Mike/ShieldAI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FRE-4807: Fix ci.yml Medium findings — SHA256 verification and API_TOKEN validation

Browse Source
This commit is contained in:
Michael Freno
2026-05-13 15:06:56 -04:00
parent 81173d7ab5
commit 65c7da4852
1 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
.github/workflows/ci.yml vendored
View File

@@ -194,17 +194,29 @@ jobs:
- name: Install k6 - name: Install k6
run: | run: |
curl -s https://github.com/grafana/k6/releases/download/v0.50.0/k6-linux-amd64.tar.gz -L | tar xz K6_VERSION="v0.50.0"
K6_URL="https://github.com/grafana/k6/releases/download/${K6_VERSION}/k6-linux-amd64.tar.gz"
K6_SHA256="d950a2408d0be2dc81aef397a7c984a1d84271d7ae94ff7a47d08371904f0800"
curl -sSL "${K6_URL}" -o k6.tar.gz
echo "${K6_SHA256} k6.tar.gz" | sha256sum --check --strict -
tar xzf k6.tar.gz
sudo mv k6 /usr/local/bin/ sudo mv k6 /usr/local/bin/
k6 version k6 version
- name: Validate required secrets
run: |
if [ -z "$API_TOKEN" ]; then
echo "❌ LOAD_TEST_API_TOKEN secret is not set"
exit 1
fi
- name: Run combined load tests - name: Run combined load tests
run: | run: |
chmod +x scripts/load-test/run-all.sh chmod +x scripts/load-test/run-all.sh
./scripts/load-test/run-all.sh ./scripts/load-test/run-all.sh
env: env:
LOAD_TEST_BASE_URL: ${{ secrets.LOAD_TEST_BASE_URL || 'http://localhost:3000' }} LOAD_TEST_BASE_URL: ${{ secrets.LOAD_TEST_BASE_URL || 'http://localhost:3000' }}
API_TOKEN: ${{ secrets.LOAD_TEST_API_TOKEN || 'test-token' }} API_TOKEN: ${{ secrets.LOAD_TEST_API_TOKEN }}
TARGET_RPS: ${{ vars.LOAD_TEST_TARGET_RPS || '500' }} TARGET_RPS: ${{ vars.LOAD_TEST_TARGET_RPS || '500' }}
DURATION: ${{ vars.LOAD_TEST_DURATION || '300s' }} DURATION: ${{ vars.LOAD_TEST_DURATION || '300s' }}
K6_CLOUD_TOKEN: ${{ secrets.K6_CLOUD_TOKEN || '' }} K6_CLOUD_TOKEN: ${{ secrets.K6_CLOUD_TOKEN || '' }}