tenseleyflow/shithub / a6cb1fd

+.PHONY: help dev build test test-race lint lint-policy lint-markdown lint-secret-logs lint-spdx verify-api-docs fmt tidy clean ci assets install-tools version deploy deploy-check restore-drill bench-staging docs docs-serve docs-verify gen-third-party-notices audit-a11y audit-a11y-pa11y audit-a11y-axe load-test

+

+# --- S39 hardening ---

+audit-a11y-pa11y: ## pa11y-ci scan of anonymous routes (needs running shithub on 127.0.0.1:8080).

+	@command -v pa11y-ci >/dev/null 2>&1 || { echo "pa11y-ci not installed; npm i -g pa11y-ci"; exit 2; }

+	pa11y-ci --config tests/a11y/pa11y-config.json

+

+audit-a11y-axe: ## axe-core scan of authenticated routes (needs SHITHUB_USER + SHITHUB_PASS).

+	@command -v node >/dev/null 2>&1 || { echo "node not installed"; exit 2; }

+	node tests/a11y/axe-runner.js

+

+audit-a11y: audit-a11y-pa11y audit-a11y-axe ## Run both accessibility scans.

+

+load-test: ## Run a k6 scenario (set K6_SCENARIO=mixed-read|auth-mix|issue-comment-storm|search-load; default mixed-read).

+	@command -v k6 >/dev/null 2>&1 || { echo "k6 not installed; see https://k6.io/docs/getting-started/installation/"; exit 2; }

+	@if [ -z "$$BASE" ] && [ -z "$$BENCH_TARGET" ]; then echo "set BASE or BENCH_TARGET (e.g. https://staging.shithub.example)"; exit 2; fi

+	BASE="$${BASE:-$$BENCH_TARGET}" k6 run tests/load/k6/scenarios/$${K6_SCENARIO:-mixed-read}.js