chore: sync with ADO pipelines and Power BI report

.azuredevops/pipelines/a11y-scan-advancedsecurity.yml

@@ -12,7 +12,7 @@ pool:
   vmImage: 'ubuntu-latest'
 
 variables:
-  SCANNER_BASE_URL: 'https://a11y-scan-demo-app.azurewebsites.net'
+  - group: a11y-scan-config
 
 strategy:
   matrix:
@@ -21,7 +21,7 @@ strategy:
       siteUrl: 'https://codepen.io/leezee/pen/eYbXzpJ'
     a11y-scan-demo-app:
       siteName: 'a11y-scan-demo-app'
-      siteUrl: 'https://a11y-scan-demo-app.azurewebsites.net/'
+      siteUrl: '$(SCANNER_URL)'
     ontario-gov:
       siteName: 'ontario-gov'
       siteUrl: 'https://www.ontario.ca/page/government-ontario'
@@ -34,7 +34,7 @@ steps:
   - script: |
       mkdir -p results
       HTTP_STATUS=$(curl -s -o results/$(siteName).sarif -w "%{http_code}" \
-        -X POST "$(SCANNER_BASE_URL)/api/ci/scan" \
+        -X POST "$(SCANNER_URL)/api/ci/scan" \
         -H "Content-Type: application/json" \
         -d '{"url": "$(siteUrl)", "format": "sarif"}' \
         --max-time 120)

.azuredevops/pipelines/a11y-scan.yml

@@ -1,73 +1,64 @@
 trigger: none
+pr: none
 
 schedules:
-  - cron: '0 6 * * 1' # Every Monday at 06:00 UTC
-    displayName: 'Weekly accessibility scan'
+  - cron: '0 6 * * 1'
+    displayName: 'Weekly Monday 06:00 UTC scan'
     branches:
-      include:
-        - main
+      include: [main]
     always: true
 
+parameters:
+  - name: scanTargets
+    displayName: 'Override scan targets (leave empty for defaults)'
+    type: string
+    default: ''
+
 pool:
   vmImage: 'ubuntu-latest'
 
 variables:
-  SCANNER_BASE_URL: 'https://a11y-scan-demo-app.azurewebsites.net'
+  - group: a11y-scan-config
 
 strategy:
   matrix:
-    codepen-sample:
-      siteName: 'codepen-sample'
-      siteUrl: 'https://codepen.io/leezee/pen/eYbXzpJ'
-    a11y-scan-demo-app:
-      siteName: 'a11y-scan-demo-app'
-      siteUrl: 'https://a11y-scan-demo-app.azurewebsites.net/'
-    ontario-gov:
-      siteName: 'ontario-gov'
-      siteUrl: 'https://www.ontario.ca/page/government-ontario'
-  maxParallel: 3
+    codepen_sample:
+      scanName: 'codepen-sample'
+      scanUrl: 'https://codepen.io/leezee/pen/eYbXzpJ'
+    a11y_scan_demo_app:
+      scanName: 'a11y-scan-demo-app'
+      scanUrl: '$(SCANNER_URL)'
+    ontario_gov:
+      scanName: 'ontario-gov'
+      scanUrl: 'https://www.ontario.ca/page/government-ontario'
 
 steps:
   - checkout: self
-    displayName: 'Checkout repository'
 
   - script: |
       mkdir -p results
-      HTTP_STATUS=$(curl -s -o results/$(siteName).sarif -w "%{http_code}" \
-        -X POST "$(SCANNER_BASE_URL)/api/ci/scan" \
+      HTTP_STATUS=$(curl -s -o results/$(scanName).sarif -w "%{http_code}" \
+        -X POST "$(SCANNER_URL)/api/ci/scan" \
         -H "Content-Type: application/json" \
-        -d '{"url": "$(siteUrl)", "format": "sarif"}' \
+        -d '{"url": "$(scanUrl)", "format": "sarif"}' \
         --max-time 120)
-
       echo "HTTP status: $HTTP_STATUS"
-
       if [ "$HTTP_STATUS" -ne 200 ]; then
-        echo "##vso[task.logissue type=error]Scan failed for $(siteUrl) (HTTP $HTTP_STATUS)"
-        cat results/$(siteName).sarif
+        echo "##vso[task.logissue type=error]Scan failed for $(scanUrl) (HTTP $HTTP_STATUS)"
+        cat results/$(scanName).sarif
         exit 1
       fi
+    displayName: 'Run accessibility scan for $(scanName)'
 
-      echo "SARIF file written: results/$(siteName).sarif"
-      echo "File size: $(wc -c < results/$(siteName).sarif) bytes"
-    displayName: 'Run accessibility scan - $(siteName)'
-    timeoutInMinutes: 5
-
-  - task: PublishBuildArtifacts@1
-    condition: always()
+  - task: PublishPipelineArtifact@1
     inputs:
-      pathToPublish: 'results'
-      artifactName: 'a11y-sarif-$(siteName)'
-    displayName: 'Publish SARIF artifact - $(siteName)'
-
-  - task: PublishBuildArtifacts@1
+      targetPath: 'results/$(scanName).sarif'
+      artifactName: 'sarif-$(scanName)'
     condition: always()
-    inputs:
-      pathToPublish: 'results'
-      artifactName: 'CodeAnalysisLogs'
-    displayName: 'Publish to Scans tab - $(siteName)'
+    displayName: 'Publish SARIF artifact'
 
-  - task: AdvancedSecurity-Publish@1
-    condition: always()
-    inputs:
-      SarifsInputDirectory: '$(Build.SourcesDirectory)/results'
-    displayName: 'Publish SARIF to Advanced Security - $(siteName)'
+  # Optional: Upload to ADO Advanced Security (requires GHAzDO license)
+  # - task: AdvancedSecurity-Publish@1
+  #   inputs:
+  #     SarifFile: 'results/$(scanName).sarif'
+  #   condition: always()

.azuredevops/pipelines/adv-sec-scan.yml

@@ -5,7 +5,7 @@ pool:
   vmImage: ubuntu-latest
 
 variables:
-  SCANNER_BASE_URL: 'https://a11y-scan-demo-app.azurewebsites.net'
+  - group: a11y-scan-config
 
 steps:
   - task: AdvancedSecurity-Codeql-Init@1
@@ -22,9 +22,9 @@ steps:
   - script: |
       mkdir -p results
       HTTP_STATUS=$(curl -s -o results/a11y-scan.sarif -w "%{http_code}" \
-        -X POST "$(SCANNER_BASE_URL)/api/ci/scan" \
+        -X POST "$(SCANNER_URL)/api/ci/scan" \
         -H "Content-Type: application/json" \
-        -d '{"url": "$(SCANNER_BASE_URL)", "format": "sarif"}' \
+        -d '{"url": "$(SCANNER_URL)", "format": "sarif"}' \
         --max-time 120)
 
       echo "HTTP status: $HTTP_STATUS"

.azuredevops/pipelines/ci.yml

@@ -0,0 +1,75 @@
+trigger:
+  batch: true
+  branches:
+    include: [main]
+
+pr:
+  branches:
+    include: [main]
+
+pool:
+  vmImage: 'ubuntu-latest'
+
+variables:
+  - group: a11y-scan-config
+
+steps:
+  - checkout: self
+
+  - task: UseNode@1
+    inputs:
+      version: '20.x'
+    displayName: 'Use Node.js 20.x'
+
+  - script: npm ci
+    displayName: 'Install dependencies'
+
+  - script: npm run lint
+    displayName: 'Lint'
+
+  - script: npm run test:ci
+    displayName: 'Test with coverage'
+
+  - task: PublishTestResults@2
+    inputs:
+      testResultsFormat: JUnit
+      testResultsFiles: 'test-results/junit.xml'
+      testRunTitle: 'Unit Tests'
+    condition: always()
+    displayName: 'Publish unit test results'
+
+  - task: PublishCodeCoverageResults@2
+    inputs:
+      summaryFileLocation: 'coverage/cobertura-coverage.xml'
+    condition: always()
+    displayName: 'Publish code coverage'
+
+  - task: Cache@2
+    inputs:
+      key: 'nextjs | "$(Agent.OS)" | package-lock.json | src/**'
+      path: .next/cache
+    displayName: 'Cache Next.js build'
+
+  - script: npm run build
+    displayName: 'Build'
+
+  - script: npx playwright install --with-deps chromium
+    displayName: 'Install Playwright'
+
+  - script: npm run test:a11y
+    displayName: 'Accessibility tests'
+
+  - task: PublishTestResults@2
+    inputs:
+      testResultsFormat: JUnit
+      testResultsFiles: 'test-results/a11y-junit.xml'
+      testRunTitle: 'Accessibility Tests'
+    condition: always()
+    displayName: 'Publish accessibility test results'
+
+  - task: PublishPipelineArtifact@1
+    inputs:
+      targetPath: 'playwright-report/'
+      artifactName: 'a11y-results'
+    condition: always()
+    displayName: 'Publish accessibility report'