From 65c7da48524726832f02247eb7121f15b235739b Mon Sep 17 00:00:00 2001 From: Michael Freno Date: Wed, 13 May 2026 15:06:56 -0400 Subject: [PATCH] =?UTF-8?q?FRE-4807:=20Fix=20ci.yml=20Medium=20findings=20?= =?UTF-8?q?=E2=80=94=20SHA256=20verification=20and=20API=5FTOKEN=20validat?= =?UTF-8?q?ion?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/ci.yml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 575601b..4bd771c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -194,17 +194,29 @@ jobs: - name: Install k6 run: | - curl -s https://github.com/grafana/k6/releases/download/v0.50.0/k6-linux-amd64.tar.gz -L | tar xz + K6_VERSION="v0.50.0" + K6_URL="https://github.com/grafana/k6/releases/download/${K6_VERSION}/k6-linux-amd64.tar.gz" + K6_SHA256="d950a2408d0be2dc81aef397a7c984a1d84271d7ae94ff7a47d08371904f0800" + curl -sSL "${K6_URL}" -o k6.tar.gz + echo "${K6_SHA256} k6.tar.gz" | sha256sum --check --strict - + tar xzf k6.tar.gz sudo mv k6 /usr/local/bin/ k6 version + - name: Validate required secrets + run: | + if [ -z "$API_TOKEN" ]; then + echo "❌ LOAD_TEST_API_TOKEN secret is not set" + exit 1 + fi + - name: Run combined load tests run: | chmod +x scripts/load-test/run-all.sh ./scripts/load-test/run-all.sh env: LOAD_TEST_BASE_URL: ${{ secrets.LOAD_TEST_BASE_URL || 'http://localhost:3000' }} - API_TOKEN: ${{ secrets.LOAD_TEST_API_TOKEN || 'test-token' }} + API_TOKEN: ${{ secrets.LOAD_TEST_API_TOKEN }} TARGET_RPS: ${{ vars.LOAD_TEST_TARGET_RPS || '500' }} DURATION: ${{ vars.LOAD_TEST_DURATION || '300s' }} K6_CLOUD_TOKEN: ${{ secrets.K6_CLOUD_TOKEN || '' }}