From b55df88ed4817987e6f1ff2972d5629c6357b6fe Mon Sep 17 00:00:00 2001 From: lindseywild Date: Thu, 26 Mar 2026 14:08:00 -0400 Subject: [PATCH 1/2] Replace github-script with file-based approach to avoid ARG_MAX limit The 'Set results output' step used actions/github-script@v8, which interpolated large filings JSON (~138KB+) as a CLI argument to node. This exceeded Linux's ARG_MAX limit, causing 'Argument list too long' errors. Changes: - Replace github-script step with bash heredoc + node heredoc approach that writes data to temp files, avoiding CLI arg limits - Add results_file output for consumers needing large dataset support - Switch cache saving from value-based to file-based using gh-cache/save - Keep results output for backward compatibility Resolves github/accessibility#10354 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- action.yml | 75 +++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 54 insertions(+), 21 deletions(-) diff --git a/action.yml b/action.yml index 933a10d8..8382cb4a 100644 --- a/action.yml +++ b/action.yml @@ -53,6 +53,9 @@ outputs: results: description: 'List of issues and pull requests filed (and their associated finding(s)), as stringified JSON' value: ${{ steps.results.outputs.results }} + results_file: + description: 'Path to a JSON file containing the results (use for large datasets to avoid output size limits)' + value: ${{ steps.results.outputs.results_file }} runs: using: 'composite' @@ -132,38 +135,68 @@ runs: issues: ${{ steps.get_issues_from_filings.outputs.issues }} repository: ${{ inputs.repository }} token: ${{ inputs.token }} + - name: Write filings and fixings to temp files + shell: bash + run: | + cat > "$RUNNER_TEMP/filings.json" << 'FILINGS_HEREDOC_DELIMITER' + ${{ steps.file.outputs.filings || '[]' }} + FILINGS_HEREDOC_DELIMITER + + cat > "$RUNNER_TEMP/fixings.json" << 'FIXINGS_HEREDOC_DELIMITER' + ${{ steps.fix.outputs.fixings || '[]' }} + FIXINGS_HEREDOC_DELIMITER + - name: Set results output id: results - uses: actions/github-script@v8 - with: - script: | - const filings = ${{ steps.file.outputs.filings || '""' }} || []; - const fixings = ${{ steps.fix.outputs.fixings || '""' }} || []; - const fixingsByIssueUrl = fixings.reduce((acc, fixing) => { - if (fixing.issue && fixing.issue.url) { - acc[fixing.issue.url] = fixing; - } - return acc; - }, {}); - const results = filings; - for (const result of results) { - if (result.issue && result.issue.url && fixingsByIssueUrl[result.issue.url]) { - result.pullRequest = fixingsByIssueUrl[result.issue.url].pullRequest; - } + shell: bash + run: | + node << 'NODE_SCRIPT' + const fs = require('fs'); + const path = require('path'); + const runnerTemp = process.env.RUNNER_TEMP; + const filings = JSON.parse(fs.readFileSync(path.join(runnerTemp, 'filings.json'), 'utf8')) || []; + const fixings = JSON.parse(fs.readFileSync(path.join(runnerTemp, 'fixings.json'), 'utf8')) || []; + const fixingsByIssueUrl = fixings.reduce((acc, fixing) => { + if (fixing.issue && fixing.issue.url) acc[fixing.issue.url] = fixing; + return acc; + }, {}); + for (const result of filings) { + if (result.issue && result.issue.url && fixingsByIssueUrl[result.issue.url]) { + result.pullRequest = fixingsByIssueUrl[result.issue.url].pullRequest; } - core.setOutput('results', JSON.stringify(results)); - core.debug(`Results: ${JSON.stringify(results)}`); + } + const resultsPath = path.join(process.env.GITHUB_WORKSPACE, 'scanner-results.json'); + fs.writeFileSync(resultsPath, JSON.stringify(filings)); + NODE_SCRIPT + + RESULTS_FILE="$GITHUB_WORKSPACE/scanner-results.json" + + # Set results output (backward compat) + { + echo 'results<<__RESULTS_OUTPUT_DELIMITER__' + cat "$RESULTS_FILE" + echo + echo '__RESULTS_OUTPUT_DELIMITER__' + } >> "$GITHUB_OUTPUT" + + # Set results_file output + echo "results_file=$RESULTS_FILE" >> "$GITHUB_OUTPUT" - if: ${{ inputs.include_screenshots == 'true' }} name: Save screenshots uses: ./../../_actions/github/accessibility-scanner/current/.github/actions/gh-cache/save with: path: .screenshots token: ${{ inputs.token }} + - name: Copy results to cache path + shell: bash + run: | + mkdir -p "$(dirname '${{ inputs.cache_key }}')" + cp "$GITHUB_WORKSPACE/scanner-results.json" "${{ inputs.cache_key }}" + - name: Save cached results - uses: ./../../_actions/github/accessibility-scanner/current/.github/actions/gh-cache/cache + uses: ./../../_actions/github/accessibility-scanner/current/.github/actions/gh-cache/save with: - key: ${{ inputs.cache_key }} - value: ${{ steps.results.outputs.results }} + path: ${{ inputs.cache_key }} token: ${{ inputs.token }} branding: From 1f361d53bdb457d648fd28c0da762be3c315c269 Mon Sep 17 00:00:00 2001 From: lindseywild Date: Fri, 27 Mar 2026 12:22:49 -0400 Subject: [PATCH 2/2] Fix missing newline before EOF delimiter in gh-cache/cache output The 'Output cached value' step cats a JSON file into GITHUB_OUTPUT followed by an EOF delimiter, but if the file has no trailing newline the delimiter lands on the same line as the content, causing: 'Invalid value. Matching delimiter not found EOF' Add a bare echo to ensure a newline before the closing delimiter. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/actions/gh-cache/cache/action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/gh-cache/cache/action.yml b/.github/actions/gh-cache/cache/action.yml index c4035304..9862660c 100644 --- a/.github/actions/gh-cache/cache/action.yml +++ b/.github/actions/gh-cache/cache/action.yml @@ -63,6 +63,7 @@ runs: echo "value<> $GITHUB_OUTPUT if [ -f "${{ inputs.key }}" ]; then cat "${{ inputs.key }}" >> $GITHUB_OUTPUT + echo >> $GITHUB_OUTPUT echo "Outputted 'value=$(cat "${{ inputs.key }}")'" else echo "Skipped outputting 'value'"