Daily DAP Scan #86
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Daily DAP Scan | |
| on: | |
| schedule: | |
| - cron: '17 9 * * *' | |
| workflow_dispatch: | |
| inputs: | |
| run_date: | |
| description: 'Optional run date (YYYY-MM-DD)' | |
| required: false | |
| type: string | |
| url_limit: | |
| description: 'Optional URL limit override' | |
| required: false | |
| type: string | |
| traffic_window: | |
| description: 'Traffic window mode (daily|rolling_7d|rolling_30d)' | |
| required: false | |
| default: 'daily' | |
| type: choice | |
| options: | |
| - daily | |
| - rolling_7d | |
| - rolling_30d | |
| dry_run: | |
| description: 'Run in dry-run mode only' | |
| required: false | |
| type: boolean | |
| default: false | |
| scan_mode: | |
| description: 'Scanner mode (live or mock)' | |
| required: false | |
| default: 'live' | |
| type: choice | |
| options: | |
| - live | |
| - mock | |
| permissions: | |
| contents: write | |
| concurrency: | |
| group: daily-dap-scan | |
| cancel-in-progress: false | |
| jobs: | |
| daily-scan: | |
| runs-on: ubuntu-latest | |
| env: | |
| NODE_ENV: production | |
| RUN_DATE: ${{ inputs.run_date }} | |
| URL_LIMIT: ${{ inputs.url_limit }} | |
| TRAFFIC_WINDOW: ${{ inputs.traffic_window || 'daily' }} | |
| DRY_RUN: ${{ inputs.dry_run || false }} | |
| DAP_API_KEY: ${{ secrets.DAP_API_KEY }} | |
| SCAN_MODE: ${{ inputs.scan_mode || 'live' }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Node | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: '24' | |
| cache: 'npm' | |
| - name: Setup Chrome | |
| id: setup-chrome | |
| uses: browser-actions/setup-chrome@v2 | |
| - name: Export Chrome path | |
| run: echo "CHROME_PATH=${{ steps.setup-chrome.outputs.chrome-path }}" >> "$GITHUB_ENV" | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Run pipeline | |
| id: pipeline | |
| shell: bash | |
| run: | | |
| set +e | |
| ARGS=(--scan-mode "$SCAN_MODE" --timeout-ms 90000 --concurrency 2 --max-retries 2 --retry-delay-ms 2000 --inter-scan-delay-ms 1000) | |
| if [[ -n "$RUN_DATE" ]]; then ARGS+=(--date "$RUN_DATE"); fi | |
| if [[ -n "$URL_LIMIT" ]]; then ARGS+=(--limit "$URL_LIMIT"); fi | |
| if [[ -n "$TRAFFIC_WINDOW" ]]; then ARGS+=(--traffic-window "$TRAFFIC_WINDOW"); fi | |
| if [[ "$DRY_RUN" == "true" ]]; then ARGS+=(--dry-run); fi | |
| node src/cli/run-daily-scan.js "${ARGS[@]}" | |
| EXIT_CODE=$? | |
| echo "exit_code=$EXIT_CODE" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| - name: Upload diagnostics artifact | |
| if: always() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: daily-dap-run-artifacts | |
| path: | | |
| artifacts/ | |
| docs/reports/daily/ | |
| if-no-files-found: warn | |
| - name: Archive old reports | |
| if: steps.pipeline.outputs.exit_code == '0' && env.DRY_RUN != 'true' | |
| shell: bash | |
| run: node src/cli/archive-old-reports.js | |
| - name: Commit and publish reports | |
| if: always() && steps.pipeline.outputs.exit_code == '0' && env.DRY_RUN != 'true' | |
| shell: bash | |
| run: | | |
| if git diff --quiet -- docs/reports docs/404.html; then | |
| echo "No report changes to commit." | |
| exit 0 | |
| fi | |
| git config user.name "github-actions[bot]" | |
| git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| git add docs/reports docs/404.html | |
| git commit -m "chore: publish daily DAP report snapshots" | |
| # Rebase onto latest main to prevent non-fast-forward rejection when | |
| # a concurrent or sequential run (e.g. scheduled + manual dispatch) | |
| # has already pushed new commits to main since this job checked out. | |
| # Use -X theirs so that any add/add or content conflicts in docs/reports | |
| # are resolved by preferring the freshly-generated files from this run. | |
| git pull --rebase -X theirs origin main | |
| git push | |
| - name: Generate accessibility summary | |
| if: steps.pipeline.outputs.exit_code == '0' && env.DRY_RUN != 'true' | |
| shell: bash | |
| run: node src/cli/generate-accessibility-summary.js | |
| - name: Generate news release summary | |
| if: steps.pipeline.outputs.exit_code == '0' && env.DRY_RUN != 'true' | |
| shell: bash | |
| run: | | |
| if [[ -n "$RUN_DATE" ]]; then | |
| node src/cli/generate-press-release.js --date "$RUN_DATE" | |
| else | |
| node src/cli/generate-press-release.js | |
| fi | |
| - name: Fail workflow on pipeline error | |
| if: steps.pipeline.outputs.exit_code != '0' | |
| run: | | |
| echo "Pipeline command exited with code ${{ steps.pipeline.outputs.exit_code }}" | |
| exit 1 |