@govtechsg/oobee 0.10.47 → 0.10.50

package/.github/workflows/image.yml

@@ -44,7 +44,11 @@ jobs:
             oobee-portable-windows.zip
 
   mac-install-oobee:
-    runs-on: self-hosted
+    runs-on: macos-latest
+    env:
+      CER_B64:     ${{ secrets.ORG_DEVELOPER_ID_APPLICATION_CERT_CER }}
+      P12_B64:     ${{ secrets.ORG_DEVELOPER_ID_APPLICATION_PRIVATEKEY_P12 }}
+      P12_PASSWORD: ${{ secrets.ORG_DEVELOPER_ID_APPLICATION_PRIVATEKEY_P12_PASSWORD }}
     environment: macos
 
     steps:
@@ -70,6 +74,51 @@ jobs:
         run: |
           ./install_oobee_dependencies.command
 
+      - name: Decode & import certs into temporary keychain
+        run: |
+          # --- prepare tmp dir ---
+          mkdir -p /tmp/signing
+
+          # --- decode into /tmp ---
+          echo "$CER_B64" | openssl base64 -d -A > /tmp/signing/developer_id_application.cer
+          echo "$P12_B64" | openssl base64 -d -A > /tmp/signing/developer_id_application.p12
+
+          # --- create & unlock keychain ---
+          security create-keychain -p "" build.keychain
+          security set-keychain-settings -lut 7200 build.keychain
+          security list-keychains -s build.keychain
+          security default-keychain -s build.keychain
+          security unlock-keychain -p "" build.keychain
+
+          # --- import cert + key, grant codesign access ---
+          security import /tmp/signing/developer_id_application.cer \
+            -k build.keychain \
+            -T /usr/bin/codesign
+          security import /tmp/signing/developer_id_application.p12 \
+            -k build.keychain \
+            -P "$P12_PASSWORD" \
+            -T /usr/bin/codesign
+
+          # 1) Unlock it (just to be safe)
+          security unlock-keychain -p "" build.keychain
+
+          # 2) Allow codesign to use the key without prompting
+          security set-key-partition-list \
+            -S apple-tool:,apple: \
+            -s -k "" \
+            build.keychain
+
+          # --- delete entire tmp dir ---
+          rm -rf -v /tmp/signing/* && rm -rf /tmp/signing
+          
+      - name: Locate signing identity
+        id: find_identity
+        run: |
+          ID=$(security find-identity -v -p codesigning build.keychain \
+               | grep "Developer ID Application:" \
+               | sed -E 's/^[[:space:]]*[0-9]+\) ([^"]+).*$/\1/')
+          echo "id=$ID" >> $GITHUB_OUTPUT
+
       - name: Sign required binaries for MacOS
         run: |
           # Find a valid code signing certificate in your keychain for distribution outside Mac App Store
@@ -89,6 +138,10 @@ jobs:
             fi
           done
 
+      - name: Cleanup keychain
+        if: always()
+        run: security delete-keychain build.keychain
+        
       - name: Zip entire Purple folder (Mac)
         run: |
           zip oobee-portable-mac.zip -y -r ./

package/REPORTS.md

@@ -377,7 +377,7 @@ In scanPagesSummary.json and scanPagesDetail,json, within each `pagesNotScanned`
 | 101  | 101 – Switching Protocols                      |
 | 102  | 102 – Processing                               |
 | 103  | 103 – Early Hints                              |
-| 200  | 200 – However Page Could Not Be Scanned        |
+| 200  | Oobee was not able to scan the page due to access restrictions or compatibility issues        |
 | 204  | 204 – No Content                               |
 | 205  | 205 – Reset Content                            |
 | 300  | 300 – Multiple Choices                         |

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@govtechsg/oobee",
   "main": "dist/npmIndex.js",
-  "version": "0.10.47",
+  "version": "0.10.50",
   "type": "module",
   "author": "Government Technology Agency <info@tech.gov.sg>",
   "dependencies": {

package/src/constants/constants.ts

@@ -352,7 +352,7 @@ const wcagLinks = {
   'WCAG 1.2.2': 'https://www.w3.org/TR/WCAG22/#captions-prerecorded',
   'WCAG 1.3.1': 'https://www.w3.org/TR/WCAG22/#info-and-relationships',
   // 'WCAG 1.3.4': 'https://www.w3.org/TR/WCAG22/#orientation', - TODO: review for veraPDF
-  'WCAG 1.3.5': 'https://www.w3.org/TR/WCAG22/#use-of-color',
+  'WCAG 1.3.5': 'https://www.w3.org/TR/WCAG22/#identify-input-purpose',
   'WCAG 1.4.1': 'https://www.w3.org/TR/WCAG22/#use-of-color',
   'WCAG 1.4.2': 'https://www.w3.org/TR/WCAG22/#audio-control',
   'WCAG 1.4.3': 'https://www.w3.org/TR/WCAG22/#contrast-minimum',
@@ -360,7 +360,7 @@ const wcagLinks = {
   'WCAG 1.4.6': 'https://www.w3.org/TR/WCAG22/#contrast-enhanced', // AAA
   // 'WCAG 1.4.10': 'https://www.w3.org/TR/WCAG22/#reflow', - TODO: review for veraPDF
   'WCAG 1.4.12': 'https://www.w3.org/TR/WCAG22/#text-spacing',
-  'WCAG 2.1.1': 'https://www.w3.org/TR/WCAG22/#pause-stop-hide',
+  'WCAG 2.1.1': 'https://www.w3.org/TR/WCAG22/#keyboard',
   'WCAG 2.2.1': 'https://www.w3.org/TR/WCAG22/#timing-adjustable',
   'WCAG 2.2.2': 'https://www.w3.org/TR/WCAG22/#pause-stop-hide',
   'WCAG 2.2.4': 'https://www.w3.org/TR/WCAG22/#interruptions', // AAA
@@ -370,7 +370,7 @@ const wcagLinks = {
   'WCAG 2.4.9': 'https://www.w3.org/TR/WCAG22/#link-purpose-link-only', // AAA
   'WCAG 2.5.8': 'https://www.w3.org/TR/WCAG22/#target-size-minimum',
   'WCAG 3.1.1': 'https://www.w3.org/TR/WCAG22/#language-of-page',
-  'WCAG 3.1.2': 'https://www.w3.org/TR/WCAG22/#labels-or-instructions',
+  'WCAG 3.1.2': 'https://www.w3.org/TR/WCAG22/#language-of-parts',
   'WCAG 3.1.5': 'https://www.w3.org/TR/WCAG22/#reading-level', // AAA
   'WCAG 3.2.5': 'https://www.w3.org/TR/WCAG22/#change-on-request', // AAA
   'WCAG 3.3.2': 'https://www.w3.org/TR/WCAG22/#labels-or-instructions',
@@ -497,7 +497,7 @@ export const STATUS_CODE_METADATA: Record<number,string> = {
   599: 'Uncommon Response Status Code Received',
 
   // This is Status OK but thrown when the crawler cannot scan the page
-  200: '200 - However Page Could Not Be Scanned', 
+  200: 'Oobee was not able to scan the page due to access restrictions or compatibility issues', 
   
   // 1xx - Informational
   100: '100 - Continue',

package/src/mergeAxeResults.ts

@@ -1532,7 +1532,9 @@ function populateScanPagesDetail(allIssues: AllIssues): void {
 
 // Send WCAG criteria breakdown to Sentry
 const sendWcagBreakdownToSentry = async (
+  appVersion: string,
   wcagBreakdown: Map<string, number>,
+  ruleIdJson: any,
   scanInfo: {
     entryUrl: string;
     scanType: string;
@@ -1556,6 +1558,9 @@ const sendWcagBreakdownToSentry = async (
     const tags: Record<string, string> = {};
     const wcagCriteriaBreakdown: Record<string, any> = {};
 
+    // Tag app version
+    tags['version'] = appVersion;
+
     // Get dynamic WCAG criteria map once
     const wcagCriteriaMap = await getWcagCriteriaMap();
 
@@ -1662,6 +1667,7 @@ const sendWcagBreakdownToSentry = async (
         ...(userData && userData.userId ? { id: userData.userId } : {}),
       },
       extra: {
+        additionalScanMetadata: ruleIdJson != null ? JSON.stringify(ruleIdJson)  : "{}",
         wcagBreakdown: wcagCriteriaBreakdown,
         reportCounts: allIssues
           ? {
@@ -2013,12 +2019,17 @@ const generateArtifacts = async (
       printMessage([`Error in zipping results: ${error}`]);
     });
 
+  // Generate scrubbed HTML Code Snippets
+  const ruleIdJson = createRuleIdJson(allIssues);
+
   // At the end of the function where results are generated, add:
   try {
     // Always send WCAG breakdown to Sentry, even if no violations were found
     // This ensures that all criteria are reported, including those with 0 occurrences
     await sendWcagBreakdownToSentry(
+      oobeeAppVersion,
       wcagOccurrencesMap,
+      ruleIdJson,
       {
         entryUrl: urlScanned,
         scanType,
@@ -2033,7 +2044,7 @@ const generateArtifacts = async (
     console.error('Error sending WCAG data to Sentry:', error);
   }
 
-  return createRuleIdJson(allIssues);
+  return ruleIdJson;
 };
 
 export default generateArtifacts;