name: Final Validation

on:
  workflow_dispatch:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main

permissions:
  contents: read

concurrency:
  group: final-validation-${{ github.ref }}
  cancel-in-progress: true

jobs:
  final-validation:
    name: Clean checkout production validation
    runs-on: ubuntu-latest
    timeout-minutes: 55

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup current Node LTS
        uses: actions/setup-node@v4
        with:
          node-version: lts/*

      - name: Record tool versions
        run: |
          node --version
          npm --version

      - name: Run final validation gates
        run: node scripts/run-final-validation.mjs
        env:
          CI: 'true'
          PLAYWRIGHT_BROWSERS_PATH: '0'
          MECHANICA_PLAYWRIGHT_WITH_DEPS: 'true'

      - name: Upload final validation evidence
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: mechanica-final-validation-${{ github.run_id }}-${{ github.run_attempt }}
          if-no-files-found: warn
          retention-days: 21
          path: |
            validation-summary.md
            bundle-budget.md
            artifacts/final-validation/latest/**
            playwright-report/**
            test-results/**