lighthouse-ci-action
lighthouse-ci-action copied to clipboard
treosh
Custom headers?
Is there a way to invoke lighthouse with custom headers? The lighthouse docs say you can do this via a CLI flag: https://github.com/GoogleChrome/lighthouse/blob/master/docs/authenticated-pages.md#option-3-pass-custom-request-headers-with-lighthouse-cli, but I don't see a way to pass raw Lighthouse CLI flags. I have sensitive authorization headers stored in GitHub Secrets that I don't want to add to a file on a file system (or worse, source control).
Absolutely there is a way!
- Create a new file
.github/workflows/lighthouserc.jsonwith:
{
"ci": {
"collect": {
"settings": {
"extraHeaders": {
"Lighthouse-Key": "{{LIGHTHOUSE_KEY}}"
}
}
}
}
}
- Add another job step before the
treosh/lighthouse-ci-actionstep to transpile the value using your secret:
- name: Prepare envs
run: |
sed -i "s/{{LIGHTHOUSE_KEY}}/${YOUR_SECRET}/g" .github/workflows/lighthouserc.json
- Finally set a path to this custom lighthouserc file
uses: treosh/lighthouse-ci-action@v8
with:
configPath: .github/workflows/lighthouserc.json
Thank you for the creative work around! Unfortunately this results in the secret landing on the disk as just a value. It could potentially find it's way into logs and other output. That's why I wanted to use the CLI flag functionality (so it would only exist in the virtual environment's memory and preferably as an environment variable; Actions would be better able to track that it's a secret value and obscure it from outputs).
Edit to add: If someone tells me, "just write your AWS access key and secret to a file during the build", that's a non-starter from a security perspective.