Replace legacy k6-action in test workflows

[hggutvik]

Description

• Formats YAML in relevant workflows (view separately in initial commit - use this diff to see only the other (non-whitespace) changes)
• Adds the grafana/setup-k6-action step after the checkout step in all relevant workflows
• Replace all uses of grafana/k6-action with grafana/run-k6-action
  • Only change required is replacing parameter filename with path
• Marks SLACK_WEBHOOK_URL_TEST as a required secret in regression-test-ATX.yml
  • An improvement that is unrelated the other changes of this PR. See comment from CodeRabbit for motivation

Related Issue(s)

• https://github.com/Altinn/team-core-private/issues/266

Verification

• Your code builds clean without any errors or warnings
• Manual testing done (required)
• Relevant automated test added (if you find this hard, leave it and we'll help out)
• All tests run green
  • Regression test for AT22 has been run in the PR, https://github.com/Altinn/altinn-events/actions/runs/19739062504

Documentation

• User documentation is updated with a separate linked PR in altinn-studio-docs. (if applicable)

Summary by CodeRabbit

• Chores
  • Modernized regression test workflows across all environments with improved execution patterns and updated infrastructure.
  • Enhanced environment variable handling with better fallback defaults to increase testing reliability and prevent runtime errors.
  • Streamlined CI/CD configuration for improved consistency.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

GitHub Actions workflows refactored to replace grafana/k6-action with grafana/setup-k6-action and grafana/run-k6-action, switching from filename-based to path-based test inputs. Test files updated to source environment variables from __ENV.altinn_env instead of __ENV.env with fallback defaults.

Changes

Cohort / File(s)	Summary
Workflow refactoring to modular k6 action pattern .github/workflows/regression-test-ATX.yml, .github/workflows/regression-test-PROD.yaml, .github/workflows/regression-test-TT02.yaml, .github/workflows/use-case-ATX.yaml, .github/workflows/use-case-PROD.yaml, .github/workflows/use-case-TT02.yaml	Replaced direct grafana/k6-action invocations with a two-step pattern: grafana/setup-k6-action for initialization, then grafana/run-k6-action for test execution. Changed test inputs from filename-based to path-based references. Updated Slack webhook configuration in ATX workflow to use dedicated test webhook. Added consolidated environment variable declarations in regression-test-ATX workflow.
Environment variable sourcing updates test/k6/src/api/token-generator.js, test/k6/src/config.js, test/k6/src/setup.js, test/k6/src/tests/subscriptions.js, test/k6/src/tests/app-events.js	Changed environment variable references from __ENV.env to __ENV.altinn_env with fallback defaults (empty string or 'defaultVal'). Added safe property access (`

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Homogeneous changes: The k6 action refactoring follows an identical pattern across all six workflow files, reducing cognitive load per file
• Environment variable updates: Five test files receive consistent, straightforward variable naming changes with predictable fallback patterns
• Low logic density: Changes are primarily structural (workflow step ordering, variable naming) without new conditional logic or complex interactions
• Risk areas to verify:
  • Confirm path-based inputs correctly resolve to test files in grafana/run-k6-action invocations
  • Validate that __ENV.altinn_env is properly populated by workflow environment declarations
  • Ensure fallback defaults ('' or 'defaultVal') produce expected behavior when variables are unset

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and specifically summarizes the main change: replacing the legacy grafana/k6-action with grafana/run-k6-action and grafana/setup-k6-action across all test workflows.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch techdebt/replace-k6-action

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 925dc8e and a1092f3.

📒 Files selected for processing (1)

• .github/workflows/regression-test-ATX.yml (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-04-24T06:59:32.575Z

Learnt from: hggutvik
Repo: Altinn/altinn-events PR: 715
File: .github/workflows/regression-test-TT02.yaml:13-13
Timestamp: 2025-04-24T06:59:32.575Z
Learning: When reviewing GitHub Actions workflows, using commit SHAs (rather than just semver tags) is a security best practice that prevents supply chain attacks. The pattern of using a commit SHA with a version comment (e.g., `11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2`) provides both security and readability, and is supported by automated tools like Dependabot and Renovate.

Applied to files:

• .github/workflows/regression-test-ATX.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Analyze (csharp, autobuild)

🔇 Additional comments (1)

.github/workflows/regression-test-ATX.yml (1)

22-74: Excellent work addressing the previous concerns.

The workflow has been successfully updated with the following improvements:

1. SLACK_WEBHOOK_URL_TEST is now properly used (line 74). The secret, previously flagged as unused, is now correctly consumed by the Slack failure reporting step.
2. All action references use commit SHAs (lines 37, 39, 41, 47, 52, 57, 71), following security best practices to prevent supply chain attacks.
3. Environment variables are cleanly centralized (lines 31–35) at the job level, eliminating per-step duplication.
4. Path parameters are correct with no double slashes—the previous typo has been resolved.
5. Migration from filename to path parameter is complete and consistent across all k6 action invocations.

The refactoring successfully replaces the legacy k6 action with the new setup and run pattern while maintaining proper secret handling and environmental configuration.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

.github/workflows/regression-test-ATX.yml (1)

9-21: Add missing Slack webhook secret to required secrets.

The workflow references ${{ secrets.SLACK_WEBHOOK_URL_TEST }} at line 71, but this secret is not declared in the required secrets list (lines 9–21). This will cause the workflow to fail when invoked as a reusable workflow.

Add the missing secret to the workflow inputs:

       secrets:
         WEBHOOK_ENDPOINT:
           required: true
+      SLACK_WEBHOOK_URL_TEST:
+        required: true

Also applies to: 71-71

.github/workflows/use-case-TT02.yaml (1)

48-58: Confirm TT02 test environment uses PROD webhook secret—likely misconfiguration.

The workflow explicitly defines environment: TT02 and runs scheduled test automation every 15 minutes against a test environment. However, it uses ${{ secrets.SLACK_WEBHOOK_URL_PROD }} for Slack notifications, inconsistent with the pattern used by other test environments (e.g., ATX workflow uses ${{ secrets.SLACK_WEBHOOK_URL_TEST }}).

This issue also appears in regression-test-TT02.yaml at line 53, suggesting a systematic copy-paste error across TT02 workflows.

Update line 53 to use the appropriate test webhook secret, such as ${{ secrets.SLACK_WEBHOOK_URL_TEST }}.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5fb3389 and 4c7c67b.

📒 Files selected for processing (6)

• .github/workflows/regression-test-ATX.yml (1 hunks)
• .github/workflows/regression-test-PROD.yaml (2 hunks)
• .github/workflows/regression-test-TT02.yaml (2 hunks)
• .github/workflows/use-case-ATX.yaml (2 hunks)
• .github/workflows/use-case-PROD.yaml (2 hunks)
• .github/workflows/use-case-TT02.yaml (2 hunks)

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: hggutvik
Repo: Altinn/altinn-events PR: 715
File: .github/workflows/regression-test-TT02.yaml:13-13
Timestamp: 2025-04-24T06:59:32.575Z
Learning: When reviewing GitHub Actions workflows, using commit SHAs (rather than just semver tags) is a security best practice that prevents supply chain attacks. The pattern of using a commit SHA with a version comment (e.g., `11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2`) provides both security and readability, and is supported by automated tools like Dependabot and Renovate.

🪛 actionlint (1.7.8)

.github/workflows/regression-test-ATX.yml

71-71: property "slack_webhook_url_test" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; github_token: string; party_id: string; person_number: string; tokengenerator_username: string; tokengenerator_userpassword: string; user_id: string; webhook_endpoint: string}

(expression)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Analyze (csharp, autobuild)

🔇 Additional comments (10)

.github/workflows/regression-test-TT02.yaml (2)

15-17: Security posture: commit SHA pinning is correct. ✓

All action references use commit SHAs with version comments (e.g., 93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1), which is a security best practice that prevents supply chain attacks and is consistent with your established patterns.

---

16-40: I'll help you verify the concerns in this review comment about the k6 action migration. Let me start by checking the test file paths and then investigate the action compatibility.
<function_calls>


#!/bin/bash

Verify that all k6 test file paths exist

paths=(
"test/k6/src/tests/app-events.js"
"test/k6/src/tests/events/post.js"
"test/k6/src/tests/events/get.js"
"test/k6/src/tests/subscriptions.js"
)

echo "Checking k6 test file paths..."
missing=0
for path in "${paths[@]}"; do
if [ -f "$path" ]; then
echo "✓ $path"
else
echo "✗ $path (NOT FOUND)"
((missing++))
fi
done

if [ $missing -eq 0 ]; then
echo "All paths exist."
exit 0
else
echo "$missing path(s) not found."
exit 1
fi


</function_calls>

Now let me search for information about the action compatibility:
<function_calls>

grafana setup-k6-action v1.1.0 run-k6-action v1.3.1 compatibility

</function_calls>

<function_calls>

grafana/setup-k6-action github documentation path parameter

</function_calls>

.github/workflows/regression-test-PROD.yaml (6)

15-17: ✓ Actions use commit SHA references with version tags.

Security best practice is followed: both actions/checkout and grafana/setup-k6-action are pinned to specific commit SHAs with version comments for readability and auditability.

---

41-58: ✓ Failure reporting logic preserved and well-structured.

The build failure report and Slack notification steps are correctly maintained with proper conditional logic (if: failure()), ensuring they only execute when tests fail. Step ordering is logical: report generation precedes notification.

---

15-17: ✓ Actions use commit SHA references with version tags.

Security best practice is followed: both actions/checkout and grafana/setup-k6-action are pinned to specific commit SHAs with version comments for readability and auditability. Based on learnings, this supply-chain security approach is preferred.

---

19-40: ✓ Parameter migration from filename to path is correct.

The grafana/run-k6-action action uses path: as its input parameter, so the refactoring correctly updates all four test invocations (lines 19, 25, 31, 37) from the legacy filename: syntax. All run-k6-action steps use the same commit SHA reference, ensuring consistency. The if: always() conditions on subsequent steps appropriately ensure all test suites execute sequentially regardless of prior failures.

---

41-58: ✓ Failure reporting logic is preserved and well-structured.

The build failure report and Slack notification steps are correctly maintained with proper conditional logic (if: failure()), ensuring they only execute when tests fail. Step ordering is logical: report generation precedes notification, and the Slack webhook configuration is intact.

---

19-40: Parameter path is correct for grafana/[email protected].

The refactoring correctly uses the path parameter, which is the required input for grafana/run-k6-action v1.3.1 (not filename). All run-k6-action steps are well-formed: they use consistent commit SHA pinning (same SHA across all invocations), maintain proper indentation, and correctly apply if: always() to ensure subsequent tests execute even if prior ones fail.

.github/workflows/use-case-PROD.yaml (1)

15-58: Well-structured k6 action migration.

The setup-k6-action followed by multiple run-k6-action invocations follows the documented pattern for the new k6 GitHub Actions. All action versions use commit SHAs with version comments, which aligns with security best practices per learnings. Path parameters are correctly formatted, and environment secrets are appropriately scoped to the PROD environment.

.github/workflows/use-case-ATX.yaml (1)

19-44: Overall migration structure is solid.

The setup-k6-action step followed by run-k6-action invocations follows the documented pattern. All action versions correctly use commit SHAs with version tags (security best practice per learnings). The matrix strategy with multiple AT environments and the use of if: always() on subsequent tests ensures proper test continuation on failures.

Aside from the path typo on line 43, confirm that the matrix-based dynamic environment variable propagation (e.g., ${{ vars.ENV }} and ${{ matrix.environment }}) is correctly configured in your GitHub environments for AT22, AT23, and AT24.

Outdated, we decided to test on this branch first.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7783562 and f3f7581.

📒 Files selected for processing (1)

• .github/workflows/regression-test-ATX.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Analyze (csharp, autobuild)

🔇 Additional comments (3)

.github/workflows/regression-test-ATX.yml (3)

30-30: Environment context added correctly.

The job now explicitly sets environment: ${{ inputs.environment }}, which is the correct way to associate the workflow with the specified deployment environment and its protection rules.

---

32-34: Checkout and k6 setup steps look good.

The addition of grafana/setup-k6-action@ffe7d7290dfa715e48c2ccc924d068444c94bde2 # v1.1.0 immediately after checkout follows the standard pattern and ensures k6 is available for subsequent steps.

---

35-56: Test execution steps migrated correctly to run-k6-action.

The four test steps properly use:

• Path-based parameter (path: instead of legacy filename:)
• Conditional execution (if: always()) to ensure all tests run even if an earlier test fails
• Consistent environment and secret passing via flags
• Pinned action version (grafana/run-k6-action@a15e2072ede004e8d46141e33d7f7dad8ad08d9d # v1.3.1)

The migration from the legacy k6-action to run-k6-action appears complete and correct.

Verify that the pinned versions of grafana/setup-k6-action@ffe7d7290dfa715e48c2ccc924d068444c94bde2 and grafana/run-k6-action@a15e2072ede004e8d46141e33d7f7dad8ad08d9d are current and secure. You may want to check the Grafana Actions releases or update to the latest stable versions if needed.

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9d72cff and 424b21c.

📒 Files selected for processing (5)

• .github/workflows/regression-test-ATX.yml (1 hunks)
• test/k6/src/api/token-generator.js (1 hunks)
• test/k6/src/config.js (1 hunks)
• test/k6/src/setup.js (1 hunks)
• test/k6/src/tests/subscriptions.js (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• test/k6/src/api/token-generator.js

🧰 Additional context used

🧬 Code graph analysis (2)

test/k6/src/tests/subscriptions.js (1)

test/k6/src/tests/app-events.js (1)

• app (34-34)

test/k6/src/setup.js (2)

test/k6/src/config.js (1)

• environment (27-27)

test/k6/src/api/token-generator.js (1)

• environment (11-11)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Analyze (csharp, autobuild)

🔇 Additional comments (2)

.github/workflows/regression-test-ATX.yml (2)

31-35: LGTM! Environment configuration aligns with test expectations.

The job-level environment variables properly map workflow inputs and secrets to the expected environment variable names used in the k6 test scripts. The ALTINN_ENV variable correctly replaces the legacy env pattern used in previous test invocations.

---

37-60: LGTM! k6 action migration follows best practices.

The workflow correctly adopts the modular pattern: a single setup-k6-action step followed by multiple run-k6-action invocations. The use of if: always() ensures all regression tests execute even if earlier tests fail, which is appropriate for comprehensive regression testing. Action versions are pinned to specific commit SHAs for supply chain security.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Invalid fallback value for environment variable.

The fallback value 'defaultVal' is not a valid key in the baseUrls object (lines 2-8), which will cause baseUrl to be undefined when ALTINN_ENV is not set. This will result in malformed URLs throughout the configuration (e.g., "https://platform.undefined/events/...").

Consider using a valid environment key as the fallback (e.g., 'at22' for a test environment) or explicitly handling the undefined case.

Apply this diff to use a valid test environment as fallback:

-const environment = (__ENV.ALTINN_ENV || 'defaultVal').toLowerCase();
+const environment = (__ENV.ALTINN_ENV || 'at22').toLowerCase();

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const environment = (__ENV.ALTINN_ENV || 'defaultVal').toLowerCase();
	const environment = (__ENV.ALTINN_ENV || 'at22').toLowerCase();

🤖 Prompt for AI Agents

In test/k6/src/config.js around line 27, the fallback value 'defaultVal' for
(__ENV.ALTINN_ENV || 'defaultVal').toLowerCase() is not a valid key in the
baseUrls map and leads to baseUrl being undefined; replace the fallback with a
valid test environment key (for example 'at22') or explicitly handle the
undefined case by checking (__ENV.ALTINN_ENV ? __ENV.ALTINN_ENV.toLowerCase() :
'at22') so that a known valid environment is used when ALTINN_ENV is not set.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Same invalid fallback value as in config.js.

The fallback value 'defaultVal' is not a valid environment identifier. While the impact here is less severe than in config.js (the conditional checks on lines 14 and 30 will simply not match and fall through to the token generator path), it's better to use a valid test environment key for consistency across the test suite.

Apply this diff to align with the suggested fix in config.js:

-const environment = (__ENV.ALTINN_ENV || 'defaultVal').toLowerCase();
+const environment = (__ENV.ALTINN_ENV || 'at22').toLowerCase();

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const environment = (__ENV.ALTINN_ENV || 'defaultVal').toLowerCase();
	const environment = (__ENV.ALTINN_ENV || 'at22').toLowerCase();

🤖 Prompt for AI Agents

In test/k6/src/setup.js around line 6, the fallback string 'defaultVal' is not a
valid environment key; replace it with the same valid test environment key used
in config.js (for example 'local' or whatever key config.js uses) so the line
becomes the same fallback as config.js and then call toLowerCase() as before.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (2)

test/k6/src/config.js (1)

27-28: Empty string fallback still causes undefined baseUrl.

The fallback value '' (empty string) is not a valid key in the baseUrls object (lines 2-8), which will cause baseUrl to be undefined when altinn_env is not set. This results in malformed URLs throughout the configuration (e.g., "https://platform.undefined/events/...").

Use a valid test environment key as the fallback (e.g., 'at22') to ensure proper URL construction.

Apply this diff:

-const environment = (__ENV.altinn_env || '').toLowerCase();
+const environment = (__ENV.altinn_env || 'at22').toLowerCase();

test/k6/src/setup.js (1)

6-6: Empty string fallback creates inconsistency and potential issues.

The fallback value '' (empty string) creates two problems:

1. Inconsistency across files: test/k6/src/api/token-generator.js uses 'defaultVal' as fallback (line 9), while this file and config.js now use ''. All files should use the same valid test environment key.

2. Suboptimal fallback: While the empty string won't crash (the conditionals on lines 14 and 30 simply won't match), it passes an empty env parameter to the token generator (line 20), which may cause issues.

Use a valid test environment key like 'at22' consistently across all files.

Apply this diff:

-const environment = (__ENV.altinn_env || '').toLowerCase();
+const environment = (__ENV.altinn_env || 'at22').toLowerCase();

🧹 Nitpick comments (1)

test/k6/src/tests/app-events.js (1)

34-34: Good defensive change to prevent runtime errors.

The fallback to empty string prevents crashes when __ENV.app is undefined. This is a solid improvement over the previous code that would throw an error.

Note that an empty app value may still cause issues in downstream API calls (line 68). Consider adding validation to provide a clearer error message if app is required.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8d72dfd and 925dc8e.

📒 Files selected for processing (3)

• test/k6/src/config.js (1 hunks)
• test/k6/src/setup.js (1 hunks)
• test/k6/src/tests/app-events.js (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (3)

test/k6/src/setup.js (2)

test/k6/src/config.js (1)

• environment (27-27)

test/k6/src/api/token-generator.js (1)

• environment (10-10)

test/k6/src/tests/app-events.js (1)

test/k6/src/tests/subscriptions.js (1)

• app (39-39)

test/k6/src/config.js (2)

test/k6/src/setup.js (1)

• environment (6-6)

test/k6/src/api/token-generator.js (1)

• environment (10-10)