You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add url_configs input to skip CSS selectors per URL from Axe scan (#213)
Tracking issue with context:
#212
Embedded iframes, third-party widgets, and user-generated content often
should not be scanned. This adds a `url_configs` input — a stringified
JSON array of objects each with a `url` field and an optional
`excludeSelectors` field — that allows per-URL CSS selector exclusion
via `AxeBuilder.exclude()` before `analyze()` is called. When
`url_configs` is provided, it takes precedence over the `urls` input.
## Changes
- **`action.yml` (root)** — New `url_configs` input; `urls` is now
optional (required when `url_configs` is not provided); both forwarded
to the `find` step
- **`.github/actions/find/action.yml`** — New `url_configs` input
declared; `urls` made optional
- **`find/src/types.d.ts`** — New `UrlConfig` type: `{ url: string;
excludeSelectors?: string[] }`
- **`find/src/index.ts`** — Parses and validates `url_configs` JSON;
when present, uses it instead of `urls`; passes each URL's
`excludeSelectors` to `findForUrl`
- **`find/src/findForUrl.ts`** — `findForUrl` and `runAxeScan` accept
`exclude?: string[]`; selectors applied via `axeBuilder.exclude()`
before `analyze()`
- **`README.md`** — `url_configs` input documented in the inputs table
and getting-started example; `urls` marked as conditionally required
## Usage
```yaml
- uses: github/accessibility-scanner@v1
with:
url_configs: '[{"url":"https://example.com","excludeSelectors":["iframe","#third-party-widget"]},{"url":"https://example.com/about"}]'
repository: owner/repo
token: ${{ secrets.GH_TOKEN }}
cache_key: cached_results.json
```
The `urls` input continues to work as before when `url_configs` is not
provided.
description: 'Newline-delimited list of URLs to check for accessibility issues'
7
-
required: true
7
+
required: false
8
8
multiline: true
9
+
url_configs:
10
+
description: "Stringified JSON array of URL config objects, each with a 'url' field and an optional 'excludeSelectors' field (array of CSS selectors to exclude from the Axe scan for that URL). When provided, takes precedence over the 'urls' input."
11
+
required: false
9
12
auth_context:
10
13
description: "Stringified JSON object containing 'username', 'password', 'cookies', and/or 'localStorage' from an authenticated session"
# color_scheme: light # Optional: Playwright color scheme configuration option
60
60
# scans: '["axe","reflow-scan"]' # Optional: An array of scans (or plugins) to be performed. If not provided, only Axe will be performed.
61
+
# url_configs: '[{"url":"https://example.com","excludeSelectors":["iframe","#widget"]}]' # Optional: Per-URL config with CSS selectors to exclude from the Axe scan. When provided, takes precedence over 'urls'.
61
62
```
62
63
63
64
> 👉 Update all `REPLACE_THIS` placeholders with your actual values. See [Action Inputs](#action-inputs) for details.
@@ -113,23 +114,24 @@ Trigger the workflow manually or automatically based on your configuration. The
|`urls`| Yes | Newline-delimited list of URLs to scan |`https://primer.style`<br>`https://primer.style/octicons`|
119
-
|`repository`| Yes | Repository (with owner) for issues and PRs |`primer/primer-docs`|
120
-
|`token`| Yes | PAT with write permissions (see above) |`${{ secrets.GH_TOKEN }}`|
121
-
|`cache_key`| Yes | Key for caching results across runs<br>Allowed: `A-Za-z0-9._/-`|`cached_results-primer.style-main.json`|
122
-
|`base_url`| No | GitHub API base URL used by Octokit. Set this for GitHub Enterprise Server (format: `https://HOSTNAME/api/v3`). Defaults to `https://api.github.com`|`https://ghe.example.com/api/v3`|
123
-
|`login_url`| No | If scanned pages require authentication, the URL of the login page |`https://github.com/login`|
124
-
|`username`| No | If scanned pages require authentication, the username to use for login |`some-user`|
125
-
|`password`| No | If scanned pages require authentication, the password to use for login |`${{ secrets.PASSWORD }}`|
126
-
|`auth_context`| No | If scanned pages require authentication, a stringified JSON object containing username, password, cookies, and/or localStorage from an authenticated session |`{"username":"some-user","password":"***","cookies":[...]}`|
127
-
|`skip_copilot_assignment`| No | Whether to skip assigning filed issues to GitHub Copilot. Set to `true` if you don't have GitHub Copilot or prefer to handle issues manually |`true`|
128
-
|`include_screenshots`| No | Whether to capture screenshots of scanned pages and include links to them in filed issues. Screenshots are stored on the `gh-cache` branch of the repository running the workflow. Default: `false`|`true`|
129
-
|`open_grouped_issues`| No | Whether to create a tracking issue which groups filed issues together by violation type. Default: `false`|`true`|
130
-
|`reduced_motion`| No | Playwright `reducedMotion` setting for scan contexts. Allowed values: `reduce`, `no-preference`|`reduce`|
131
-
|`color_scheme`| No | Playwright `colorScheme` setting for scan contexts. Allowed values: `light`, `dark`, `no-preference`|`dark`|
132
-
|`scans`| No | An array of scans (or plugins) to be performed. If not provided, only Axe will be performed. |`'["axe", "reflow-scan", ...other plugins]'`|
|`urls`| No\*| Newline-delimited list of URLs to scan. Required unless `url_configs` is provided. |`https://primer.style`<br>`https://primer.style/octicons`|
120
+
|`repository`| Yes | Repository (with owner) for issues and PRs |`primer/primer-docs`|
121
+
|`token`| Yes | PAT with write permissions (see above) |`${{ secrets.GH_TOKEN }}`|
122
+
|`cache_key`| Yes | Key for caching results across runs<br>Allowed: `A-Za-z0-9._/-`|`cached_results-primer.style-main.json`|
123
+
|`base_url`| No | GitHub API base URL used by Octokit. Set this for GitHub Enterprise Server (format: `https://HOSTNAME/api/v3`). Defaults to `https://api.github.com`|`https://ghe.example.com/api/v3`|
124
+
|`login_url`| No | If scanned pages require authentication, the URL of the login page |`https://github.com/login`|
125
+
|`username`| No | If scanned pages require authentication, the username to use for login |`some-user`|
126
+
|`password`| No | If scanned pages require authentication, the password to use for login |`${{ secrets.PASSWORD }}`|
127
+
|`auth_context`| No | If scanned pages require authentication, a stringified JSON object containing username, password, cookies, and/or localStorage from an authenticated session |`{"username":"some-user","password":"***","cookies":[...]}`|
128
+
|`skip_copilot_assignment`| No | Whether to skip assigning filed issues to GitHub Copilot. Set to `true` if you don't have GitHub Copilot or prefer to handle issues manually |`true`|
129
+
|`include_screenshots`| No | Whether to capture screenshots of scanned pages and include links to them in filed issues. Screenshots are stored on the `gh-cache` branch of the repository running the workflow. Default: `false`|`true`|
130
+
|`open_grouped_issues`| No | Whether to create a tracking issue which groups filed issues together by violation type. Default: `false`|`true`|
131
+
|`reduced_motion`| No | Playwright `reducedMotion` setting for scan contexts. Allowed values: `reduce`, `no-preference`|`reduce`|
132
+
|`color_scheme`| No | Playwright `colorScheme` setting for scan contexts. Allowed values: `light`, `dark`, `no-preference`|`dark`|
133
+
|`scans`| No | An array of scans (or plugins) to be performed. If not provided, only Axe will be performed. |`'["axe", "reflow-scan", ...other plugins]'`|
134
+
|`url_configs`| No | A stringified JSON array of URL config objects. Each object must have a `url` field and may have an optional `excludeSelectors` field (array of CSS selectors to exclude from the Axe scan for that URL). When provided, takes precedence over the `urls` input. |`'[{"url":"https://example.com","excludeSelectors":["iframe","#widget"]}]'`|
0 commit comments