fix: authenticate via API in a11y scanner to bypass async form rendering

onchul · onchul · commit d4a2c53336b5 · 2026-04-16T09:04:20.000+02:00
diff --git a/.github/workflows/a11y-scan.yaml b/.github/workflows/a11y-scan.yaml
@@ -115,6 +115,28 @@ jobs:
             exit 1
           fi
 
+      - name: Authenticate via API
+        id: auth
+        run: |
+          # Login via backend API and capture session cookie
+          curl -s -c /tmp/cookies.txt \
+            -X POST http://localhost:3080/api/auth/login \
+            -H 'Content-Type: application/json' \
+            -d '{"email":"${{ env.AUTH_INITIAL_ADMIN_USERNAME }}","password":"${{ env.AUTH_INITIAL_ADMIN_PASSWORD }}"}'
+
+          # Convert Netscape cookie jar to Playwright auth_context JSON
+          AUTH_CONTEXT=$(awk '!/^#/ && NF {
+            printf "{\"name\":\"%s\",\"value\":\"%s\",\"domain\":\"%s\",\"path\":\"%s\",\"secure\":%s,\"httpOnly\":%s}\n",
+              $6, $7, $1, $3, ($4=="TRUE"?"true":"false"), ($2=="TRUE"?"true":"false")
+          }' /tmp/cookies.txt | jq -sc '{
+            username: "${{ env.AUTH_INITIAL_ADMIN_USERNAME }}",
+            password: "${{ env.AUTH_INITIAL_ADMIN_PASSWORD }}",
+            cookies: .,
+            localStorage: {}
+          }')
+
+          echo "auth_context=$AUTH_CONTEXT" >> "$GITHUB_OUTPUT"
+
       - uses: github/accessibility-scanner@v2
         with:
           urls: |
@@ -129,12 +151,13 @@ jobs:
           repository: ${{ github.repository }}
           token: ${{ secrets.GH_TOKEN_A11Y }}
           cache_key: cached_results-c4-local.json
-          login_url: http://localhost:3080/login # Optional: URL of the login page if authentication is required
-          username: ${{ env.AUTH_INITIAL_ADMIN_USERNAME }} # Optional: Username for authentication
-          password: ${{ env.AUTH_INITIAL_ADMIN_PASSWORD }} # Optional: Password for authentication (use secrets!)
-          open_grouped_issues: true # Optional: Set to true to open an issue grouping individual issues per violation
-          skip_copilot_assignment: true # Optional: Set to true to skip assigning issues to GitHub Copilot (or if you don't have GitHub Copilot)
-          include_screenshots: true # Optional: Set to true to capture screenshots and include links to them in filed issues
+          auth_context: ${{ steps.auth.outputs.auth_context }}
+          open_grouped_issues: true
+          skip_copilot_assignment: true
+          include_screenshots: true
+          # login_url: # Optional: URL of the login page if authentication is required
+          # username: # Optional: Username for authentication
+          # password: ${{ secrets.PASSWORD }} # Optional: Password for authentication (use secrets!)
           # auth_context: # Optional: Stringified JSON object for complex authentication
           # reduced_motion: no-preference # Optional: Playwright reduced motion configuration option
           # color_scheme: light # Optional: Playwright color scheme configuration option
