add plugin docs

abdulahmad307 · abdulahmad307 · commit 765d845ce688 · 2026-03-11T10:37:42.000-04:00
- restructure findForUrl code to accound for upcoming changes
diff --git a/.github/actions/find/src/findForUrl.ts b/.github/actions/find/src/findForUrl.ts
@@ -5,7 +5,6 @@ import {AuthContext} from './AuthContext.js'
 import {generateScreenshots} from './generateScreenshots.js'
 import {loadPlugins, invokePlugin} from './pluginManager.js'
 import {getScansContext} from './scansContextProvider.js'
-import axe from 'axe-core'
 import core from '@actions/core'
 
 export async function findForUrl(
@@ -27,7 +26,6 @@ export async function findForUrl(
   const context = await browser.newContext(contextOptions)
   const page = await context.newPage()
   await page.goto(url)
-  core.info(`Scanning ${page.url()}`)
 
   const findings: Finding[] = []
   const addFinding = (findingData: Finding) => {
@@ -37,44 +35,66 @@ export async function findForUrl(
   try {
     const scansContext = getScansContext()
 
-    let rawFindings: axe.AxeResults | undefined
-    if (scansContext.shouldPerformAxeScan) {
-      rawFindings = await new AxeBuilder({page}).analyze()
-    }
-
     if (scansContext.shouldRunPlugins) {
       const plugins = await loadPlugins()
       for (const plugin of plugins) {
         if (scansContext.scansToPerform.includes(plugin.name)) {
           core.info(`Running plugin: ${plugin.name}`)
-          await invokePlugin({plugin, page, addFinding, url})
+          await invokePlugin({
+            plugin,
+            page,
+            addFinding,
+            // - this will be coming soon
+            // runAxeScan: () => runAxeScan({page, includeScreenshots, findings}),
+          })
         } else {
           core.info(`Skipping plugin ${plugin.name} because it is not included in the 'scans' input`)
         }
       }
     }
 
-    let screenshotId: string | undefined
-    if (includeScreenshots) {
-      screenshotId = await generateScreenshots(page)
+    if (scansContext.shouldPerformAxeScan) {
+      runAxeScan({
+        includeScreenshots,
+        page,
+        findings,
+      })
     }
-
-    const axeFindings = rawFindings?.violations.map(violation => ({
-      scannerType: 'axe',
-      url,
-      html: violation.nodes[0].html.replace(/'/g, '&apos;'),
-      problemShort: violation.help.toLowerCase().replace(/'/g, '&apos;'),
-      problemUrl: violation.helpUrl.replace(/'/g, '&apos;'),
-      ruleId: violation.id,
-      solutionShort: violation.description.toLowerCase().replace(/'/g, '&apos;'),
-      solutionLong: violation.nodes[0].failureSummary?.replace(/'/g, '&apos;'),
-      screenshotId,
-    }))
-    findings.push(...(axeFindings || []))
   } catch (e) {
     core.error(`Error during accessibility scan: ${e}`)
   }
   await context.close()
   await browser.close()
   return findings
 }
+
+async function runAxeScan({
+  includeScreenshots,
+  page,
+  findings,
+}: {
+  includeScreenshots: boolean
+  page: playwright.Page
+  findings: Finding[]
+}) {
+  const url = page.url()
+  core.info(`Scanning ${url}`)
+  const rawFindings = await new AxeBuilder({page}).analyze()
+  let screenshotId: string | undefined
+  if (includeScreenshots) {
+    screenshotId = await generateScreenshots(page)
+  }
+
+  const axeFindings = rawFindings?.violations.map(violation => ({
+    scannerType: 'axe',
+    url,
+    html: violation.nodes[0].html.replace(/'/g, '&apos;'),
+    problemShort: violation.help.toLowerCase().replace(/'/g, '&apos;'),
+    problemUrl: violation.helpUrl.replace(/'/g, '&apos;'),
+    ruleId: violation.id,
+    solutionShort: violation.description.toLowerCase().replace(/'/g, '&apos;'),
+    solutionLong: violation.nodes[0].failureSummary?.replace(/'/g, '&apos;'),
+    screenshotId,
+  }))
+  findings.push(...(axeFindings || []))
+}
diff --git a/.github/actions/find/src/pluginManager.ts b/.github/actions/find/src/pluginManager.ts
@@ -10,9 +10,16 @@ import core from '@actions/core'
 const __filename = fileURLToPath(import.meta.url)
 const __dirname = path.dirname(__filename)
 
+type PluginDefaultParams = {
+  page: playwright.Page
+  addFinding: (findingData: Finding) => void
+  // - this will be coming soon
+  // runAxeScan: (options: {includeScreenshots: boolean; page: playwright.Page; findings: Finding[]}) => Promise<void>
+}
+
 export type Plugin = {
   name: string
-  default: (options: {page: playwright.Page; addFinding: (findingData: Finding) => void; url: string}) => Promise<void>
+  default: (options: PluginDefaultParams) => Promise<void>
 }
 
 const plugins: Plugin[] = []
@@ -88,12 +95,9 @@ export async function loadPluginsFromPath({readPath, importPath}: {readPath: str
   }
 }
 
-type InvokePluginParams = {
+type InvokePluginParams = PluginDefaultParams & {
   plugin: Plugin
-  page: playwright.Page
-  addFinding: (findingData: Finding) => void
-  url: string
 }
-export function invokePlugin({plugin, page, addFinding, url}: InvokePluginParams) {
-  return plugin.default({page, addFinding, url})
+export function invokePlugin({plugin, page, addFinding}: InvokePluginParams) {
+  return plugin.default({page, addFinding})
 }
diff --git a/.github/actions/find/tests/findForUrl.test.ts b/.github/actions/find/tests/findForUrl.test.ts
@@ -1,7 +1,7 @@
 import {describe, it, expect, vi} from 'vitest'
 import core from '@actions/core'
 import {findForUrl} from '../src/findForUrl.js'
-import AxeBuilder from '@axe-core/playwright'
+import {AxeBuilder} from '@axe-core/playwright'
 import axe from 'axe-core'
 import * as pluginManager from '../src/pluginManager.js'
 import {clearCache} from '../src/scansContextProvider.js'
@@ -28,7 +28,7 @@ vi.mock('@axe-core/playwright', () => {
   const AxeBuilderMock = vi.fn()
   const rawFinding = {violations: []} as unknown as axe.AxeResults
   AxeBuilderMock.prototype.analyze = vi.fn(() => Promise.resolve(rawFinding))
-  return {default: AxeBuilderMock}
+  return {AxeBuilder: AxeBuilderMock}
 })
 
 let actionInput: string = ''
diff --git a/README.md b/README.md
@@ -65,6 +65,7 @@ jobs:
 - Admin access to add repository secrets
 
 📚 Learn more
+
 - [Quickstart for GitHub Actions](https://docs.github.com/en/actions/get-started/quickstart)
 - [Understanding GitHub Actions](https://docs.github.com/en/actions/get-started/understand-github-actions)
 - [Writing workflows](https://docs.github.com/en/actions/how-tos/write-workflows)
@@ -89,6 +90,7 @@ The a11y scanner requires a Personal Access Token (PAT) as a repository secret:
 > 👉 GitHub Actions' default [GITHUB_TOKEN](https://docs.github.com/en/actions/tutorials/authenticate-with-github_token) cannot be used here.
 
 📚 Learn more
+
 - [Creating a fine-grained PAT](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-fine-grained-personal-access-token)
 - [Creating repository secrets](https://docs.github.com/en/actions/how-tos/write-workflows/choose-what-workflows-do/use-secrets#creating-secrets-for-a-repository)
 
@@ -99,6 +101,7 @@ The a11y scanner requires a Personal Access Token (PAT) as a repository secret:
 Trigger the workflow manually or automatically based on your configuration. The a11y scanner will run and create issues for any accessibility findings. When issues are assigned to GitHub Copilot, always review proposed fixes before merging.
 
 📚 Learn more
+
 - [View workflow run history](https://docs.github.com/en/actions/how-tos/monitor-workflows/view-workflow-run-history)
 - [Running a workflow manually](https://docs.github.com/en/actions/how-tos/manage-workflow-runs/manually-run-a-workflow#running-a-workflow)
 - [Re-run workflows and jobs](https://docs.github.com/en/actions/how-tos/manage-workflow-runs/re-run-workflows-and-jobs)
@@ -107,20 +110,21 @@ Trigger the workflow manually or automatically based on your configuration. The
 
 ## Action inputs
 
-| Input | Required | Description | Example |
-|-------|----------|-------------|---------|
-| `urls` | Yes | Newline-delimited list of URLs to scan | `https://primer.style`<br>`https://primer.style/octicons` |
-| `repository` | Yes | Repository (with owner) for issues and PRs | `primer/primer-docs` |
-| `token` | Yes | PAT with write permissions (see above) | `${{ secrets.GH_TOKEN }}` |
-| `cache_key` | Yes | Key for caching results across runs<br>Allowed: `A-Za-z0-9._/-` | `cached_results-primer.style-main.json` |
-| `login_url` | No | If scanned pages require authentication, the URL of the login page | `https://github.com/login` |
-| `username` | No | If scanned pages require authentication, the username to use for login | `some-user` |
-| `password` | No | If scanned pages require authentication, the password to use for login | `${{ secrets.PASSWORD }}` |
-| `auth_context` | No | If scanned pages require authentication, a stringified JSON object containing username, password, cookies, and/or localStorage from an authenticated session | `{"username":"some-user","password":"***","cookies":[...]}` |
-| `skip_copilot_assignment` | No | Whether to skip assigning filed issues to GitHub Copilot. Set to `true` if you don't have GitHub Copilot or prefer to handle issues manually | `true` |
-| `include_screenshots` | No | Whether to capture screenshots of scanned pages and include links to them in filed issues. Screenshots are stored on the `gh-cache` branch of the repository running the workflow. Default: `false` | `true` |
-| `reduced_motion` | No | Playwright `reducedMotion` setting for scan contexts. Allowed values: `reduce`, `no-preference` | `reduce` |
-| `color_scheme` | No | Playwright `colorScheme` setting for scan contexts. Allowed values: `light`, `dark`, `no-preference` | `dark` |
+| Input                     | Required | Description                                                                                                                                                                                         | Example                                                     |
+| ------------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------- |
+| `urls`                    | Yes      | Newline-delimited list of URLs to scan                                                                                                                                                              | `https://primer.style`<br>`https://primer.style/octicons`   |
+| `repository`              | Yes      | Repository (with owner) for issues and PRs                                                                                                                                                          | `primer/primer-docs`                                        |
+| `token`                   | Yes      | PAT with write permissions (see above)                                                                                                                                                              | `${{ secrets.GH_TOKEN }}`                                   |
+| `cache_key`               | Yes      | Key for caching results across runs<br>Allowed: `A-Za-z0-9._/-`                                                                                                                                     | `cached_results-primer.style-main.json`                     |
+| `login_url`               | No       | If scanned pages require authentication, the URL of the login page                                                                                                                                  | `https://github.com/login`                                  |
+| `username`                | No       | If scanned pages require authentication, the username to use for login                                                                                                                              | `some-user`                                                 |
+| `password`                | No       | If scanned pages require authentication, the password to use for login                                                                                                                              | `${{ secrets.PASSWORD }}`                                   |
+| `auth_context`            | No       | If scanned pages require authentication, a stringified JSON object containing username, password, cookies, and/or localStorage from an authenticated session                                        | `{"username":"some-user","password":"***","cookies":[...]}` |
+| `skip_copilot_assignment` | No       | Whether to skip assigning filed issues to GitHub Copilot. Set to `true` if you don't have GitHub Copilot or prefer to handle issues manually                                                        | `true`                                                      |
+| `include_screenshots`     | No       | Whether to capture screenshots of scanned pages and include links to them in filed issues. Screenshots are stored on the `gh-cache` branch of the repository running the workflow. Default: `false` | `true`                                                      |
+| `reduced_motion`          | No       | Playwright `reducedMotion` setting for scan contexts. Allowed values: `reduce`, `no-preference`                                                                                                     | `reduce`                                                    |
+| `color_scheme`            | No       | Playwright `colorScheme` setting for scan contexts. Allowed values: `light`, `dark`, `no-preference`                                                                                                | `dark`                                                      |
+| `scans`                   | No       | A list of scans (or plugins) to be performed. If not provided, only axe will be performed.                                                                                                          | `['axe', 'reflow']`                                         |
 
 ---
 
@@ -143,13 +147,46 @@ The a11y scanner leverages GitHub Copilot coding agent, which can be configured
 - **Directory/file-scoped:** `.github/instructions/*.instructions.md`
 
 📚 Learn more
+
 - [Adding repository custom instructions](https://docs.github.com/en/copilot/how-tos/configure-custom-instructions/add-repository-instructions)
 - [Optimizing GitHub Copilot for accessibility](https://accessibility.github.com/documentation/guide/copilot-instructions)
 - [GitHub Copilot .instructions.md support](https://github.blog/changelog/2025-07-23-github-copilot-coding-agent-now-supports-instructions-md-custom-instructions/)
 - [GitHub Copilot agents.md support](https://github.blog/changelog/2025-08-28-copilot-coding-agent-now-supports-agents-md-custom-instructions)
 
 ---
 
+## Plugins
+
+The plugin system allows teams to create custom scans/test to run on their pages. An example of this is axe interaction tests. In some cases, it might be desirable to perform specific interactions on elements of a given page before doing an axe scan. These interactions are usually unique to each page that is scanned, so it would require the owning team to write a custom plugin that can interact with the page and run the axe scan when ready. See the example under `./.github/scanner-plugins/test-plugin` (this is not an axe interaction test, but should give a general understanding of how plugins look like).
+
+Some plugins come built-in with the scanner and can be enabled via actions inputs.
+
+### How Plugins Work
+
+Plugins are dynamically loaded by the scanner when it runs. The scanner will look into the `./.github` folder in your repo (where you run the workflow from) and search for a `scanner-plugins` folder. If it finds it, it will assume each folder under that is a plugin, and attempt to load the `index.js` file inside it. Once loaded, the scanner will invoke the exported default function from the `index.js` file.
+
+#### Default Function Api
+
+When the default function is invoked, the following arguments are passed to the function:
+
+- page: this is the [playwright page](https://playwright.dev/docs/api/class-page) instance. See the linked docs for information on how to interact with the page.
+- addFinding: this is a function that will add a finding to the list. Findings are used to generate issues and 'filings'. See here for the [types](https://github.com/github/accessibility-scanner/blob/main/tests/types.d.ts). This function expects a single object as an argument, and it should match the `Finding` type defined in the types linked above.
+
+### How To Create Plugins
+
+As mentioned above, plugins need to live under `./.github/scanner-plugins`. For a plugin to work, it needs to meet the following criteria:
+
+- Each seperate plugin should live in a separate folder under `./.github/scanner-plugins`. So `./.github/scanner-plugins/plugin-1` would be 1 plugin loaded by the scanner
+- Each plugin should have one `index.js` file inside its folder
+- The `index.js` file must export a `name` field. This is the name used to pass to the `scans` input. So the following: `scans: ['my-custom-plugin']` would cause the scanner to only run that plugin
+- The `index.js` file must export a default function. This is the function that the scanner uses to run the plugin.
+
+### Things To Lookout For
+
+- Plugin names should be unique. If multiple plugins have the same name, and the `scans` input passes this name, all the plugins with that name _will_ run. However, this is not advised because if you want to turn off one plugin, you'll have to go back and change that plugin name.
+
+---
+
 ## Feedback
 
 💬 We welcome your feedback! To submit feedback or report issues, please create an issue in this repository. For more information on contributing, please refer to the [CONTRIBUTING](./CONTRIBUTING.md) file.
