ariada.org

The EAA pipeline

ariada-org/ariada is a reusable GitHub Actions workflow that audits a public site against the European Accessibility Act 2025, generates an EN 301 549 art. 7 accessibility statement, and emits machine-readable VPAT-JSON evidence — all from a single uses: line. Five stops, one workflow, EUPL-1.2.

Five stops

1. Scan — shipped

The workflow installs Node 22 + pnpm, @axe-core/cli, and @ariada-org/wcag-rules-extended, then runs the combined ruleset against every path in pages:. Coverage is WCAG 2.2 AA plus EAA Annex I sectoral scope (e-commerce checkout, banking digital channels, accessibility-statement pages) and Nordic-language locales (sv / nb / da / fi).

2. PR comment — v0.2 target

On pull_request events, the job posts a summary comment with the violation totals grouped by impact level (minor / moderate / serious / critical) and a delta against the base branch. The current release uploads the raw report as an artefact; the inline violations-summary comment with per-rule grouping ships in the next minor.

3. Statement generator — shipped

When emit-statement: true, the workflow renders an HTML accessibility-statement file shaped to Directive (EU) 2016/2102 art. 7 and the EN 301 549 v3.2.1 disclosure template. The output is a static document the caller drops at /accessibility/ on their own site — no hosted dependency, no tracking.

4. Evidence emitter — shipped

With emit-evidence: true, the workflow also writes vpat.json in VPAT 2.5 INT shape and accessibility.json shaped for the .well-known/ discovery path. Both files map every reported violation to a WCAG 2.2 Success Criterion and an EN 301 549 clause, so downstream procurement tools can diff and verify mechanically.

5. Penalty estimator — shipped

The evidence bundle includes a per-jurisdiction € exposure estimate — severity-weighted violation counts crossed with each member-state EAA-implementing law's fine ranges and turnover-cap formula (initial coverage: 11 EU member states). The estimate is advisory, machine-readable, and intended as input to remediation prioritisation, not as legal advice.

Try it

Add one file to your repo at .github/workflows/eaa-audit.yml:

name: EAA audit

on:
  push:
    branches: [main]
  pull_request:

jobs:
  audit:
    uses: ariada-org/ariada/.github/workflows/eaa-audit.yml@v1
    with:
      site-url: 'https://example.com'
      pages: '/,/about/,/checkout/,/accessibility/'
      fail-on: 'serious,critical'
      emit-statement: true
      emit-evidence: true
      pack-version: 'next'

The first run takes about three minutes; cached runs finish in roughly ninety seconds for a five-page audit. The workflow uses GitHub-hosted Ubuntu runners by default and does not require an Ariada account, an API key, or any commercial dependency.

Full input reference and example workflows (single-page, multi-page, monorepo) ship in the ariada-org/ariada repository — published with the first tagged release.

Inputs at a glance

Limitations

The pipeline is honest about what it does not do: