-
-
Notifications
You must be signed in to change notification settings - Fork 4
/
action.yml
364 lines (322 loc) · 12.5 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
name: Web Accessibility Evaluation
on:
push:
branches: [$default-branch]
pull_request:
branches: [$default-branch]
author: A11yWatch
branding:
icon: "shield"
color: "gray-dark"
description: Fast and feature-packed web accessibility testing.
inputs:
WEBSITE_URL:
description: Website domain to scan
required: true
FIX:
description: Attempt to apply recommendations to code.
required: false
default: false
EXTERNAL:
description: Use the A11yWatch external API.
required: false
default: false
SITE_WIDE:
description: Perform a site-wide scan.
required: false
default: false
SITEMAP:
description: Extend crawl with sitemap links.
required: false
default: false
SUBDOMAINS:
description: Include all subdomains.
required: false
default: false
TLD:
description: Include all TLD extensions.
required: false
default: false
RECORD:
description: Enable video recording audits to a directory location.
required: false
default: false
FAIL_TOTAL_COUNT:
description: Use to fail the CI if the amount of issues of type errors and warnings is greater than the count.
required: false
default: 0
FAIL_ERRORS_COUNT:
description: Use to fail the CI if the amount of issues of type errors is greater than the count.
required: false
default: 0
FAIL_WARNINGS_COUNT:
description: Use to fail the CI if the amount of issues of type warnings is greater than the count.
required: false
default: 0
DISABLE_PR_STATS:
description: Disable the bot from posting on your PR.
required: false
default: false
TOKEN:
description: The github token to use for posting comments.
required: false
default: ""
LIST:
description: Report the output to github as a pass or fail list.
required: false
default: false
A11YWATCH_TOKEN:
description: The A11yWatch token to authenticate to the API.
required: false
default: ""
COMPUTER_VISION_ENDPOINT:
description: The Computer Vision endpoint to use for advanced AI.
required: false
default: ""
COMPUTER_VISION_SUBSCRIPTION_KEY:
description: The Computer Vision subscription key to use for advanced AI.
required: false
default: ""
SLIM:
description: Use a gRPC client to gather issues.
required: false
default: true
UPGRADE:
description: Upgrade the CLI to latest across runs.
required: false
default: false
UPLOAD:
description: Upload the audit as an artifact.
required: false
default: false
outputs:
results:
description: "Website Results"
value: ${{ steps.a11ywatch-results-generator.outputs.results }}
issues:
description: "The amount of issues found on the page"
value: ${{ steps.a11ywatch-results-generator.outputs.issues }}
# recording_dir:
# description: "The directory that holds recordings of audits. Only enabled when inputs.RECORD is set."
# value: ${{ steps.a11ywatch-recordings-directory.outputs.recording_dir }}
runs:
using: composite
steps:
- name: Checkout code
if: ${{ inputs.FIX == 'true' }}
uses: actions/checkout@v4
with:
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.ref }}
clean: false
- name: Get yarn cache directory path
if: ${{ inputs.EXTERNAL != 'true' }}
id: yarn-cache-dir-path
run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
shell: bash
- uses: actions/cache@v3
if: ${{ inputs.EXTERNAL != 'true' }}
id: yarn-cache
with:
path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-yarn-
- name: Cache node modules
if: ${{ inputs.EXTERNAL != 'true' }}
id: cache-npm
uses: actions/cache@v3
env:
cache-name: cache-node-modules
with:
path: ~/.npm
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-build-${{ env.cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
- name: Cache playwright binaries
if: ${{ inputs.EXTERNAL != 'true' }}
uses: actions/cache@v3
id: playwright-cache
with:
path: |
~/.cache/ms-playwright
key: ${{ runner.os }}-playwright-${{ env.PLAYWRIGHT_VERSION }}
- name: Cache cargo crates
uses: actions/cache@v3
id: cache-cargo
env:
cache-name: cache-cargo-crates
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ~/.cargo/bin/a11ywatch
- name: Install Rust, Cargo-Update, Protobuf Compiler
if: steps.cache-cargo.outputs.cache-hit != 'true'
shell: bash
run: |
curl https://sh.rustup.rs -sSf | sh -s -- -y
sudo apt update && sudo apt upgrade -y
sudo apt install -y protobuf-compiler libprotobuf-dev
- name: A11yWatch CLI Install
if: ${{ inputs.SLIM == 'true' }}
uses: baptiste0928/cargo-install@v1
with:
crate: a11ywatch_cli
version: "0.10.15"
features: "grpc"
- name: A11yWatch CLI Install
if: ${{ inputs.SLIM == 'false' }}
uses: baptiste0928/cargo-install@v1
with:
crate: a11ywatch_cli
version: "0.10.15"
- name: Configure CLI creds
if: ${{ inputs.A11YWATCH_TOKEN }}
shell: bash
run: a11ywatch --set-token ${{ inputs.A11YWATCH_TOKEN }}
- name: Configure Computer Vision API KEY
if: ${{ inputs.COMPUTER_VISION_SUBSCRIPTION_KEY }}
shell: bash
run: a11ywatch --set-cv-token ${{ inputs.COMPUTER_VISION_SUBSCRIPTION_KEY }}
- name: Configure Computer Vision URL
if: ${{ inputs.COMPUTER_VISION_ENDPOINT }}
shell: bash
run: a11ywatch --set-cv-url ${{ inputs.COMPUTER_VISION_ENDPOINT }}
- name: Configure Recording
if: ${{ inputs.RECORD }}
shell: bash
run: a11ywatch --set-recording ${{ inputs.RECORD }}
- name: Install ffmpeg for Recordings
if: ${{ inputs.RECORD && inputs.RECORD != 'false' }}
uses: FedericoCarboni/setup-ffmpeg@v2
- name: Build A11yWatch Service
if: ${{ inputs.EXTERNAL != 'true' && inputs.UPGRADE == 'true' }}
shell: bash
run: a11ywatch build --standalone --local ${{ inputs.UPGRADE == 'true' && '--upgrade' || '' }}
- name: Install playwright Browsers
if: ${{ inputs.EXTERNAL != 'true' && steps.playwright-cache.outputs.cache-hit != 'true' }}
run: npx playwright install --with-deps
shell: bash
# - run: npx playwright install-deps
# if: ${{ inputs.EXTERNAL != 'true' && steps.playwright-cache.outputs.cache-hit != 'true' }}
# shell: bash
- name: Start A11yWatch Service
if: ${{ inputs.EXTERNAL != 'true' }}
shell: bash
run: a11ywatch start --standalone --local
- name: A11yWatch Scan [Local]
if: ${{ inputs.EXTERNAL != 'true' && inputs.SITE_WIDE == 'false' }}
shell: bash
run: a11ywatch scan --url ${{ inputs.WEBSITE_URL }} --save ${{ inputs.FIX == 'true' && '--fix' || '' }}
- name: A11yWatch Scan [External]
if: ${{ inputs.EXTERNAL == 'true' && inputs.SITE_WIDE == 'false' }}
shell: bash
run: a11ywatch scan --url ${{ inputs.WEBSITE_URL }} --external --save ${{ inputs.FIX == 'true' && '--fix' || '' }}
- name: A11yWatch Crawl [Local]
if: ${{ inputs.EXTERNAL != 'true' && inputs.SITE_WIDE == 'true' }}
shell: bash
run: a11ywatch crawl --url ${{ inputs.WEBSITE_URL }} ${{ inputs.SUBDOMAINS == 'true' && '--subdomains' || '' }} ${{ inputs.TLD == 'true' && '--tld' || ''}} ${{ inputs.SITEMAP == 'true' && '--sitemap' || '' }} --save ${{ inputs.FIX == 'true' && '--fix' || '' }}
- name: A11yWatch Crawl [External]
if: ${{ inputs.EXTERNAL == 'true' && inputs.SITE_WIDE == 'true' }}
shell: bash
run: a11ywatch crawl --url ${{ inputs.WEBSITE_URL }} ${{ inputs.SUBDOMAINS == 'true' && '--subdomains' || '' }} ${{ inputs.TLD == 'true' && '--tld' || ''}} ${{ inputs.SITEMAP == 'true' && '--sitemap' || '' }} --external --save ${{ inputs.FIX == 'true' && '--fix' || '' }}
- name: Scan Results Check
id: a11ywatch-results-generator
shell: bash
run: |
# get results path
results_path="$(a11ywatch --find-results)"
website_issues_total=$(a11ywatch --results-issues)
website_issues_errors=$(a11ywatch --results-issues-errors)
website_issues_warnings=$(a11ywatch --results-issues-warnings)
total_limit=${{ inputs.FAIL_TOTAL_COUNT }}
errors_limit=${{ inputs.FAIL_ERRORS_COUNT }}
warnings_limit=${{ inputs.FAIL_WARNINGS_COUNT }}
total_count=${total_limit:-0}
errors_count=${errors_limit:-0}
warnings_count=${warnings_limit:-0}
if [ "$total_count" -gt 0 ]; then
if [ $website_issues_total -gt "$total_count" ]; then
echo "Failed accessibility test. $website_issues_total total errors and warnings exceeded limit!"
exit 1
fi
fi
if [ "$errors_count" -gt 0 ]; then
if [ $website_issues_errors -gt "$errors_count" ]; then
echo "Failed accessibility test. $website_issues_errors errors exceeded the limit!"
exit 1
fi
fi
if [ "$warnings_count" -gt 0 ]; then
if [ $website_issues_warnings -gt "$warnings_count" ]; then
echo "Failed accessibility test. $website_issues_warnings warnings exceeded limit!"
exit 1
fi
fi
results_json="$(a11ywatch --results-parsed)"
echo "results=$(echo ${results_json})" >> $GITHUB_OUTPUT
echo "issues=$(echo ${website_issues_total})" >> $GITHUB_OUTPUT
- name: Post Stats to GitHub PR
shell: bash
if: ${{ github.event_name == 'pull_request' && inputs.DISABLE_PR_STATS == 'false' }}
run: |
# post github
GH_TOKEN="${{ inputs.TOKEN || github.token }}"
results_path="$(a11ywatch --find-results)"
gh_api_url="$(a11ywatch --github-api-url)"
website_issues=$(a11ywatch --results-issues)
# send pr results if issues exist
if [ "$website_issues" -gt 0 ]; then
# check for open pr
pr_response=$(curl --location --request GET "$gh_api_url" \
-H "Authorization: token $GH_TOKEN")
if [ $(echo $pr_response | jq length) -eq 0 ]; then
echo "No PR found to update"
else
pr_comment_url=$(echo $pr_response | jq -r ".[]._links.comments.href")
# extract the results to a file
body="$( a11ywatch --github-results-path extract --platform github ${{ inputs.LIST == 'true' && '-l' || ''}} )"
# get results of the file path
gh_file="@$(a11ywatch --github-results-path)"
# post comment to github
curl -X POST -d "$gh_file" "$pr_comment_url" \
-H "Authorization: token $GH_TOKEN" \
-H 'Content-Type: application/json'
fi
fi
- uses: EndBug/add-and-commit@v9
if: ${{ inputs.FIX == 'true' }}
with:
message: "fix(accessibility): add recommendations from scan"
committer_name: GitHub Actions
# - name: Get recording directory
# id: a11ywatch-recordings-directory
# if: ${{ inputs.RECORD && inputs.RECORD != 'false' && failure() || success() }}
# shell: bash
# run: echo "recording_dir=$( echo "$(a11ywatch --find-tmp-dir)""/${{inputs.RECORD}}" )" >> $GITHUB_OUTPUT
- name: Get audit directory
id: a11ywatch-audit-directory
if: ${{ inputs.UPLOAD && inputs.UPLOAD != 'false' && (failure() || success()) }}
shell: bash
run: echo "audit_dir=$( echo "$(a11ywatch --find-results)" )" >> $GITHUB_OUTPUT
- uses: actions/upload-artifact@v3
if: ${{ inputs.UPLOAD && inputs.UPLOAD != 'false' && (failure() || success()) }}
with:
name: Audit Results
path: ${{ steps.a11ywatch-audit-directory.outputs.audit_dir }}
- uses: actions/upload-artifact@v3
if: ${{ inputs.RECORD && inputs.RECORD != 'false' && (failure() || success()) }}
with:
name: Recordings
# path: ${{ steps.a11ywatch-recordings-directory.outputs.recording_dir }}
path: ${{ inputs.RECORD }}
- name: Stop A11yWatch Service
if: ${{ !inputs.EXTERNAL }}
shell: bash
run: a11ywatch stop