# CI workflow — runs on every push to main and every pull request.
#
# TURBO_TOKEN / TURBO_TEAM: set these in your repository secrets/variables
# to enable Turborepo remote caching. Without them the workflow still works,
# just without the remote-cache speedup.
#
# PAYLOAD_SECRET: the value used here is a throwaway test secret. Do NOT
# reuse it in production. Set a real secret for your deployed environments.

name: CI

on:
  push:
    branches: [main]
  pull_request:

env:
  TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
  TURBO_TEAM: ${{ vars.TURBO_TEAM }}
  CI: true

jobs:
  validate:
    name: typecheck + lint + boundaries + test + build
    runs-on: ubuntu-latest
    services:
      postgres:
        image: postgres:16-alpine
        env:
          POSTGRES_PASSWORD: postgres
          POSTGRES_USER: postgres
          POSTGRES_DB: cms_test
        ports:
          - 5432:5432
        options: >-
          --health-cmd "pg_isready -U postgres"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
    steps:
      - uses: actions/checkout@v4
      - uses: pnpm/action-setup@v4
        with:
          version: 9
      - uses: actions/setup-node@v4
        with:
          node-version: 22
          cache: pnpm
      - run: pnpm install --frozen-lockfile
      - run: pnpm typecheck
      - run: pnpm lint
      - run: pnpm conformance
      - run: pnpm turbo boundaries
      - name: Test with coverage
        env:
          DATABASE_URL: postgres://postgres:postgres@localhost:5432/cms_test
          PAYLOAD_SECRET: test-secret-do-not-use-in-prod
        run: pnpm test -- --coverage
      - run: pnpm build
      - uses: actions/upload-artifact@v4
        if: always()
        with:
          name: coverage
          path: '**/coverage/lcov.info'
          retention-days: 7

  e2e:
    name: Playwright e2e
    needs: validate
    runs-on: ubuntu-latest
    services:
      postgres:
        image: postgres:16-alpine
        env:
          POSTGRES_PASSWORD: postgres
          POSTGRES_USER: postgres
          POSTGRES_DB: cms_test
        ports:
          - 5432:5432
        options: >-
          --health-cmd "pg_isready -U postgres"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
    steps:
      - uses: actions/checkout@v4
      - uses: pnpm/action-setup@v4
        with:
          version: 9
      - uses: actions/setup-node@v4
        with:
          node-version: 22
          cache: pnpm
      - run: pnpm install --frozen-lockfile
      - run: pnpm exec playwright install --with-deps chromium
      - name: Run e2e
        env:
          DATABASE_URL: postgres://postgres:postgres@localhost:5432/cms_test
          PAYLOAD_SECRET: test-secret-do-not-use-in-prod
        run: pnpm test:e2e

  storybook:
    name: Storybook smoke tests
    needs: validate
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: pnpm/action-setup@v4
        with:
          version: 9
      - uses: actions/setup-node@v4
        with:
          node-version: 22
          cache: pnpm
      - run: pnpm install --frozen-lockfile
      - run: pnpm exec playwright install --with-deps chromium
      - run: pnpm build-storybook --filter @repo/storybook
      - run: pnpm test:stories