Merged
Conversation
Bumps the github-actions group with 1 update in the / directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `ruby/setup-ruby` from 1.293.0 to 1.295.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@dffb23f...319994f) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-version: 1.295.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
…ub-actions group across 1 directory (#174) Bumps the github-actions group with 1 update in the / directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `ruby/setup-ruby` from 1.293.0 to 1.295.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ruby/setup-ruby/releases">ruby/setup-ruby's releases</a>.</em></p> <blockquote> <h2>v1.295.0</h2> <h2>What's Changed</h2> <ul> <li>Update CRuby releases on Windows by <a href="https://github.com/ruby-builder-bot"><code>@ruby-builder-bot</code></a> in <a href="https://redirect.github.com/ruby/setup-ruby/pull/890">ruby/setup-ruby#890</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ruby/setup-ruby/compare/v1.294.0...v1.295.0">https://github.com/ruby/setup-ruby/compare/v1.294.0...v1.295.0</a></p> <h2>v1.294.0</h2> <h2>What's Changed</h2> <ul> <li>Add ruby-4.0.2 by <a href="https://github.com/ruby-builder-bot"><code>@ruby-builder-bot</code></a> in <a href="https://redirect.github.com/ruby/setup-ruby/pull/889">ruby/setup-ruby#889</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ruby/setup-ruby/compare/v1.293.0...v1.294.0">https://github.com/ruby/setup-ruby/compare/v1.293.0...v1.294.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ruby/setup-ruby/commit/319994f95fa847cf3fb3cd3dbe89f6dcde9f178f"><code>319994f</code></a> Update CRuby releases on Windows</li> <li><a href="https://github.com/ruby/setup-ruby/commit/c984c1a20bb35a1cbda04477c816cea024418be9"><code>c984c1a</code></a> Add ruby-4.0.2</li> <li>See full diff in <a href="https://github.com/ruby/setup-ruby/compare/dffb23f65a78bba8db45d387d5ea1bbd6be3ef18...319994f95fa847cf3fb3cd3dbe89f6dcde9f178f">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details>
Adds a built-in scan that will detect if a page horizontally scrolls on a mobile screen size (320x256). Example reflow issue: <img width="1247" height="1163" alt="Screen shot of a GitHub issue with the title 'page requires horizontal scrolling', and the issue body stating the issue is found at 320x256px" src="https://github.com/user-attachments/assets/ed9e4111-2aeb-4ab0-8df3-a5984a846628" /> Updates made: * Passes in `url` from the plugin manager so it can be accessed in the plugins (which I can see being needed for most plugins at this point) * Removes test plugin in favor of pointing to a real plugin, updates docs accordingly * Updates the pluginManager to account for an edge case with duplicate named plugins running multiple times * Makes `ruleId` and `html` optional in the issue body - handles conditionals if these are not passed in and adds tests * Adds new error to the sites/site-with-errors 404 page to check in the site-with-errors test. [Testing - staff only]: * [Workflow test w/no scans input passed in](https://github.com/github/accessibility-scorecard/actions/runs/23449717365) * [Workflow test w/`include_screenshots` on](https://github.com/github/accessibility-scorecard/actions/runs/23448598781) * [Workflow test w/`include_screenshots` off](https://github.com/github/accessibility-scorecard/actions/runs/23449359031)
Contributor
There was a problem hiding this comment.
Pull request overview
This PR expands the scanner beyond Axe-only findings by introducing a built-in “reflow” scan plugin and updating typings/issue-filing logic to support findings that don’t have ruleId/html (non-Axe scans).
Changes:
- Add a built-in
reflow-scanplugin (320x256 viewport) and wire it into CI/test expectations. - Make
Finding.ruleIdandFinding.htmloptional across action + test types, and update issue filing/body generation accordingly. - Improve plugin loading to avoid loading a built-in plugin twice when a custom plugin with the same name exists; update docs/workflow examples for the
scansinput.
Reviewed changes
Copilot reviewed 16 out of 19 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/types.d.ts | Make ruleId/html optional in test Finding type. |
| tests/site-with-errors.test.ts | Add reflow-scan expectations; make assertions conditional for Axe-specific fields. |
| sites/site-with-errors/404.html | Add intentionally wide element to trigger reflow finding. |
| README.md | Document scans input usage in workflow + inputs table. |
| PLUGINS.md | Update plugin documentation link/reference text. |
| .github/workflows/test.yml | Run tests with scans: ["axe","reflow-scan"]; update ruby/setup-ruby pin. |
| .github/scanner-plugins/test-plugin/package.json | Remove old test plugin metadata. |
| .github/scanner-plugins/test-plugin/index.js | Remove old test plugin implementation. |
| .github/scanner-plugins/reflow-scan/package.json | Add built-in reflow-scan plugin package metadata. |
| .github/scanner-plugins/reflow-scan/index.js | Implement built-in horizontal-scroll detection scan. |
| .github/actions/find/tests/pluginManager.test.ts | Add test coverage for skipping duplicate built-in plugin names. |
| .github/actions/find/src/types.d.ts | Make html optional (and align with optional ruleId). |
| .github/actions/find/src/pluginManager.ts | Make addFinding async; skip loading custom plugins that duplicate built-ins by name. |
| .github/actions/file/tests/openIssue.test.ts | Update expected label ordering. |
| .github/actions/file/tests/generateIssueBody.test.ts | Add coverage for missing html; make acceptance criteria scanner-agnostic. |
| .github/actions/file/src/updateFilingsWithNewFindings.ts | Add fallback key logic when ruleId/html are absent. |
| .github/actions/file/src/types.d.ts | Make ruleId/html optional for filing action. |
| .github/actions/file/src/openIssue.ts | Avoid creating ruleId label when ruleId is missing. |
| .github/actions/file/src/generateIssueBody.ts | Handle findings without html; generalize acceptance criteria language. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| | `reduced_motion` | No | Playwright `reducedMotion` setting for scan contexts. Allowed values: `reduce`, `no-preference` | `reduce` | | ||
| | `color_scheme` | No | Playwright `colorScheme` setting for scan contexts. Allowed values: `light`, `dark`, `no-preference` | `dark` | | ||
| | `scans` | No | An array of scans (or plugins) to be performed. If not provided, only Axe will be performed. | `['axe', ...other plugins]` | | ||
| | `scans` | No | An array of scans (or plugins) to be performed. If not provided, only Axe will be performed. | `'["axe", "reflow-scan", ...other plugins]'` | |
There was a problem hiding this comment.
The scans example value in the inputs table isn't valid JSON (...other plugins can't be parsed). Since the action parses this input via JSON.parse, please update the example to a copy-pastable JSON string (e.g., '["axe","reflow-scan"]' or '["axe","my-custom-plugin"]').
Suggested change
| | `scans` | No | An array of scans (or plugins) to be performed. If not provided, only Axe will be performed. | `'["axe", "reflow-scan", ...other plugins]'` | | |
| | `scans` | No | An array of scans (or plugins) to be performed. If not provided, only Axe will be performed. | `'["axe","reflow-scan"]'` | |
| if (finding.ruleId && finding.html) { | ||
| return `${finding.url};${finding.ruleId};${finding.html}` | ||
| } | ||
| return `${finding.url};${finding.scannerType};${finding.problemUrl}` |
There was a problem hiding this comment.
The fallback getFindingKey (url;scannerType;problemUrl) can easily collide for multiple findings on the same page (e.g., plugins that report multiple elements but share the same problemUrl). Collisions will cause findings to be incorrectly associated with an existing issue, potentially dropping/merging distinct findings. Consider incorporating additional stable fields into the fallback (e.g., problemShort and/or solutionShort, or a dedicated fingerprint field on Finding for non-Axe scans).
Suggested change
| return `${finding.url};${finding.scannerType};${finding.problemUrl}` | |
| // For non-Axe scans, prefer a stable fingerprint if available; otherwise, | |
| // include additional stable fields to reduce the risk of collisions. | |
| if ('fingerprint' in finding && (finding as any).fingerprint) { | |
| return `${finding.url};${finding.scannerType};${(finding as any).fingerprint}` | |
| } | |
| return `${finding.url};${finding.scannerType};${finding.problemUrl};${(finding as any).problemShort ?? ''};${(finding as any).solutionShort ?? ''}` |
JoyceZhu
approved these changes
Mar 24, 2026
Contributor
JoyceZhu
left a comment
JoyceZhu
left a comment
There was a problem hiding this comment.
Approved for release testing
abdulahmad307
approved these changes
Mar 24, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release testing & prep for v2.12.0.