Add first sketch of accessibility scanner.

lkacenja · lkacenja · commit 51fe35b50b81 · 2025-06-23T16:09:26.000-06:00
diff --git a/.github/workflows/accessibility_scan.yml b/.github/workflows/accessibility_scan.yml
@@ -0,0 +1,72 @@
+name: CI
+
+on:
+  pull_request:
+    branches: [ main, dev ]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    services:
+      postgres:
+        image: postgres:14
+        env:
+          POSTGRES_PASSWORD: postgres
+        ports:
+          - 5432:5432
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+
+      - name: Compile CSS and JS
+        run: |
+          npm install -g yarn@1.22.22 tailwindcss@3.4.1
+          yarn install
+          yarn build
+          yarn build:css
+
+      - name: Set up database
+        env:
+          RAILS_ENV: test
+          DATABASE_URL: postgres://postgres:postgres@localhost:5432/access_pdf_test
+        run: |
+          bundle exec rails db:create
+          bundle exec rails db:migrate
+          bundle exec rails db:setup
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.12'
+
+      - name: Install Firefox and GeckoDriver
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y firefox-esr wget
+          sudo rm -rf /var/lib/apt/lists/*
+          wget -O /tmp/geckodriver.tar.gz https://github.com/mozilla/geckodriver/releases/download/v0.33.0/geckodriver-v0.33.0-linux64.tar.gz
+          sudo tar -xzf /tmp/geckodriver.tar.gz -C /usr/local/bin/
+          sudo chmod +x /usr/local/bin/geckodriver
+          rm /tmp/geckodriver.tar.gz
+
+      - name: Install Python dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r  python_components/accessibility_scan/requirements.txt
+
+      - name: Run tests
+        env:
+          RAILS_ENV: test
+          DATABASE_URL: postgres://postgres:postgres@localhost:5432/access_pdf_test
+        run: python python_components/accessibility_scan/main.py
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
@@ -46,7 +46,7 @@
                                 "aria-required": true %>
       </div>
       <div class="form-control mt-6">
-        <%= form.button type: "submit", class: "btn btn-primary" do %>
+        <%= form.button type: "submit", id: "submit-session-form", class: "btn btn-primary" do %>
           <i class="fas fa-sign-in-alt mr-2"></i>
           Login
         <% end %>
diff --git a/python_components/accessibility_scan/Dockerfile b/python_components/accessibility_scan/Dockerfile
@@ -0,0 +1,14 @@
+FROM python:3.12
+ENV PYTHONPATH=\/workspace
+WORKDIR /workspace
+RUN apt-get update && apt-get install -y \
+    firefox-esr \
+    wget \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN wget -O /tmp/geckodriver.tar.gz https://github.com/mozilla/geckodriver/releases/download/v0.33.0/geckodriver-v0.33.0-linux64.tar.gz \
+    && tar -xzf /tmp/geckodriver.tar.gz -C /usr/local/bin/ \
+    && chmod +x /usr/local/bin/geckodriver
+
+COPY requirements.txt .
+RUN pip install -r requirements.txt --trusted-host pypi.python.org --no-cache-dir
diff --git a/python_components/accessibility_scan/main.py b/python_components/accessibility_scan/main.py
@@ -0,0 +1,76 @@
+import json
+
+from axe_selenium_python import Axe
+from selenium import webdriver
+from selenium.webdriver.common.by import By
+from selenium.webdriver.firefox.options import Options
+from selenium.webdriver.firefox.service import Service
+from selenium.webdriver.support import expected_conditions as EC
+from selenium.webdriver.support.ui import WebDriverWait
+
+TAGS = ["wcag2a", "wcag2aa", "wcag21aa"]
+
+ANON_URLS_TO_SCAN = ("http://host.docker.internal:3000",)
+
+AUTHED_URLS_TO_SCAN = (
+    "http://host.docker.internal:3000/sites",
+    "http://host.docker.internal:3000/sites/1/documents"
+    "http://host.docker.internal:3000/sites/1/insights",
+)
+
+
+def scan_urls():
+    # Automatically manage geckodriver
+    options = Options()
+    options.add_argument("--headless")
+    options.add_argument("--no-sandbox")
+    options.add_argument("--disable-dev-shm-usage")
+
+    service = Service("/usr/local/bin/geckodriver")
+    driver = webdriver.Firefox(service=service, options=options)
+
+    all_results = {
+        "total_violations": 0,
+        "anon_urls": {},
+        "authed_urls": {},
+    }
+
+    for url in ANON_URLS_TO_SCAN:
+        driver.get(url)
+        driver.implicitly_wait(5)
+        results = get_axe_results(driver)
+        all_results["total_violations"] += len(results["violations"])
+        all_results["anon_urls"][url] = results
+
+    # Log into the app.
+    wait = WebDriverWait(driver, 10)
+    email_field = wait.until(
+        EC.presence_of_element_located((By.CSS_SELECTOR, "#email_address"))
+    )
+    password_field = driver.find_element(By.CSS_SELECTOR, "#password")
+    email_field.send_keys("admin@codeforamerica.org")
+    password_field.send_keys("password")
+    submit_button = driver.find_element(By.CSS_SELECTOR, "#submit-session-form")
+    submit_button.click()
+    wait.until(EC.presence_of_element_located((By.CSS_SELECTOR, "#add-site-modal")))
+
+    for url in AUTHED_URLS_TO_SCAN:
+        driver.get(url)
+        driver.implicitly_wait(5)
+        results = get_axe_results(driver)
+        all_results["total_violations"] += len(results["violations"])
+        all_results["authed_urls"][url] = results
+
+    driver.quit()
+
+    print(json.dumps(all_results, indent=2))
+
+
+def get_axe_results(driver):
+    axe = Axe(driver)
+    axe.inject()
+    return axe.run({"runOnly": {"type": "tag", "values": TAGS}})
+
+
+if __name__ == "__main__":
+    scan_urls()
diff --git a/python_components/accessibility_scan/requirements.txt b/python_components/accessibility_scan/requirements.txt
@@ -0,0 +1,8 @@
+axe-selenium-python==2.1.6
+backports.tarfile==1.2.0
+importlib-metadata==8.0.0
+jaraco.collections==5.1.0
+pip-chill==1.0.3
+platformdirs==4.2.2
+pysocks==1.7.1
+tomli==2.0.1
