feat: Add 'Auth' action

Author: smockle

.github/actions/find/src/findForUrl.ts

@@ -4,7 +4,7 @@ import playwright from 'playwright';
 
 export async function findForUrl(url: string, sessionStatePath?: string): Promise<Finding[]> {
   const browser = await playwright.chromium.launch({ headless: true, executablePath: process.env.CI ? '/usr/bin/google-chrome' : undefined });
-  const context = await browser.newContext({ storageState: sessionStatePath });
+  const context = await browser.newContext({ storageState: !!sessionStatePath ? sessionStatePath : undefined });
   const page = await context.newPage();
   await page.goto(url);
 

README.md

@@ -97,11 +97,22 @@ Trigger the workflow manually or automatically based on your configuration. The
 | `repository` | Yes | Repository (with owner) for issues and PRs | `primer/primer-docs` |
 | `token` | Yes | PAT with write permissions (see above) | `${{ secrets.GH_TOKEN }}` |
 | `cache_key` | No | Custom key for caching findings across runs<br>Allowed: `A-Za-z0-9._/-` | `cached_findings-main-primer.style.json` |
-| `session_state_path` | No | Path to a file containing authenticated session state | `/tmp/.auth/12345678/sessionState.json` |
+| `login_url` | No | If scanned pages require authentication, the URL of the login page | `https://github.com/login` |
+| `username` | No | If scanned pages require authentication, the username to use for login | `some-user` |
+| `password` | No | If scanned pages require authentication, the password to use for login | `correct-horse-battery-staple` |
+| `session_state_path` | No | If scanned pages require authentication, the path to a file containing authenticated session state | `/tmp/.auth/12345678/sessionState.json` |
 | `skip_copilot_assignment` | No | Whether to skip assigning filed issues to Copilot | `true` |
 
 ---
 
+## Authentication
+
+If access to a page requires logging-in first, and logging-in requires only a username and password, then provide the `login_url`, `username`, and `password` inputs.
+
+If your login flow is more complex—if it requires two-factor authentication, single sign-on, passkeys, etc.–and you have a custom action that [authenticates with Playwright](https://playwright.dev/docs/auth) and persists authenticated session state to a file, then provide the `session_state_path` input. (If `session_state_path` is provided, `login_url`, `username`, and `password` will be ignored.)
+
+---
+
 ## Configuring Copilot
 
 The a11y scanner leverages Copilot coding agent, which can be configured with custom instructions:
@@ -119,4 +130,4 @@ Beta participants have direct contact for questions and suggestions. A public fe
 
 ---
 
-*Last updated: 2025-09-25*
+*Last updated: 2025-10-01*

action.yml

@@ -15,8 +15,17 @@ inputs:
   cache_key:
     description: "Custom key for caching findings across runs"
     required: false
+  login_url:
+    description: "If scanned pages require authentication, the URL of the login page"
+    required: false
+  username:
+    description: "If scanned pages require authentication, the username to use for login"
+    required: false
+  password:
+    description: "If scanned pages require authentication, the password to use for login"
+    required: false
   session_state_path:
-    description: "Path to a file containing authenticated session state"
+    description: "If scanned pages require authentication, the path to a file containing authenticated session state"
     required: false
   skip_copilot_assignment:
     description: "Whether to skip assigning filed issues to Copilot"
@@ -42,12 +51,20 @@ runs:
       with:
         key: ${{ steps.cache_key.outputs.cache_key }}
         token: ${{ inputs.token }}
+    - if: ${{ inputs.login_url && inputs.username && inputs.password && !inputs.session_state_path }}
+      name: Authenticate
+      id: auth
+      uses: ./.github/actions/auth
+      with:
+        login_url: ${{ inputs.login_url }}
+        username: ${{ inputs.username }}
+        password: ${{ inputs.password }}
     - name: Find
       id: find
       uses: ./.github/actions/find
       with:
         urls: ${{ inputs.urls }}
-        session_state_path: ${{ inputs.session_state_path }}
+        session_state_path:  ${{ inputs.session_state_path || steps.auth.outputs.session_state_path }}
     - name: File
       id: file
       uses: ./.github/actions/file