark/run-all

      - uses: aws-actions/configure-aws-credentials@v2.2.0
        if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-west-1

      - name: Upload results
        if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
        id: s3
        run: |
          TARGET="${{ github.sha }}/bench"
          aws s3 sync target/benchmark/results "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks
          URL="$CDN/$TARGET/index.html"
          echo "::set-output name=URL::$URL"

      - uses: ouzi-dev/commit-status-updater@v2.0.1
        if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
        with:
          name: "bench / report"
          status: "success"
          url: "${{ steps.s3.outputs.URL }}"

      - name: Assert no crashes
        run: |
          ! grep -Rq 'The s2n-quic-qns application shut down unexpectedly' target/benchmark/results

  h3spec:
    runs-on: ubuntu-20.04
    needs: [s2n-quic-qns]
    strategy:
      matrix:
        tls: ["s2n-tls", "rustls"]

    steps:
      - uses: actions/download-artifact@v3
        with:
          name: s2n-quic-qns-debug

      - name: Install h3spec
        run: |
          curl -L -o h3spec https://github.com/kazu-yamamoto/h3spec/releases/download/$H3_SPEC_VERSION/h3spec-linux-x86_64
          chmod +x h3spec
          chmod +x s2n-quic-qns-debug

      - name: Run test (${{ matrix.tls }})
        # the skipped tests here require modifications to the TLS library
        # TODO remove the skips once these are fixed
        #      https://github.com/aws/s2n-quic/issues/858
        #      https://github.com/aws/s2n-quic/issues/859
        if: ${{ matrix.tls == 'rustls' }}
        run: |
          ./s2n-quic-qns-debug interop server --port 4433 --tls ${{ matrix.tls }} &
          # wait for the server to boot
          sleep 3
          ./h3spec localhost 4433 \
            ` h3spec appends the KeyUpdate message to the end of the valid Handshake data. `\
            ` s2n-quic considers the handshake "done" before it receives the bad message,  `\
            ` and instead fails because the bad message is considered leftover data. See:  `\
            ` https://github.com/aws/s2n-quic/blob/bb74c8e98adf12d805d26987fad02ffe45df97a7/quic/s2n-quic-transport/src/space/crypto_stream.rs#L64-L73 `\
            --skip "MUST send unexpected_message TLS alert if KeyUpdate in Handshake is received [TLS 6]" \
            \
            ` s2n-quic chooses to ignore CRYPTO frames in application data. See:           `\
            ` https://github.com/aws/s2n-quic/blob/bb74c8e98adf12d805d26987fad02ffe45df97a7/quic/s2n-quic-transport/src/space/application.rs#L625-L630 `\
            --skip "MUST send unexpected_message TLS alert if KeyUpdate in 1-RTT is received [TLS 6]" \
            \
            ` The quic_transport_parameters are part of the ClientHello.                   `\
            ` s2n-quic currently does not respond to malformed ClientHellos. See:          `\
            ` https://github.com/aws/s2n-quic/blob/bb74c8e98adf12d805d26987fad02ffe45df97a7/quic/s2n-quic-transport/src/endpoint/mod.rs#L725 `\
            --skip "MUST send missing_extension TLS alert if the quic_transport_parameters extension does not included [TLS 8.2]" \
            \
            ` RUSTLS specific failures.                                                    `\
            ` The quic_transport_parameters are part of the ClientHello.                   `\
            ` s2n-quic currently does not respond to malformed ClientHellos. See:          `\
            ` https://github.com/aws/s2n-quic/blob/bb74c8e98adf12d805d26987fad02ffe45df97a7/quic/s2n-quic-transport/src/endpoint/mod.rs#L725 `\
            --skip "MUST send TRANSPORT_PARAMETER_ERROR if initial_source_connection_id is missing [Transport 7.3]" \
            --skip "MUST send TRANSPORT_PARAMETER_ERROR if original_destination_connection_id is received [Transport 18.2]" \
            --skip "MUST send TRANSPORT_PARAMETER_ERROR if preferred_address, is received [Transport 18.2]" \
            --skip "MUST send TRANSPORT_PARAMETER_ERROR if retry_source_connection_id is received [Transport 18.2]" \
            --skip "MUST send TRANSPORT_PARAMETER_ERROR if stateless_reset_token is received [Transport 18.2]" \
            --skip "MUST send TRANSPORT_PARAMETER_ERROR if max_udp_payload_size < 1200 [Transport 7.4 and 18.2]" \
            --skip "MUST send TRANSPORT_PARAMETER_ERROR if ack_delay_exponen > 20 [Transport 7.4 and 18.2]" \
            --skip "MUST send TRANSPORT_PARAMETER_ERROR if max_ack_delay >= 2^14 [Transport 7.4 and 18.2]" \
            --skip "MUST send no_application_protocol TLS alert if no application protocols are supported [TLS 8.1]" \

  perf:
    runs-on: ubuntu-20.04
    needs: [quinn, s2n-quic-qns]
    strategy:
      matrix:
        include:
          - client: "quinn"
            server: "s2n-quic"
          - client: "s2n-quic"
            server: "s2n-quic"
          - client: "s2n-quic-null"
            server: "s2n-quic-null"

    steps:
      - uses: actions/checkout@v3
        with:
          submodules: true

      - uses: actions-rs/toolchain@v1.0.7
        id: toolchain
        with:
          toolchain: stable
          profile: minimal
          override: true

      - uses: camshaft/gha-perf@v0.1

      - name: Install inferno
        uses: camshaft/install@v1
        with:
          crate: inferno
          bins: inferno-collapse-perf,inferno-flamegraph

      - name: Install ultraman
        uses: camshaft/install@v1
        with:
          crate: ultraman

      - uses: actions/download-artifact@v3
        with:
          name: s2n-quic-qns-release
          path: target/release/

      - uses: actions/download-artifact@v3
        with:
          name: quinn
          path: target/perf/quinn/bin/

      - name: Setup artifacts
        run: |
          mv target/release/s2n-quic-qns-release target/release/s2n-quic-qns
          chmod +x target/release/s2n-quic-qns
          chmod +x target/perf/quinn/bin/perf_client
          chmod +x target/perf/quinn/bin/perf_server

      - name: Run script
        env:
          # ultraman wants a SHELL var to spawn tasks
          SHELL: /bin/bash
        run: |
          set -e

          # set larger socket buffers
          sudo sysctl -w net.core.wmem_default=2000000
          sudo sysctl -w net.core.rmem_default=2000000

          mkdir -p target/perf/results
          sudo env "PATH=$PATH" "SHELL=$SHELL" ./scripts/perf/test 10000 0 ${{ matrix.server }} ${{ matrix.client }}
          sudo env "PATH=$PATH" "SHELL=$SHELL" ./scripts/perf/test 7500 2500 ${{ matrix.server }} ${{ matrix.client }}
          sudo env "PATH=$PATH" "SHELL=$SHELL" ./scripts/perf/test 5000 5000 ${{ matrix.server }} ${{ matrix.client }}
          sudo env "PATH=$PATH" "SHELL=$SHELL" ./scripts/perf/test 2500 7500 ${{ matrix.server }} ${{ matrix.client }}
          sudo env "PATH=$PATH" "SHELL=$SHELL" ./scripts/perf/test 0 10000 ${{ matrix.server }} ${{ matrix.client }}
          sudo chown -R $(whoami) target/perf/results

      - name: Prepare artifacts
        run: |
          cd ./target/perf/results
          zip perf.zip **/*.script
          rm -rf **/*.script

      - uses: actions/upload-artifact@v3
        with:
          name: perf-results-${{ matrix.server }}-${{ matrix.client }}
          path: target/perf/results

  perf-report:
    runs-on: ubuntu-latest
    needs: [perf]
    steps:
      - uses: actions/checkout@v3

      # add any additional perf tests here
      - uses: actions/download-artifact@v3
        with:
          name: perf-results-s2n-quic-quinn
          path: perf-results/
      - uses: actions/download-artifact@v3
        with:
          name: perf-results-s2n-quic-s2n-quic
          path: perf-results/
      - uses: actions/download-artifact@v3
        with:
          name: perf-results-s2n-quic-null-s2n-quic-null
          path: perf-results/

      - name: Generate report
        run: |
          cd perf-results
          tree -H "." -T "Performance Results" --noreport --charset utf-8 > index.html

      - uses: aws-actions/configure-aws-credentials@v2.2.0
        if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-west-1

      - name: Upload results
        if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
        id: s3
        run: |
          TARGET="${{ github.sha }}/perf"
          aws s3 sync perf-results "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks
          URL="$CDN/$TARGET/index.html"
          echo "::set-output name=URL::$URL"

      - uses: ouzi-dev/commit-status-updater@v2.0.1
        if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
        with:
          name: "perf / report"
          status: "success"
          url: "${{ steps.s3.outputs.URL }}"

  attack:
    runs-on: ubuntu-latest
    needs: [s2n-quic-qns]
    strategy:
      matrix:
        attack: ["udp"]

    steps:
      - uses: actions/checkout@v3

      - uses: actions-rs/toolchain@v1.0.7
        id: toolchain
        with:
          toolchain: stable
          profile: minimal
          override: true

      - uses: actions/download-artifact@v3
        with:
          name: s2n-quic-qns-debug

      - name: Run cargo build
        working-directory: tools/${{ matrix.attack }}-attack
        run: cargo build --release

      - name: Start client
        working-directory: tools/${{ matrix.attack }}-attack
        run: |
          ./target/release/${{ matrix.attack }}-attack localhost:4433 &

      - name: Start server
        shell: bash
        run: |
          chmod +x ./s2n-quic-qns-debug
          # disable exiting on errors to capture the timeout status
          set +e

          timeout 5m ./s2n-quic-qns-debug interop server --port 4433
          EXIT_CODE="$?"

          set -e
          # `timeout` exits with `124` if the time limit was reached
          [[ "$EXIT_CODE" == "124" ]] || exit $EXIT_CODE