From f35726c39e0ad9687bace63ac89d94aa33b9415b Mon Sep 17 00:00:00 2001
From: Sergio Freire <sergio.freire@gmail.com>
Date: Tue, 6 May 2025 10:18:31 +0100
Subject: [PATCH 1/7] run lighthouse tests after deploying to staging env

---
 .github/workflows/ci-lh.yml | 53 +++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 .github/workflows/ci-lh.yml

diff --git a/.github/workflows/ci-lh.yml b/.github/workflows/ci-lh.yml
new file mode 100644
index 0000000..4efa4c3
--- /dev/null
+++ b/.github/workflows/ci-lh.yml
@@ -0,0 +1,53 @@
+name: CI
+on:
+  workflow_run:
+    workflows: ["CI with LH"]
+    branches: [main]
+    types: 
+      - completed
+
+jobs:
+  deploy-staging:
+    runs-on: ubuntu-latest
+    permissions:
+        deployments: write
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    steps:
+      - uses: JorgeLNJunior/render-deploy@v1.4.5
+        with:
+          service_id: ${{ secrets.RENDER_SERVICE_ID_STAGING }}
+          api_key: ${{ secrets.RENDER_API_KEY }}
+          wait_deploy: true
+          github_deployment: true
+          deployment_environment: 'staging'
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+  lighthouse-check:
+    needs: deploy-staging
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Run Lighthouse
+        uses: foo-software/lighthouse-check-action@master
+        id: lighthouseCheck
+        with:
+          accessToken: ${{ secrets.GITHUB_TOKEN }}
+          outputDirectory: /tmp/artifacts
+          urls: '${{ vars.STAGING_URL}}'
+          prCommentEnabled: true
+          prCommentSaveOld: true
+      - name: Upload artifacts
+        uses: actions/upload-artifact@master
+        with:
+          name: Lighthouse reports
+          path: /tmp/artifacts
+      - name: Handle Lighthouse Check results
+        uses: foo-software/lighthouse-check-status-action@master
+        with:
+          lighthouseCheckResults: ${{steps.lighthouseCheck.outputs.lighthouseCheckResults }}
+          minAccessibilityScore: "95"
+          minBestPracticesScore: "95"
+          minPerformanceScore: "78"
+          minProgressiveWebAppScore: "90"
+          minSeoScore: "90"

From f8d4c7c781808c011d0a5d9d5b4ebaf0082f52d8 Mon Sep 17 00:00:00 2001
From: Sergio Freire <sergio.freire@gmail.com>
Date: Tue, 6 May 2025 10:25:23 +0100
Subject: [PATCH 2/7] add permission to write on PR

---
 .github/workflows/maven.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 7d56533..2102fee 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -26,7 +26,9 @@ jobs:
     strategy:
       matrix:
         java: [ '17', '21' ]
-        
+    permissions:
+      pull-requests: write
+
     steps:
     - uses: actions/checkout@v4
       with:

From 6cbc15b24e7b1b06b91fe70acc90e21180f0103c Mon Sep 17 00:00:00 2001
From: Sergio Freire <sergio.freire@gmail.com>
Date: Tue, 6 May 2025 10:31:33 +0100
Subject: [PATCH 3/7] merge two worklows into one for doing whole CI

---
 .github/workflows/ci-lh.yml | 53 -------------------------------------
 .github/workflows/maven.yml | 47 ++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+), 53 deletions(-)
 delete mode 100644 .github/workflows/ci-lh.yml

diff --git a/.github/workflows/ci-lh.yml b/.github/workflows/ci-lh.yml
deleted file mode 100644
index 4efa4c3..0000000
--- a/.github/workflows/ci-lh.yml
+++ /dev/null
@@ -1,53 +0,0 @@
-name: CI
-on:
-  workflow_run:
-    workflows: ["CI with LH"]
-    branches: [main]
-    types: 
-      - completed
-
-jobs:
-  deploy-staging:
-    runs-on: ubuntu-latest
-    permissions:
-        deployments: write
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
-    steps:
-      - uses: JorgeLNJunior/render-deploy@v1.4.5
-        with:
-          service_id: ${{ secrets.RENDER_SERVICE_ID_STAGING }}
-          api_key: ${{ secrets.RENDER_API_KEY }}
-          wait_deploy: true
-          github_deployment: true
-          deployment_environment: 'staging'
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-
-  lighthouse-check:
-    needs: deploy-staging
-    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
-    steps:
-      - name: Run Lighthouse
-        uses: foo-software/lighthouse-check-action@master
-        id: lighthouseCheck
-        with:
-          accessToken: ${{ secrets.GITHUB_TOKEN }}
-          outputDirectory: /tmp/artifacts
-          urls: '${{ vars.STAGING_URL}}'
-          prCommentEnabled: true
-          prCommentSaveOld: true
-      - name: Upload artifacts
-        uses: actions/upload-artifact@master
-        with:
-          name: Lighthouse reports
-          path: /tmp/artifacts
-      - name: Handle Lighthouse Check results
-        uses: foo-software/lighthouse-check-status-action@master
-        with:
-          lighthouseCheckResults: ${{steps.lighthouseCheck.outputs.lighthouseCheckResults }}
-          minAccessibilityScore: "95"
-          minBestPracticesScore: "95"
-          minPerformanceScore: "78"
-          minProgressiveWebAppScore: "90"
-          minSeoScore: "90"
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 2102fee..d103c1e 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -62,3 +62,50 @@ jobs:
         REVISON: ${{ github.ref_name}}
         TEST_ENVIRONMENT: java${{ matrix.java }}
       run: mvn -Dxray.clientId=${{ env.XRAYCLOUD_CLIENT_ID }} -Dxray.clientSecret=${{ env.XRAYCLOUD_CLIENT_SECRET }} -Dxray.testEnvironment=${{ env.TEST_ENVIRONMENT }} -Dxray.testPlanKey=${{ env.XRAYCLOUD_TEST_PLAN_KEY }} -Dxray.revision=${{ env.REVISON }} xray:import-results  
+
+  deploy-staging:
+    runs-on: ubuntu-latest
+    needs: build
+    permissions:
+        deployments: write
+
+    steps:
+      - uses: JorgeLNJunior/render-deploy@v1.4.5
+        with:
+          service_id: ${{ secrets.RENDER_SERVICE_ID_STAGING }}
+          api_key: ${{ secrets.RENDER_API_KEY }}
+          wait_deploy: true
+          github_deployment: true
+          deployment_environment: 'staging'
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+  lighthouse-check:
+    needs: deploy-staging
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Run Lighthouse
+        uses: foo-software/lighthouse-check-action@master
+        id: lighthouseCheck
+        with:
+          accessToken: ${{ secrets.GITHUB_TOKEN }}
+          outputDirectory: /tmp/artifacts
+          urls: '${{ vars.STAGING_URL}}'
+          prCommentEnabled: true
+          prCommentSaveOld: true
+      - name: Upload artifacts
+        uses: actions/upload-artifact@master
+        with:
+          name: Lighthouse reports
+          path: /tmp/artifacts
+      - name: Handle Lighthouse Check results
+        uses: foo-software/lighthouse-check-status-action@master
+        with:
+          lighthouseCheckResults: ${{steps.lighthouseCheck.outputs.lighthouseCheckResults }}
+          minAccessibilityScore: "95"
+          minBestPracticesScore: "95"
+          minPerformanceScore: "78"
+          minProgressiveWebAppScore: "90"
+          minSeoScore: "90"
+  
\ No newline at end of file

From 8680d7e9ed2a800072ba32421c633ba16ed6969e Mon Sep 17 00:00:00 2001
From: Sergio Freire <sergio.freire@gmail.com>
Date: Tue, 6 May 2025 10:43:30 +0100
Subject: [PATCH 4/7] create tmp directory before running LH

---
 .github/workflows/maven.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index d103c1e..fdb9318 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -85,6 +85,7 @@ jobs:
     permissions:
       pull-requests: write
     steps:
+      - run: mkdir /tmp/artifacts
       - name: Run Lighthouse
         uses: foo-software/lighthouse-check-action@master
         id: lighthouseCheck

From 4f9ff0d4867a9738e6b6edbe378e9ef642f98b2c Mon Sep 17 00:00:00 2001
From: Sergio Freire <sergio.freire@gmail.com>
Date: Tue, 6 May 2025 11:16:40 +0100
Subject: [PATCH 5/7] add basic k6 tests

---
 .github/workflows/maven.yml           | 13 +++++++++++++
 src/test/k6/basic_performance_test.js | 24 ++++++++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 src/test/k6/basic_performance_test.js

diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index fdb9318..446e126 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -79,6 +79,19 @@ jobs:
           deployment_environment: 'staging'
           github_token: ${{ secrets.GITHUB_TOKEN }}
 
+  k6-check:
+    runs-on: ubuntu-latest
+    needs: deploy-staging
+    steps:
+      - uses: actions/checkout@v2
+      - uses: grafana/setup-k6-action@v1
+      - uses: grafana/run-k6-action@v1
+        env:
+          K6_API_URL: ${{ vars.STAGING_URL }}
+        with:
+          path: |
+            ./src/test/k6/*.js
+
   lighthouse-check:
     needs: deploy-staging
     runs-on: ubuntu-latest
diff --git a/src/test/k6/basic_performance_test.js b/src/test/k6/basic_performance_test.js
new file mode 100644
index 0000000..673fb0e
--- /dev/null
+++ b/src/test/k6/basic_performance_test.js
@@ -0,0 +1,24 @@
+import http from 'k6/http';
+import { check } from 'k6';
+
+export const options = {
+  stages: [
+    { duration: '5s', target: 20 }, // ramp up to 20 users over 5 seconds
+    { duration: '10s', target: 20 }, // stay at 100 users for 20 seconds
+    { duration: '5s', target: 0 }, // ramp down to 0 users over 5 seconds
+  ],
+  thresholds: {
+    http_req_failed: ['rate<0.01'], // http errors should be less than 1%
+    http_req_duration: ['p(95)<500'], // 95% of requests should be below 500ms
+  },
+};
+
+export default function () {
+  // target url  should be obtained from environment variable TARGET_URL or else should be https://tutorial-spring-staging.onrender.com
+  let target_url = __ENV.K6_API_URL || 'https://tutorial-spring-staging.onrender.com';
+  const res = http.get(target_url);
+
+  check(res, {
+    'status is 200': (r) => r.status === 200,
+  });
+}
\ No newline at end of file

From 6069c788dbc12fd8f28134efca7be5bd406fc45c Mon Sep 17 00:00:00 2001
From: Sergio Freire <sergio.freire@gmail.com>
Date: Sat, 8 Nov 2025 16:36:25 +0000
Subject: [PATCH 6/7] Potential fix for code scanning alert no. 2: Workflow
 does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/maven.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 446e126..ae4def0 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -82,6 +82,8 @@ jobs:
   k6-check:
     runs-on: ubuntu-latest
     needs: deploy-staging
+    permissions:
+      contents: read
     steps:
       - uses: actions/checkout@v2
       - uses: grafana/setup-k6-action@v1

From 32dada9237c10e1be911cb970307d6eee298faea Mon Sep 17 00:00:00 2001
From: Sergio Freire <sergio.freire@gmail.com>
Date: Sat, 8 Nov 2025 16:48:49 +0000
Subject: [PATCH 7/7] k6 - 95% requests below 1s

---
 src/test/k6/basic_performance_test.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/k6/basic_performance_test.js b/src/test/k6/basic_performance_test.js
index 673fb0e..0026881 100644
--- a/src/test/k6/basic_performance_test.js
+++ b/src/test/k6/basic_performance_test.js
@@ -9,7 +9,7 @@ export const options = {
   ],
   thresholds: {
     http_req_failed: ['rate<0.01'], // http errors should be less than 1%
-    http_req_duration: ['p(95)<500'], // 95% of requests should be below 500ms
+    http_req_duration: ['p(95)<1000'], // 95% of requests should be below 1s
   },
 };