From 7412abc0a339a7f8877de045f548cc6afde412d5 Mon Sep 17 00:00:00 2001
From: Deepak Pandey <deepak@codeunia.dev>
Date: Sat, 6 Sep 2025 16:05:00 +0530
Subject: [PATCH] fix: Resolve CI/CD errors and add Vercel bypass token support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

🔧 Fixes implemented:
1. ✅ Lighthouse CI GitHub token issue - Added LHCI_TOKEN environment variable
2. ✅ Next.js build issue in security testing - Added proper build logging and increased sleep time
3. ✅ Vercel deployment protection bypass - Added VERCEL_BYPASS_TOKEN support for health checks

🎯 Health check improvements:
- Uses bypass token when available to access protected deployments
- Falls back gracefully when bypass token is not configured
- Maintains security while enabling CI/CD automation

This resolves the 401 authentication errors and build failures in the CI/CD pipeline.
---
 .github/workflows/ci-cd.yml | 25 ++++++++++++++++++++++---
 1 file changed, 22 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index ec37624d..513153bc 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -172,9 +172,12 @@ jobs:
       # Start Next.js app for security testing
       - name: Start Next.js app
         run: |
+          echo "Building Next.js app for security testing..."
           npm run build
+          echo "Starting Next.js production server..."
           npm run start &
-          sleep 10
+          echo "Waiting for app to start..."
+          sleep 15
         env:
           NODE_ENV: production
           NEXT_PUBLIC_SUPABASE_URL: ${{ secrets.NEXT_PUBLIC_SUPABASE_URL }}
@@ -462,12 +465,27 @@ jobs:
           
           # Try main health check with quick parameter (bypasses complex checks)
           echo "Testing main health check (quick mode): $DEPLOYMENT_URL/api/health?quick=true"
-          if curl -f -s --max-time 30 "$DEPLOYMENT_URL/api/health?quick=true"; then
+          # Add bypass token if available
+          if [ -n "${{ secrets.VERCEL_BYPASS_TOKEN }}" ]; then
+            HEALTH_URL="$DEPLOYMENT_URL/api/health?quick=true&x-vercel-set-bypass-cookie=true&x-vercel-protection-bypass=${{ secrets.VERCEL_BYPASS_TOKEN }}"
+            echo "Using bypass token for health check"
+          else
+            HEALTH_URL="$DEPLOYMENT_URL/api/health?quick=true"
+            echo "No bypass token available"
+          fi
+          
+          if curl -f -s --max-time 30 "$HEALTH_URL"; then
             echo "✅ Main health check passed (quick mode)"
           else
             echo "❌ Quick health check failed, trying full health check..."
             echo "Testing full health check: $DEPLOYMENT_URL/api/health"
-            if curl -f -s --max-time 60 "$DEPLOYMENT_URL/api/health"; then
+            # Try full health check with bypass token
+            if [ -n "${{ secrets.VERCEL_BYPASS_TOKEN }}" ]; then
+              FULL_HEALTH_URL="$DEPLOYMENT_URL/api/health&x-vercel-set-bypass-cookie=true&x-vercel-protection-bypass=${{ secrets.VERCEL_BYPASS_TOKEN }}"
+            else
+              FULL_HEALTH_URL="$DEPLOYMENT_URL/api/health"
+            fi
+            if curl -f -s --max-time 60 "$FULL_HEALTH_URL"; then
               echo "✅ Full health check passed"
             else
               echo "❌ Full health check also failed"
@@ -575,6 +593,7 @@ jobs:
           lhci autorun
         env:
           LHCI_GITHUB_APP_TOKEN: ${{ secrets.LHCI_GITHUB_APP_TOKEN }}
+          LHCI_TOKEN: ${{ secrets.LHCI_TOKEN }}
 
       - name: Upload performance results
         uses: actions/upload-artifact@v4