Add main branch protection #1036
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Pa11y Testing | |
| # yamllint disable-line rule:truthy | |
| on: | |
| pull_request: | |
| workflow_dispatch: | |
| permissions: read-all | |
| concurrency: | |
| group: ${{ github.ref }}-${{ github.workflow }} | |
| cancel-in-progress: true | |
| jobs: | |
| pa11y: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| issues: write | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4.1.7 | |
| - name: Install Chrome | |
| uses: browser-actions/setup-chrome@facf10a55b9caf92e0cc749b4f82bf8220989148 # pin@v1.7.2 | |
| # We're no longer building the site, so we don't need | |
| # to use the site's version of Node -- just something | |
| # that's supposed by Cloud.gov Pages (currently 18.19.0) | |
| - name: Checkout repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4.1.7 | |
| - name: Use Node | |
| uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # pin@v3 | |
| with: | |
| node-version: "18" | |
| - name: Install dependencies | |
| run: npm install --production=false && pip install -r requirements.txt | |
| - name: Setup custom variables | |
| id: customvars | |
| run: | | |
| ( echo -n "BASE_URL=" | |
| if [ -n "${{ vars.BASE_URL }}" ] ; then | |
| echo "${{ vars.BASE_URL }}" | |
| else | |
| echo "https://federalist-a2423046-fe43-4e75-a2ef-2651e5e123ca.sites.pages.cloud.gov/preview/gsa-tts/tts.gsa.gov/" | |
| fi | |
| echo -n "URL_PATH=" | |
| if [ -n "${{ vars.URL_PATH }}" ] ; then | |
| echo "${{ vars.URL_PATH }}/" | |
| elif [ -n "${GITHUB_HEAD_REF:-}" ] ; then | |
| echo "${GITHUB_HEAD_REF}/" | |
| else | |
| echo "staging/" | |
| fi | |
| echo -n "DELAY_SECONDS=" | |
| if [ -n "${{ vars.DELAY_SECONDS }}" ] ; then | |
| echo "${{ vars.DELAY_SECONDS }}" | |
| else | |
| echo "60" | |
| fi | |
| echo -n "PALLY_OUTPUT=" | |
| if [ -n "${{ vars.PALLY_OUTPUT }}" ] ; then | |
| echo "${{ vars.PALLY_OUTPUT }}" | |
| else | |
| echo "$GITHUB_WORKSPACE/pally_output.txt" | |
| fi | |
| ) >> "$GITHUB_OUTPUT" | |
| - name: Delay while the preview URL is built | |
| run: "sleep ${{ steps.customvars.outputs.DELAY_SECONDS }}" | |
| - name: Execute Pa11y tests | |
| run: touch "${{ steps.customvars.outputs.PALLY_OUTPUT }}" && curl -s "${{ steps.customvars.outputs.BASE_URL }}${{ steps.customvars.outputs.URL_PATH }}sitemap.xml" | xq -r '.urlset.url[].loc' | xargs -n50 node_modules/.bin/axe --tags=wcag2a | tee -a "${{ steps.customvars.outputs.PALLY_OUTPUT }}" | |
| - name: Read pa11y_output file. | |
| id: pa11y_output | |
| uses: juliangruber/read-file-action@b549046febe0fe86f8cb4f93c24e284433f9ab58 # pin@v1.1.7 | |
| with: | |
| path: "${{ steps.customvars.outputs.PALLY_OUTPUT }}" | |
| - name: verify that pa11y successfully scanned the site | |
| if: contains(steps.pa11y_output.outputs.content, 'ailed to run') | |
| run: | | |
| echo "::error::Pa11y failed to run." | |
| exit 1 | |
| - name: Comment on pull request. | |
| if: ${{ contains(steps.pa11y_output.outputs.content, 'Accessibility issues detected') }} | |
| uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # pin@v2.5.0 | |
| with: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| message: "<details><summary>Pa11y testing results</summary> ```${{ steps.pa11y_output.outputs.content }}``` </details>" | |
| comment_tag: pa11y | |
| - name: Check for pa11y failures. | |
| if: contains(steps.pa11y_output.outputs.content, 'errno 2') | |
| run: | | |
| echo "::error::The site is failing accessibility tests." | |
| echo "Please review the comment in the pull request for details." | |
| exit 1 |