Merge branch 'master' into feature/3552-grpc-tests-separate-process

Author: paulnegz

.github/ISSUE_TEMPLATE/release.md

@@ -34,7 +34,7 @@ labels: ["release"]
 - [ ] Ensure all PRs in the `k6` repository, part of the current [milestone](https://github.com/grafana/k6/milestones), have been merged.
 - [ ] Open a PR with the release notes for the new version
   - [ ] Ask teams that might have contributed to the release (e.g., k6-ecosystem, k6-docs, k6-devrel teams) to contribute their notes and review the existing ones.
-  - [ ] Remember to mention and thank [external contributors](https://github.com/search?q=user%3Agrafana+repo%3Ak6+milestone%3A%22v0.51.0%22+-author%3Amstoykov+-author%3Aoleiade+-author%3Ana--+-author%3Acodebien+-author%3Aolegbespalov+-author%3Aandrewslotin+-author%3Ajoanlopez+-author%3Aankur22+-author%3Ainancgumus+-author%3Aszkiba+-author%3Adependabot%5Bbot%5D&type=pullrequests). (**<- Update the query with the correct milestone version**).
+  - [ ] Remember to mention and thank [external contributors](https://github.com/search?q=user%3Agrafana+repo%3Ak6+milestone%3A%22v1.3.0%22+-author%3Amstoykov+-author%3Aoleiade+-author%3Ana--+-author%3Acodebien+-author%3Aolegbespalov+-author%3Aandrewslotin+-author%3Ajoanlopez+-author%3Aankur22+-author%3Ainancgumus+-author%3aszkiba+-author%3aAgnesToulet+-author%3Adependabot%5Bbot%5D&type=pullrequests). (**<- Update the query with the correct milestone version**).
 - [ ] Share the release notes PR with the k6 open-source teams. Request contributions from all affected teams (k6-chaos, k6-docs, k6-devrel, etc.) and any other stakeholders involved in the new release.
 - [ ] Open a separate PR for bumping [the k6 Go project's version](https://github.com/grafana/k6/blob/master/internal/build/version.go#L6).
 - [ ] Open a PR in the `DefinitelyTyped/DefinitelyTyped` repository using the release branch created in the grafana/k6-DefinitelyTyped fork to update the k6 type definitions for the new release.
@@ -47,16 +47,22 @@ labels: ["release"]
 
 #### Documentation
 
-- [ ] Open and merge a PR from `main` in the `k6-docs` repository, copying the current k6's `next` to a folder named with the k6 version (e.g., `v1.1.x`).
+- [ ] Open and merge a PR from `main` in the `k6-docs` repository, copying the current k6's `next` to a folder named with the k6 version (e.g., `v1.3.x`).
 - [ ] Ensure the `k6` repository release notes PR contains the correct links to the docs.
 
 #### In k6 repository
 
 - [ ] Merge the PR bumping [the k6 Go project's version](https://github.com/grafana/k6/blob/master/lib/consts/consts.go#L11-L12).
 - [ ] Merge the release notes PR.
 - [ ] Pull locally the previously merged changes.
-- [ ] Create a new long-lived `v{major}.{minor}.x` release branch from the `main` branch.
-- [ ] Checkout the new `v{major}.{minor}.x` release branch, create and push a new tag of the form `v{major}.{minor}.0` using git: _e.g._ `git tag v1.0.0 -m "v1.0.0"`.
+- [ ] Create a new long-lived `v{major}.{minor}.x` release branch from the `master` branch.
+- [ ] Create and push a new tag of the form `v{major}.{minor}.0`.
+
+!!! Update the below when making the issue
+
+```
+git checkout master && git pull && git checkout -b v1.3.x && git tag v1.3.0 -m "v1.3.0" && git push origin v1.3.0
+```
 
 #### Announcements
 

.github/dependabot.yml

@@ -1,5 +1,10 @@
 version: 2
 updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      
   - package-ecosystem: "gomod"
     directory: "/"
     schedule:

.github/workflows/browser_e2e.yml

@@ -27,7 +27,7 @@ jobs:
     runs-on: ${{ matrix.platform }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
       - name: Install Go

.github/workflows/build.yml

@@ -37,7 +37,7 @@ jobs:
       go_version: ${{ steps.get_go_version.outputs.go_version }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
           persist-credentials: false
@@ -82,7 +82,7 @@ jobs:
       VERSION: ${{ needs.configure.outputs.k6_version }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
           persist-credentials: false
@@ -148,7 +148,7 @@ jobs:
       VERSION: ${{ needs.configure.outputs.k6_version }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
           persist-credentials: false
@@ -243,7 +243,7 @@ jobs:
       VERSION: ${{ needs.configure.outputs.k6_version }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
       - name: Install pandoc
@@ -280,7 +280,7 @@ jobs:
       # version tag, or manually triggered dev builds, so we have enough
       # assurance that package signing works, but don't sign every PR build.
       - if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v') || github.event_name == 'workflow_dispatch' }}
-        uses: grafana/shared-workflows/actions/get-vault-secrets@get-vault-secrets/v1.2.1
+        uses: grafana/shared-workflows/actions/get-vault-secrets@get-vault-secrets/v1.3.0
         with:
           repo_secrets: |
             WIN_SIGN_CERT=winsign:WIN_SIGN_CERT
@@ -328,7 +328,7 @@ jobs:
        contents: write
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
       - name: Download binaries
@@ -345,7 +345,7 @@ jobs:
         run: cd dist && sha256sum * > "k6-${VERSION}-checksums.txt"
       - name: Anchore SBOM Action
         continue-on-error: true
-        uses: anchore/sbom-action@9fece9e20048ca9590af301449208b2b8861333b # v0.15.9
+        uses: anchore/sbom-action@7b36ad622f042cab6f59a75c2ac24ccb256e9b45 # v0.20.4
         with:
           artifact-name: k6-${{ env.VERSION }}-spdx.json
           upload-release-assets: false
@@ -374,7 +374,7 @@ jobs:
       id-token: write # Required for Vault
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
       - name: Download binaries
@@ -393,7 +393,7 @@ jobs:
           mv "dist/k6-$VERSION-windows-amd64.msi" "dist/k6-$VERSION-amd64.msi"
           mv "dist/k6-$VERSION-linux-amd64.rpm" "dist/k6-$VERSION-amd64.rpm"
           mv "dist/k6-$VERSION-linux-amd64.deb" "dist/k6-$VERSION-amd64.deb"
-      - uses: grafana/shared-workflows/actions/get-vault-secrets@get-vault-secrets/v1.2.1
+      - uses: grafana/shared-workflows/actions/get-vault-secrets@get-vault-secrets/v1.3.0
         with:
           repo_secrets: |
             IAM_ROLE_ARN=deploy:packager-iam-role

.github/workflows/codeql-analysis.yml

@@ -15,14 +15,14 @@ jobs:
 
     steps:
     - name: Checkout repo
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
       with:
         persist-credentials: false
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+      uses: github/codeql-action/init@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5
       with:
         languages: go
 
     - name: CodeQL Analysis
-      uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+      uses: github/codeql-action/analyze@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5

.github/workflows/lint.yml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
           fetch-depth: 0
@@ -39,7 +39,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
           fetch-depth: 0

.github/workflows/packager.yml

@@ -22,7 +22,7 @@ jobs:
       packages: write
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
       - name: Build

.github/workflows/tc39.yml

@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
       - name: Install Go

.github/workflows/test.yml

@@ -14,6 +14,7 @@ permissions:
 
 jobs:
   test-prev:
+    if: ${{ github.ref == 'refs/heads/master' }}
     strategy:
       fail-fast: false
       matrix:
@@ -22,7 +23,7 @@ jobs:
     runs-on: ${{ matrix.platform }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
           persist-credentials: false
@@ -47,11 +48,13 @@ jobs:
           go version
           export GOMAXPROCS=2
           args=("-p" "2" "-race")
-          # Run with less concurrency on Windows/MacOS/ARM to minimize flakiness.
-          if [[ "${{ matrix.platform }}" == windows* || "${{ matrix.platform }}" == macos*  || "${{ matrix.platform }}" == *arm ]]; then
-            unset args[2]
+          # Run with less concurrency on Windows/ARM to minimize flakiness.
+          if [[ "${{ matrix.platform }}" == windows* || "${{ matrix.platform }}" == *arm ]]; then
             args[1]="1"
             export GOMAXPROCS=1
+            if [[ "${{ matrix.platform }}" == windows* ]]; then
+              unset args[2]
+            fi
           fi
           go test "${args[@]}" -timeout 800s ./...
 
@@ -64,7 +67,7 @@ jobs:
     continue-on-error: true
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
       - name: Download Go tip
@@ -92,27 +95,26 @@ jobs:
           go version
           export GOMAXPROCS=2
           args=("-p" "2" "-race")
-          # Run with less concurrency on Windows/MacOS/ARM to minimize flakiness.
-          if [[ "${{ matrix.platform }}" == windows* || "${{ matrix.platform }}" == macos*  || "${{ matrix.platform }}" == *arm ]]; then
-            unset args[2]
+          # Run with less concurrency on Windows/ARM to minimize flakiness.
+          if [[ "${{ matrix.platform }}" == windows* || "${{ matrix.platform }}" == *arm ]]; then
             args[1]="1"
             export GOMAXPROCS=1
+            if [[ "${{ matrix.platform }}" == windows* ]]; then
+              unset args[2]
+            fi
           fi
           go test "${args[@]}" -timeout 800s ./...
 
-  test-current-cov:
+  test-latest:
     strategy:
       fail-fast: false
       matrix:
         go-version: [1.24.x]
         platform: [ubuntu-22.04, ubuntu-24.04-arm, windows-latest]
-    permissions: # required for Vault
-      id-token: write
-      contents: read
     runs-on: ${{ matrix.platform }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
       - name: Install Go
@@ -126,54 +128,18 @@ jobs:
         run: |
           sudo apt update && sudo apt install chromium-browser
           chromium --version
-      - name: Run tests with code coverage
+      - name: Run tests
         run: |
+          set -x
           go version
           export GOMAXPROCS=2
           args=("-p" "2" "-race")
-          # Run with less concurrency on Windows/MacOS/ARM to minimize flakiness.
-          if [[ "${{ matrix.platform }}" == windows* || "${{ matrix.platform }}" == macos* || "${{ matrix.platform }}" == *arm ]]; then
-            unset args[2]
+          # Run with less concurrency on Windows/ARM to minimize flakiness.
+          if [[ "${{ matrix.platform }}" == windows* || "${{ matrix.platform }}" == *arm ]]; then
             args[1]="1"
             export GOMAXPROCS=1
+            if [[ "${{ matrix.platform }}" == windows* ]]; then
+              unset args[2]
+            fi
           fi
-          echo "mode: set" > coverage.txt
-          for pkg in $(go list ./... | grep -v vendor); do
-              list=$(go list -test -f  '{{ join .Deps  "\n"}}' $pkg | grep go.k6.io/k6 | grep -v vendor || true)
-              if [ -n "$list" ]; then
-                  list=$(echo "$list" | cut -f1 -d ' ' | sort -u | paste -sd, -)
-              fi
-
-              go test "${args[@]}" -timeout 800s --coverpkg="$list" -coverprofile=$(echo $pkg | tr / -).coverage $pkg
-          done
-          grep -h -v "^mode:" *.coverage >> coverage.txt
-          rm -f *.coverage
-      # Sets CODECOV_TOKEN as an environment variable for the next step
-      - name: Get Codecov token
-        # Skip this step if the PR is from a fork, as we can't fetch secrets for forks.
-        if: github.event.pull_request.head.repo.full_name == github.repository
-        uses: grafana/shared-workflows/actions/get-vault-secrets@get-vault-secrets/v1.2.1
-        with:
-          repo_secrets: |
-            CODECOV_TOKEN=CODECOV_TOKEN:CODECOV_TOKEN
-      - name: Upload coverage to Codecov
-        if: github.event.pull_request.head.repo.full_name == github.repository
-        env:
-          CODECOV_BASH_VERSION: 1.0.1
-          CODECOV_BASH_SHA512SUM: d075b412a362a9a2b7aedfec3b8b9a9a927b3b99e98c7c15a2b76ef09862aeb005e91d76a5fd71b511141496d0fd23d1b42095f722ebcd509d768fba030f159e
-        run: |
-          if [[ "${{ matrix.platform }}" == macos* ]]; then
-            shopt -s expand_aliases
-            alias sha512sum='shasum -a 512'
-          fi
-          curl -fsSLO "https://raw.githubusercontent.com/codecov/codecov-bash/${CODECOV_BASH_VERSION}/codecov"
-          echo "$CODECOV_BASH_SHA512SUM  codecov" | sha512sum -c -
-          platform="${{ matrix.platform }}"
-          bash ./codecov -F "${platform%%-*}"
-      - name: Generate coverage HTML report
-        run: go tool cover -html=coverage.txt -o coverage.html
-      - name: Upload coverage report
-        uses: actions/upload-artifact@v4
-        with:
-          name: test-coverage-report-${{ matrix.platform }}
-          path: coverage.html
+          go test "${args[@]}" -timeout 800s ./...

.github/workflows/trivy.yml

@@ -21,14 +21,14 @@ jobs:
     if: github.repository == 'grafana/k6' # avoid running on forks
     steps:
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@22d2755f774d925b191a185b74e782a4b0638a41 # v0.15.0
+        uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 # v0.32.0
         with:
           image-ref: 'grafana/k6:master'
           format: 'sarif'
           output: 'trivy-results.sarif'
           severity: 'CRITICAL,HIGH,MEDIUM'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@4c3e5362829f0b0bb62ff5f6c938d7f95574c306 # v2.21.1
+        uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v2.21.1
         with:
           sarif_file: 'trivy-results.sarif'