diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index c8b6c448..62b7f327 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -508,19 +508,99 @@ jobs: PAGESPEED_LIMIT: 8 run: pnpm run pagespeed:test + # ────────────────────────────────────────────────────────────────────────────── + # JOB 7: WCAG Audit + # ────────────────────────────────────────────────────────────────────────────── + wcag: + name: ♿ WCAG + needs: [prepare, deploy, smoke_test] + if: success() && needs.prepare.outputs.target != 'skip' + runs-on: docker + container: + image: catthehacker/ubuntu:act-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + - name: Setup pnpm + uses: pnpm/action-setup@v3 + with: + version: 10 + - name: Get pnpm store directory + id: pnpm-cache + shell: bash + run: | + echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_OUTPUT + - name: Setup pnpm cache + uses: actions/cache@v4 + with: + path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} + key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} + restore-keys: | + ${{ runner.os }}-pnpm-store- + - name: Setup Puppeteer cache + uses: actions/cache@v4 + with: + path: ~/.cache/puppeteer + key: ${{ runner.os }}-puppeteer-${{ hashFiles('**/pnpm-lock.yaml') }} + restore-keys: | + ${{ runner.os }}-puppeteer- + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 20 + - name: 🔐 Registry Auth + run: | + echo "@mintel:registry=https://${{ vars.REGISTRY_HOST || 'npm.infra.mintel.me' }}" > .npmrc + echo "//${{ vars.REGISTRY_HOST || 'npm.infra.mintel.me' }}/:_authToken=${{ secrets.REGISTRY_PASS }}" >> .npmrc + - name: Install dependencies + run: pnpm install --frozen-lockfile + - name: 🔍 Install Chromium (Native & ARM64) + run: | + apt-get update + apt-get install -y gnupg wget ca-certificates + + # Detect OS + OS_ID=$(. /etc/os-release && echo $ID) + CODENAME=$(. /etc/os-release && echo $VERSION_CODENAME) + + if [ "$OS_ID" = "debian" ]; then + echo "🎯 Debian detected - installing native chromium" + apt-get install -y chromium + else + echo "🎯 Ubuntu detected - adding xtradeb PPA" + mkdir -p /etc/apt/keyrings + KEY_ID="82BB6851C64F6880" + + # Fetch PPA key + wget -qO- "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x$KEY_ID" | gpg --dearmor > /etc/apt/keyrings/xtradeb.gpg + + # Add PPA repository + echo "deb [signed-by=/etc/apt/keyrings/xtradeb.gpg] http://ppa.launchpad.net/xtradeb/apps/ubuntu $CODENAME main" > /etc/apt/sources.list.d/xtradeb-ppa.list + + # PRIORITY PINNING: Force PPA over Snap-dummy + printf "Package: *\nPin: release o=LP-PPA-xtradeb-apps\nPin-Priority: 1001\n" > /etc/apt/preferences.d/xtradeb + + apt-get update + apt-get install -y --allow-downgrades chromium + fi + + # Standardize binary paths + [ -f /usr/bin/chromium ] && ln -sf /usr/bin/chromium /usr/bin/google-chrome + [ -f /usr/bin/chromium ] && ln -sf /usr/bin/chromium /usr/bin/chromium-browser - name: ♿ Run WCAG Audit env: NEXT_PUBLIC_BASE_URL: ${{ needs.prepare.outputs.next_public_url }} GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD || 'klz2026' }} + CHROME_PATH: /usr/bin/chromium PAGESPEED_LIMIT: 8 run: pnpm run check:wcag # ────────────────────────────────────────────────────────────────────────────── - # JOB 7: Notifications + # JOB 8: Notifications # ────────────────────────────────────────────────────────────────────────────── notifications: name: 🔔 Notify - needs: [prepare, deploy, smoke_test, lighthouse] + needs: [prepare, deploy, smoke_test, lighthouse, wcag] if: always() runs-on: docker container: