Include Scorecard annotations #1156
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Pa11y Testing | |
| # yamllint disable-line rule:truthy | |
| on: | |
| pull_request: | |
| workflow_dispatch: | |
| permissions: read-all | |
| concurrency: | |
| group: ${{ github.ref }}-${{ github.workflow }} | |
| cancel-in-progress: true | |
| jobs: | |
| pa11y: | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| issues: write | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # [email protected] | |
| - name: Install Chrome | |
| uses: browser-actions/setup-chrome@facf10a55b9caf92e0cc749b4f82bf8220989148 # [email protected] | |
| # We're no longer building the site, so we don't need | |
| # to use the site's version of Node -- just something | |
| # that's supposed by Cloud.gov Pages (currently 18.19.0) | |
| - name: Checkout repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # [email protected] | |
| - name: Use Node | |
| uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # pin@v3 | |
| with: | |
| node-version: "18" | |
| - name: Install dependencies | |
| run: npm ci --production=false && pip install --require-hashes -r requirements.txt | |
| - name: Setup custom variables | |
| id: customvars | |
| run: | | |
| ( echo -n "BASE_URL=" | |
| if [ -n "${{ vars.BASE_URL }}" ] ; then | |
| echo "${{ vars.BASE_URL }}" | |
| else | |
| echo "https://federalist-a2423046-fe43-4e75-a2ef-2651e5e123ca.sites.pages.cloud.gov/preview/gsa-tts/tts.gsa.gov/" | |
| fi | |
| echo -n "URL_PATH=" | |
| if [ -n "${{ vars.URL_PATH }}" ] ; then | |
| echo "${{ vars.URL_PATH }}/" | |
| elif [ -n "${GITHUB_HEAD_REF:-}" ] ; then | |
| echo "${GITHUB_HEAD_REF}/" | |
| else | |
| echo "staging/" | |
| fi | |
| echo -n "DELAY_SECONDS=" | |
| if [ -n "${{ vars.DELAY_SECONDS }}" ] ; then | |
| echo "${{ vars.DELAY_SECONDS }}" | |
| else | |
| echo "60" | |
| fi | |
| echo -n "PALLY_OUTPUT=" | |
| if [ -n "${{ vars.PALLY_OUTPUT }}" ] ; then | |
| echo "${{ vars.PALLY_OUTPUT }}" | |
| else | |
| echo "$GITHUB_WORKSPACE/pally_output.txt" | |
| fi | |
| ) >> "$GITHUB_OUTPUT" | |
| - name: Delay while the preview URL is built | |
| run: "sleep ${{ steps.customvars.outputs.DELAY_SECONDS }}" | |
| - name: Execute Pa11y tests | |
| run: touch "${{ steps.customvars.outputs.PALLY_OUTPUT }}" && curl -s "${{ steps.customvars.outputs.BASE_URL }}${{ steps.customvars.outputs.URL_PATH }}sitemap.xml" | xq -r '.urlset.url[].loc' | xargs -n50 node_modules/.bin/axe --tags=wcag2a | tee -a "${{ steps.customvars.outputs.PALLY_OUTPUT }}" | |
| - name: Read pa11y_output file. | |
| id: pa11y_output | |
| uses: juliangruber/read-file-action@b549046febe0fe86f8cb4f93c24e284433f9ab58 # [email protected] | |
| with: | |
| path: "${{ steps.customvars.outputs.PALLY_OUTPUT }}" | |
| - name: verify that pa11y successfully scanned the site | |
| if: contains(steps.pa11y_output.outputs.content, 'ailed to run') | |
| run: | | |
| echo "::error::Pa11y failed to run." | |
| exit 1 | |
| - name: Comment on pull request. | |
| if: ${{ contains(steps.pa11y_output.outputs.content, 'Accessibility issues detected') }} | |
| uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # [email protected] | |
| with: | |
| GITHUB_TOKEN: ${{ secrets.PAT || secrets.GITHUB_TOKEN || github.token }} | |
| message: "<details><summary>Pa11y testing results</summary> ```${{ steps.pa11y_output.outputs.content }}``` </details>" | |
| comment_tag: pa11y | |
| - name: Check for pa11y failures. | |
| if: contains(steps.pa11y_output.outputs.content, 'errno 2') | |
| run: | | |
| echo "::error::The site is failing accessibility tests." | |
| echo "Please review the comment in the pull request for details." | |
| exit 1 |