name: CI

on:
  push:
    branches: [lotus]
  pull_request:
    branches: [lotus]

jobs:
  build:
    name: Build check
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version-file: ".node-version"
          cache: npm

      - name: Install dependencies
        run: npm ci

      - name: Build
        run: npm run build
        env:
          NODE_OPTIONS: "--max_old_space_size=4096"
          # No auth token — skip source map upload in CI (done by deploy script)
          SENTRY_AUTH_TOKEN: ""

      - name: Audit (high/critical only)
        run: npm audit --audit-level=high
        # Informational — don't fail the build on existing known vulns
        continue-on-error: true