diff --git a/.circleci/config.yml b/.circleci/config.yml index 066701cb4..e24631a25 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,7 +1,9 @@ version: 2.1 +orbs: + jq: circleci/jq@3.0.0 jobs: - build: + build: docker: - image: cimg/ruby:3.2-browsers environment: @@ -9,13 +11,15 @@ jobs: LANGUAGE: "en_US.UTF-8" LC_ALL: "en_US.UTF-8" steps: + - checkout + - jq/install: + version: jq-1.7 - run: name: Fix locales command: | sudo locale-gen en_US.UTF-8 sudo locale-gen en en_US en_US.UTF-8 sudo dpkg-reconfigure locales - - checkout - restore_cache: keys: - v2-dependencies-bundler-{{ checksum "Gemfile.lock" }} @@ -30,7 +34,6 @@ jobs: paths: - vendor/bundle key: v2-dependencies-bundler-{{ checksum "Gemfile.lock" }} - - restore_cache: keys: - v2-dependencies-npm-{{ checksum "package-lock.json" }} @@ -42,23 +45,85 @@ jobs: - node_modules key: v2-dependencies-npm-{{ checksum "package-lock.json" }} - run: npm run uswds-build - # We export the file list in pa11y_targets so that we can make pa11y-ci scan only those changed files in the "Run pa11yci" step - run: - name: Jekyll build + name: Jekyll build and store pa11y_targets + # We export the changed file list in pa11y_targets source + # that we can make pa11y-ci scan only those changed files + # in the "Run pa11y scan on changed files" step if it's + # needed, a full site scan does not use the pa11y_targets file + # If this pipeline run is triggered from a GitHub PR commit webhook + # we check for the pa11y_targets file + # - if the file exists it means Jekyll found changed files and we will scan that list + # - if the file does not exist it means Jekyll didn't detect any changed files and we skip the pa11y scan + # If this pipeline run is triggered by a schedule that's our nightly full pa11y scan + # which doesn't need to interact with PA11Y_TARGETS since it runs off the sitemap to do a fulll scan command: | bundle exec jekyll build - echo "export PA11Y_TARGETS=$(cat pa11y_targets | base64 --wrap=0)" >> "$BASH_ENV" - source "$BASH_ENV" + if [[ << pipeline.trigger_source >> == "webhook" ]]; then + if test -f pa11y_targets; then + echo "export PA11Y_TARGETS=$(cat pa11y_targets | base64 --wrap=0)" >> "$BASH_ENV" + export DO_PA11Y_SCAN=true >> "$BASH_ENV" + echo "Changed files detected, pa11y scan will be performed on those files." + else + export DO_PA11Y_SCAN=false >> "$BASH_ENV" + echo "No changed files detected, pa11y scan will be skipped." + fi + source "$BASH_ENV" + fi + + if [[ << pipeline.trigger_source >> == "schedule" ]]; then + echo "Scheduled workflow detected, full pa11y scan will be performed." + fi - run: npm run htmlproofer - run: name: Run rspec command: bundle exec rspec `pwd`/spec/ - # Invoke pa11y-ci and pass in our list of changed files - - run: - name: Run pa11yci - command: npm run pa11y-ci -- $(echo $PA11Y_TARGETS | base64 --decode) + # The nightly full pa11y scan is triggered from a scheduled pipeline which satisfies this condition + - when: + condition: + equal: [ schedule, << pipeline.trigger_source >> ] + steps: + - run: + name: Run full pa11y scan + command: | + set +e + ./serve-pa11yci && npm run pa11y-sitemap 2> >(tee pa11y-errors >&2) + if [[ $PIPESTATUS -eq 2 ]]; then + set +o history + JSON=$(echo '{"event_type":"failed-pa11y-scan","client_payload":{"report":"'"$(cat pa11y-errors | base64 -w0)"'"}}' | jq -c -r '.|tojson') + curl -L \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer $GITHUB_TOKEN" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/repos/18f/18f.gsa.gov/dispatches \ + -d $JSON + set -o history + fi + # When someone pushes to a branch on GitHub with an open pull request + # it makes a webhook POST to CircleCI that satisfies this condition + - when: + condition: + and: + - equal: [ webhook, << pipeline.trigger_source >> ] + - equal: [ true, $DO_PA11Y_SCAN ] + steps: + - run: + name: Run pa11y scan on changed files + command: npm run pa11y-ci -- $(echo $PA11Y_TARGETS | base64 --decode) workflows: version: 2 + nightly: + triggers: + - schedule: + # Run nightly at 10am UTC / 5am ET + cron: "55 9 * * *" + filters: + branches: + only: + - caley/nightly-pa11y-scan + jobs: + - build commit: jobs: - build