Thoughts, guides and updates from us over at Artillery

Monday, September 25, 2023

Using GitHub Actions to run Fargate and Lambda tests

Earlier this year we announced the release of our official GitHub Action for running Artillery tests.

In this blog post we’ll walk you through setting up a load test using Fargate and Lambda and our official GitHub Action, including some AWS IAM permissions you may have to go set up.

Why Fargate or Lambda?

While the GitHub Action with the run command is perfectly fine for a small smoke or acceptance test, any meaningful or large load test will likely have a big resource impact on the host machine running it.

By leveraging Lambda and Fargate horizontal scaling capabilities, you can scale your test as much as you want, while still keeping all reporting going to the GitHub Action. This use-case is exactly why we open-sourced access to Fargate and Lambda, so that anyone can run distributed load tests easily from anywhere.

Setting up your test

Running tests with GitHub Actions in Fargate or Lambda is very similar from a test scenario point of view. The main difference will be in your config, as each worker in Fargate/Lambda will run a copy of the test, so we need to decide how many workers we want.

For instance, let’s say our goal is to setup a nightly test to gather a baseline of our application with 500 users per second. Take the following scenario.yml and config as an example:

Copied to clipboard!
         - arrivalRate: 100
           duration: 10m
        - arrivalRate: 10
          duration: 60s
  - name: main flow
      - get:
          url: "/"

Note: in the example above, the ci phase was set with an arrivalRate of 100, because we will use a --count of 5 workers to get to the desired 500 virtual users.

Plugging it into a GitHub Action

Now that we have our test, we can create a skeleton of a GitHub Action with it:

Copied to clipboard!
name: Running Artillery in Lambda or Fargate

    - cron: "0 12 * * *" #setup a nightly cron for midnight

  contents: read #this is needed so that checkout of repository can happen

    runs-on: ubuntu-latest

      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Run Fargate Test
        uses: artilleryio/action-cli@v1
        timeout-minutes: 15 # best practice: adding timeout in case something goes wrong with the test, so that GitHub Action won’t run for the default 6h
          command: run-fargate ./scenario.yml --count 5 --output ./report.json

      - name: Run Lambda Test
        uses: artilleryio/action-cli@v1
        timeout-minutes: 15 # best practice: adding timeout in case something goes wrong with the test, so that GitHub Action won’t run for the default 6h
          command: run-lambda ./scenario.yml --count 5 ./report.json

We’re almost there, but not quite yet! The above action would work for a run command, but it needs to have the right AWS permissions setup in order to run Lambda/Fargate tests. Let’s do that next.

AWS Permissions

Set up an IAM Role and Policy

Usually when running commands that require access to AWS from a CI/CD system, there will be a role scoped to the correct permissions needed.

We’ve tried to make this easy for you by providing guides for AWS Fargate and AWS Lambda on the permissions needed, and how to create the roles and policies.

Having a role and policy created is a pre-requisite, so make sure you do that or work with people in your organization who have the ability to do so.

Configure the GitHub Action to use them

We recommend you use AWS’s official configure-aws-credentials GitHub Action for this purpose.

The exact configuration of the GitHub Action will depend on the method used for authentication. We’ll provide you with the recommended mechanism below, but please check the documentation above for more details.

First, update your permissions in the action:

Copied to clipboard!
  contents: read # needed so that checkout of repository can happen
  id-token: write # additionally needed now for OIDC

Then, add this before Artillery tests run:

Copied to clipboard!
- name: Configure AWS Credentials
  uses: aws-actions/configure-aws-credentials@v2
    SHOW_STACK_TRACE: true # in case there are issues, this can help with debugging
    aws-region: eu-west-1
    role-to-assume: ${{ secrets.ARTILLERY_ROLE_ARN }} # arn of the role created in AWS, should be kept in GitHub Secrets
    role-session-name: OIDCSession

Note: this assumes that OIDC has been setup in the AWS account, as described in our guides. GitHub has a guide here.

If you want to use something other than OIDC, you should check the documentation on how to do it. However, it is not recommended, as otherwise you have to store long-lived credentials in GitHub Secrets.

For example, here is a guide for using static IAM credentials.

Some Extras

Playwright Tests

As our Fargate image officially supports Playwright, by running your tests in Fargate, you can easily run your Playwright Tests from GitHub Actions!

Reporting to Artillery Cloud Dashboard

While it’s currently in beta, our Artillery Cloud dashboard is the best way to complement running tests on CI, as you’ll be able to visualise runs over time easily, check historical results, and more!

Once again, there’s no changes needed to the scenario and config to report to the Dashboard, so once you have an API Key, you’ll need to pass --record to the command to report to cloud. For example:

Copied to clipboard!
- name: Run Fargate Test
  uses: artilleryio/action-cli@v1
  timeout-minutes: 15 # best practice: adding timeout in case something goes wrong with the test, so that GitHub Action won’t run for the default 6h
    command: run-fargate ./scenario.yml --count 5 --output ./report.json --record --tags ci:true,owner:qa,type:baseline # we add `--record` and a few tags to identify the test
    ARTILLERY_CLOUD_API_KEY: ${{ secrets.ARTILLERY_CLOUD_KEY }} # cloud key set in gh action secrets

Join the waitlist for Artillery Cloud to get early access to the platform!

Saving Reports

You can use the official upload-artifact GitHub Action for this:

Copied to clipboard!
- name: Upload artifact
  uses: actions/upload-artifact@v3
  if: always()
    name: artillery-report
    path: ./report.json # reference the generated report in the file system

Failure Notifications to Slack

There are many actions in the Marketplace for this. For example, you can use action-slack, and simply add something like this to the workflow:

Copied to clipboard!
- name: Notify about failures
  if: failure()
  uses: 8398a7/action-slack@v3.15.1
    status: ${{ job.status }}
    fields: repo,message,commit,author,eventName,job,took,pullRequest
    SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} # required in secrets


That’s all! Once you do this setup, your workflows will be able to run against Fargate and Lambda, and give you meaningful insights about your system performance.

Happy load testing!