# Storybook audit: build static Storybook, serve it, run the audit script.
# Fails the job if any story has console errors, page errors, or unhandled network failures.
# See docs/STORYBOOK_CONTRACT.md and apps/web/scripts/audit-storybook.js.
name: Storybook Audit

on:
    push:
        paths:
            - "apps/web/**"
            - ".github/workflows/storybook-audit.yml"
    pull_request:
        paths:
            - "apps/web/**"
            - ".github/workflows/storybook-audit.yml"
    workflow_dispatch:

env:
    GIT_SSL_NO_VERIFY: "true"
    NODE_TLS_REJECT_UNAUTHORIZED: "0"

jobs:
    audit:
        name: Build & audit Storybook
        runs-on: ubuntu-latest
        defaults:
            run:
                working-directory: apps/web

        steps:
            - name: Checkout
              uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

            - name: Set up Node
              uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
              with:
                  node-version: "20"
                  cache: "npm"
                  cache-dependency-path: apps/web/package-lock.json

            - name: Install dependencies
              run: npm ci

            - name: Install Playwright Chromium
              run: npx playwright install chromium --with-deps

            - name: Validate Storybook (build, serve 6007, audit)
              run: npm run validate:storybook
              env:
                  VITE_API_URL: /api/v1
                  VITE_USE_MSW: "true"
                  VITE_STORYBOOK: "true"