Custom headers?

[ZebraFlesh]

Is there a way to invoke lighthouse with custom headers? The lighthouse docs say you can do this via a CLI flag: https://github.com/GoogleChrome/lighthouse/blob/master/docs/authenticated-pages.md#option-3-pass-custom-request-headers-with-lighthouse-cli, but I don't see a way to pass raw Lighthouse CLI flags. I have sensitive authorization headers stored in GitHub Secrets that I don't want to add to a file on a file system (or worse, source control).

[rdok]

Absolutely there is a way!

1. Create a new file .github/workflows/lighthouserc.json with:

   {
   "ci": {
   "collect": {
     "settings": {
       "extraHeaders": {
         "Lighthouse-Key": "{{LIGHTHOUSE_KEY}}"
       }
     }
   }
   }
   }

2. Add another job step before the treosh/lighthouse-ci-action step to transpile the value using your secret:

   - name: Prepare envs
   run: |
    sed -i "s/{{LIGHTHOUSE_KEY}}/${YOUR_SECRET}/g" .github/workflows/lighthouserc.json

3. Finally set a path to this custom lighthouserc file

   uses: treosh/lighthouse-ci-action@v8
   with:
   configPath: .github/workflows/lighthouserc.json

[ZebraFlesh]

Thank you for the creative work around! Unfortunately this results in the secret landing on the disk as just a value. It could potentially find it's way into logs and other output. That's why I wanted to use the CLI flag functionality (so it would only exist in the virtual environment's memory and preferably as an environment variable; Actions would be better able to track that it's a secret value and obscure it from outputs).

Edit to add: If someone tells me, "just write your AWS access key and secret to a file during the build", that's a non-starter from a security perspective.

[rdok]

Makes sense :+1: