feat: use pinned aria-at commit with cron to update

.github/workflows/runtest.yml

@@ -43,6 +43,7 @@ jobs:
           yarn sequelize:test db:migrate
           yarn sequelize:test db:seed:all
           yarn workspace server db-import-tests:test -c "${IMPORT_ARIA_AT_TESTS_COMMIT_1} ${IMPORT_ARIA_AT_TESTS_COMMIT_2} ${IMPORT_ARIA_AT_TESTS_COMMIT_3} ${IMPORT_ARIA_AT_TESTS_COMMIT_4}"
+          # Import pinned current commit as well (no args defaults to pinned)
           yarn workspace server db-import-tests:test
           yarn workspace server db-populate-sample-data:test
       # yarn test would run all of these in serial, however we split this up to allow it to continue

.github/workflows/update-aria-at.yml

@@ -0,0 +1,152 @@
+name: Update pinned ARIA-AT data
+
+on:
+  schedule:
+    - cron: '0 6 * * *'
+  workflow_dispatch: {}
+
+concurrency:
+  group: update-aria-at
+  cancel-in-progress: false
+
+jobs:
+  bump:
+    name: Test latest upstream and update pin if clean
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v4
+      - name: Install NodeJS 20
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+      - run: yarn --version
+      - name: Remove pre-bundled versions of postgres to avoid version clashes
+        run: |
+          sudo DEBIAN_FRONTEND=noninteractive apt-get purge -y postgresql\*
+          sudo apt-get autoremove -y
+          sudo rm -rf /var/lib/postgresql/
+          sudo rm -rf /etc/postgresql/
+      - name: Install PostgreSQL 12
+        run: |
+          wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
+          sudo sh -c 'echo "deb https://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
+          sudo apt-get -y update
+          sudo apt-get -y install postgresql-12
+          sudo apt-get -y install postgresql-client-12
+      - name: before_install
+        run: |
+          sudo sed -i 's/port = 5433/port = 5432/' /etc/postgresql/12/main/postgresql.conf
+          sudo pg_ctlcluster 12 main restart
+      - name: before_script
+        run: |
+          yarn --frozen-lockfile
+          npx patch-package
+          source config/test.env
+          sudo -u postgres createdb ${PGDATABASE}
+          echo Created ${PGDATABASE}
+          sudo -u postgres psql -c "CREATE ROLE ${PGUSER} WITH LOGIN PASSWORD '${PGPASSWORD}'"
+          sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE ${PGDATABASE} to ${PGUSER};"
+          yarn sequelize:test db:migrate
+          yarn sequelize:test db:seed:all
+
+      - name: Check for latest upstream SHA
+        id: latest
+        run: |
+          set -e
+          echo "Checking for latest ARIA-AT upstream SHA..."
+          LATEST=$(git ls-remote https://github.com/w3c/aria-at HEAD | cut -f1)
+          PINNED=$(cat config/aria-at.version || true)
+          echo "latest=$LATEST" >> $GITHUB_OUTPUT
+          echo "pinned=$PINNED" >> $GITHUB_OUTPUT
+
+          if [ -z "$LATEST" ]; then
+            echo "Failed to resolve latest upstream SHA"
+            exit 1
+          fi
+
+          echo "Current pinned SHA: ${PINNED:-none}"
+          echo "Latest upstream SHA: $LATEST"
+
+          if [ "$LATEST" = "$PINNED" ]; then
+            echo "Already up to date with latest upstream SHA"
+            exit 0
+          else
+            echo "Found newer upstream SHA, will test and update"
+          fi
+
+      - name: Import and test latest upstream SHA
+        if: steps.latest.outputs.latest != steps.latest.outputs.pinned
+        run: |
+          # Ensure IMPORT_ARIA_AT_TESTS_COMMIT_* env vars are available in this step
+          source config/test.env
+          echo "Importing historical commits for testing..."
+          yarn workspace server db-import-tests:test -c "${IMPORT_ARIA_AT_TESTS_COMMIT_1} ${IMPORT_ARIA_AT_TESTS_COMMIT_2} ${IMPORT_ARIA_AT_TESTS_COMMIT_3} ${IMPORT_ARIA_AT_TESTS_COMMIT_4}"
+
+          echo "Importing latest upstream commit: ${{ steps.latest.outputs.latest }}"
+          yarn workspace server db-import-tests:test -c "${{ steps.latest.outputs.latest }}"
+
+          echo "Populating sample data..."
+          yarn workspace server db-populate-sample-data:test
+
+      - name: Run tests (excluding snapshots)
+        if: steps.latest.outputs.latest != steps.latest.outputs.pinned
+        run: |
+          yarn workspace shared prettier
+          yarn workspace client prettier
+          yarn workspace server prettier
+          yarn workspace shared lint
+          yarn workspace client lint
+          yarn workspace server lint
+          yarn workspace shared jest
+          yarn workspace client jest --testPathIgnorePatterns=snapshots
+          yarn workspace server jest
+
+      - name: Update pinned SHA and snapshots (tests passed)
+        if: steps.latest.outputs.latest != steps.latest.outputs.pinned
+        run: |
+          echo "All tests passed! Updating pinned SHA to latest upstream..."
+          echo "${{ steps.latest.outputs.latest }}" > config/aria-at.version
+          echo "Updating snapshots..."
+          yarn update-snapshots
+
+      - name: Stage allowed files only
+        if: steps.latest.outputs.latest != steps.latest.outputs.pinned
+        run: |
+          set -e
+          git reset
+          git add config/aria-at.version || true
+          git add client/tests/e2e/snapshots || true
+          echo "Staged files:" 
+          git diff --cached --name-only
+
+      - name: Validate staged files scope
+        if: steps.latest.outputs.latest != steps.latest.outputs.pinned
+        run: |
+          set -e
+          CHANGED=$(git diff --cached --name-only)
+          if [ -z "$CHANGED" ]; then echo "No changes to commit"; exit 0; fi
+          echo "$CHANGED" | awk '{print}' | while read -r f; do
+            case "$f" in
+              config/aria-at.version) ;;
+              client/tests/e2e/snapshots/*|client/tests/e2e/snapshots/*/*) ;;
+              *) echo "Disallowed staged change: $f"; exit 1 ;;
+            esac
+          done
+
+      - name: Commit updated ARIA-AT pin and snapshots
+        if: steps.latest.outputs.latest != steps.latest.outputs.pinned
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          set -e
+          echo "Committing updated ARIA-AT pin and snapshots..."
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git commit -m "chore: bump ARIA-AT pin to ${{ steps.latest.outputs.latest }}"
+          echo "Pushing to development branch..."
+          git push origin HEAD:development

client/tests/e2e/snapshots/saved/_account_settings.html

@@ -98,7 +98,7 @@ <h2>Admin Actions</h2>
             <button type="button" class="btn btn-primary">
               Import Latest Test Plan Versions
             </button>
-            <p>Date of latest test plan version: August 25, 2025 18:06 UTC</p>
+            <p>Date of latest test plan version: August 31, 2025 20:57 UTC</p>
           </section>
         </main>
       </div>

client/tests/e2e/snapshots/saved/_data-management.html

@@ -282,9 +282,9 @@ <h3 class="disclosure-heading">
                         Switch Example Using HTML Button
                       </option>
                       <option value="99">Tabs with Automatic Activation</option>
-                      <option value="62">Tabs with Manual Activation</option>
-                      <option value="100">Toggle Button</option>
-                      <option value="101">Vertical Temperature Slider</option>
+                      <option value="100">Tabs with Manual Activation</option>
+                      <option value="101">Toggle Button</option>
+                      <option value="102">Vertical Temperature Slider</option>
                     </select>
                   </div>
                   <div class="form-group">
@@ -1197,7 +1197,7 @@ <h2>Test Plans Status Summary</h2>
                   <td>
                     <div class="phase-cell" role="list" aria-setsize="2">
                       <span class="styled-pill full-width auto-width"
-                        ><a href="/test-review/100"
+                        ><a href="/test-review/101"
                           ><span
                             ><svg
                               aria-hidden="true"
@@ -1876,7 +1876,7 @@ <h2>Test Plans Status Summary</h2>
                   <td>
                     <div class="status-cell">
                       <span class="pill full-width rd">R&amp;D</span>
-                      <p class="review-text">Complete <b>Aug 13, 2025</b></p>
+                      <p class="review-text">Complete <b>Aug 28, 2025</b></p>
                     </div>
                   </td>
                   <td>
@@ -1897,7 +1897,7 @@ <h2>Test Plans Status Summary</h2>
                               <path
                                 fill="currentColor"
                                 d="M256 512A256 256 0 1 0 256 0a256 256 0 1 0 0 512zM369 209L241 337c-9.4 9.4-24.6 9.4-33.9 0l-64-64c-9.4-9.4-9.4-24.6 0-33.9s24.6-9.4 33.9 0l47 47L335 175c9.4-9.4 24.6-9.4 33.9 0s9.4 24.6 0 33.9z"></path></svg
-                            ><b>V25.08.13</b></span
+                            ><b>V25.08.28</b></span
                           ></a
                         ></span
                       ><button
@@ -2843,13 +2843,13 @@ <h2>Test Plans Status Summary</h2>
                   <td>
                     <div class="status-cell">
                       <span class="pill full-width rd">R&amp;D</span>
-                      <p class="review-text">Complete <b>Mar 17, 2022</b></p>
+                      <p class="review-text">Complete <b>Aug 31, 2025</b></p>
                     </div>
                   </td>
                   <td>
                     <div class="phase-cell" role="list" aria-setsize="2">
                       <span class="styled-pill full-width auto-width"
-                        ><a href="/test-review/62"
+                        ><a href="/test-review/100"
                           ><span
                             ><svg
                               aria-hidden="true"
@@ -2864,7 +2864,7 @@ <h2>Test Plans Status Summary</h2>
                               <path
                                 fill="currentColor"
                                 d="M256 512A256 256 0 1 0 256 0a256 256 0 1 0 0 512zM369 209L241 337c-9.4 9.4-24.6 9.4-33.9 0l-64-64c-9.4-9.4-9.4-24.6 0-33.9s24.6-9.4 33.9 0l47 47L335 175c9.4-9.4 24.6-9.4 33.9 0s9.4 24.6 0 33.9z"></path></svg
-                            ><b>V22.03.17-1</b></span
+                            ><b>V25.08.31</b></span
                           ></a
                         ></span
                       ><button
@@ -2903,7 +2903,7 @@ <h2>Test Plans Status Summary</h2>
                   <td>
                     <div class="phase-cell" role="list" aria-setsize="2">
                       <span class="styled-pill full-width auto-width"
-                        ><a href="/test-review/101"
+                        ><a href="/test-review/102"
                           ><span
                             ><svg
                               aria-hidden="true"

config/aria-at.version

@@ -0,0 +1 @@
+84bd6c8806b51557ff50c8574533a99810d8a5a8

docs/database.md

@@ -33,7 +33,7 @@ The database migrations are managed by [Sequelize](https://sequelize.org/). The
    ```
    yarn sequelize db:seed:all
    ```
-4. Import the most recent tests and files from the [aria-at repository](https://github.com/w3c/aria-at):
+4. Import the pinned tests and files from the [aria-at repository](https://github.com/w3c/aria-at):
 
    ```
    yarn db-import-tests:dev -c "5fe7afd82fe51c185b8661276105190a59d47322 1aa3b74d24d340362e9f511eae33788d55487d12 ab77d47ab19db71c635c9bb459ba5c34182e1400 d34eddbb8e751f07bd28d952de15fa7fe5f07353";

docs/local-development.md

@@ -6,7 +6,7 @@
    - Version 14 or greater
    - It is recommended to install node with [`nvm`](https://github.com/nvm-sh/nvm)
 2. Yarn
-   - Yarn is resposible for installing dependencies, similar to npm. This project is utilizing yarn workspaces to organize the code into a monorepo structure.
+   - Yarn is responsible for installing dependencies, similar to npm. This project is utilizing yarn workspaces to organize the code into a monorepo structure.
    - For macOS, use: `brew install yarn`
    - For linux, See [yarn documentation](https://classic.yarnpkg.com/en/docs/install/#debian-stable)
 
@@ -17,12 +17,26 @@
    yarn install
    ```
 2. Set up local database using the instructions provided in [database.md](database.md).
-   - Note: You must run `yarn db-import-tests:dev` after setting up your database to import the latest test harness into
+   - Note: You must run `yarn db-import-tests:dev` after setting up your database to import the pinned test harness into
      your project.
 3. Run the server
-   ` yarn dev `
+   `yarn dev`
    Now you can navigate your browser to: [http://localhost:3000/](http://localhost:3000/). You need to use localhost instead of `0.0.0.0` because the cookie needs to be treated as secure.
 
+## Pinned ARIA-AT version
+
+The app imports test plans from the `w3c/aria-at` repository using a pinned commit.
+
+- The pinned SHA lives at `config/aria-at.version`.
+- Local imports without `-c` will read this file (or `ARIA_AT_PINNED_SHA`).
+- CI imports historical commits for coverage and then the pinned commit.
+
+A scheduled workflow (`.github/workflows/update-aria-at.yml`) runs daily to:
+
+- Resolve the latest upstream SHA.
+- Import and run tests against it.
+- If tests pass, update `config/aria-at.version`, refresh client snapshots, and push directly to `development` with only those changes.
+
 ### Signing in as a tester, admin, or vendor
 
 ARIA-AT App determines if you are authorized to sign in as an admin, tester, or vendor based on whether your Github username is listed in the admins.txt, testers.txt, or vendors.txt file.

server/scripts/import-tests/index.js

@@ -20,7 +20,7 @@ if (args.help) {
   console.log(`
 Default use:
   No arguments:
-    Fetch most recent aria-at tests to update database. By default, the latest commit on the default branch.
+    Import aria-at tests pinned by ARIA_AT_PINNED_SHA or config/aria-at.version
   Arguments:
     -h, --help
        Show this message.
@@ -40,12 +40,37 @@ const importTestPlanVersions = async transaction => {
 
   // Get list of commits when multiple passed in as
   // `<import_cmd> -c "commit1 commit2 commitN ..."`
-  const commits = args.commit
-    ? args.commit
-        .trim()
-        .split(' ')
-        .filter(el => !!el)
-    : [];
+  let commits = [];
+  if (args.commit) {
+    commits = args.commit
+      .trim()
+      .split(' ')
+      .filter(el => !!el);
+  } else {
+    // Default to pinned commit if provided, otherwise fail fast
+    const fseLocal = require('fs-extra');
+    const path = require('path');
+    const pinnedFromEnv =
+      process.env.ARIA_AT_PINNED_SHA &&
+      String(process.env.ARIA_AT_PINNED_SHA).trim();
+    let pinnedFromFile = null;
+    const versionPath = path.resolve(
+      __dirname,
+      '../../../config/aria-at.version'
+    );
+    if (fseLocal.existsSync(versionPath)) {
+      pinnedFromFile = String(fseLocal.readFileSync(versionPath)).trim();
+    }
+
+    const pinned = pinnedFromEnv || pinnedFromFile;
+    if (!pinned) {
+      console.error(
+        'No commit specified and no pinned SHA found. Provide -c <sha>, set ARIA_AT_PINNED_SHA, or add config/aria-at.version.'
+      );
+      process.exit(1);
+    }
+    commits = [pinned];
+  }
 
   if (commits.length) {
     for (const [cIndex, commit] of commits.entries()) {