From fef756d2ee4e82c55417b6c224832b2923d6dfbd Mon Sep 17 00:00:00 2001 From: Deepak Pandey Date: Sat, 6 Sep 2025 19:37:19 +0530 Subject: [PATCH 1/2] fix: Simplify Lighthouse CI command to avoid YAML parsing issues - Replace complex inline JSON config with simple CLI flags - Use --assert.assertions.*=warn flags to change error level to warning - This should resolve the workflow file parsing error --- .github/workflows/ci-cd.yml | 39 +------------------------------------ 1 file changed, 1 insertion(+), 38 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index f046abb3..c1f6fcb4 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -590,44 +590,7 @@ jobs: - name: Run Lighthouse CI run: | npm install -g @lhci/cli@0.12.x - lhci autorun --config='{ - "ci": { - "collect": { - "url": [ - "http://localhost:3000/", - "http://localhost:3000/about", - "http://localhost:3000/hackathons", - "http://localhost:3000/leaderboard", - "http://localhost:3000/auth/signin", - "http://localhost:3000/protected/dashboard" - ], - "startServerCommand": "npm run build && npm run start", - "startServerReadyPattern": "Ready in|ready on|Local:", - "startServerReadyTimeout": 120000, - "numberOfRuns": 1, - "settings": { - "chromeFlags": "--no-sandbox --disable-dev-shm-usage --disable-gpu", - "preset": "desktop" - } - }, - "assert": { - "assertions": { - "categories:performance": ["warn", {"minScore": 0.6}], - "categories:accessibility": ["warn", {"minScore": 0.85}], - "categories:best-practices": ["warn", {"minScore": 0.85}], - "categories:seo": ["warn", {"minScore": 0.8}], - "first-contentful-paint": ["warn", {"maxNumericValue": 3000}], - "largest-contentful-paint": ["warn", {"maxNumericValue": 4000}], - "cumulative-layout-shift": ["warn", {"maxNumericValue": 0.15}], - "total-blocking-time": ["warn", {"maxNumericValue": 1000}], - "speed-index": ["warn", {"maxNumericValue": 5000}] - } - }, - "upload": { - "target": "temporary-public-storage" - } - } - }' + lhci autorun --assert.assertions.categories:performance=warn --assert.assertions.categories:accessibility=warn --assert.assertions.categories:best-practices=warn --assert.assertions.categories:seo=warn --assert.assertions.first-contentful-paint=warn --assert.assertions.largest-contentful-paint=warn --assert.assertions.cumulative-layout-shift=warn --assert.assertions.total-blocking-time=warn --assert.assertions.speed-index=warn env: LHCI_GITHUB_APP_TOKEN: ${{ secrets.LHCI_GITHUB_APP_TOKEN }} LHCI_TOKEN: ${{ secrets.LHCI_TOKEN }} From 3b0bda0ff8116d9322d65631c2fba41dc347ba96 Mon Sep 17 00:00:00 2001 From: Deepak Pandey Date: Sat, 6 Sep 2025 19:44:52 +0530 Subject: [PATCH 2/2] security: Remove unnecessary Supabase secrets from Lighthouse CI step - Remove NEXT_PUBLIC_SUPABASE_URL, NEXT_PUBLIC_SUPABASE_ANON_KEY, and SUPABASE_SERVICE_ROLE_KEY - These environment variables are not used by lhci command - Follows principle of least privilege to prevent accidental exposure - Service role key should never be present in client contexts --- .github/workflows/ci-cd.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 6ea3bd63..c1f6fcb4 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -595,9 +595,6 @@ jobs: LHCI_GITHUB_APP_TOKEN: ${{ secrets.LHCI_GITHUB_APP_TOKEN }} LHCI_TOKEN: ${{ secrets.LHCI_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - NEXT_PUBLIC_SUPABASE_URL: ${{ secrets.NEXT_PUBLIC_SUPABASE_URL }} - NEXT_PUBLIC_SUPABASE_ANON_KEY: ${{ secrets.NEXT_PUBLIC_SUPABASE_ANON_KEY }} - SUPABASE_SERVICE_ROLE_KEY: ${{ secrets.SUPABASE_SERVICE_ROLE_KEY }} - name: Upload performance results uses: actions/upload-artifact@v4