From fbf2153430e0f641edf1e131d1aaef33fa51a440 Mon Sep 17 00:00:00 2001
From: Marc Mintel <marc@mintel.me>
Date: Fri, 27 Feb 2026 18:37:08 +0100
Subject: [PATCH] ci: require pnpm install success before running QA checks

---
 .gitea/workflows/quality-assurance-template.yml | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/.gitea/workflows/quality-assurance-template.yml b/.gitea/workflows/quality-assurance-template.yml
index 93c9c80..8aa4453 100644
--- a/.gitea/workflows/quality-assurance-template.yml
+++ b/.gitea/workflows/quality-assurance-template.yml
@@ -41,6 +41,7 @@ jobs:
           echo "@mintel:registry=https://git.infra.mintel.me/api/packages/mmintel/npm" > .npmrc
           echo "//git.infra.mintel.me/api/packages/mmintel/npm/:_authToken=${{ secrets.MINTEL_PRIVATE_TOKEN || secrets.GITEA_PAT }}" >> .npmrc
       - name: Install dependencies
+        id: deps
         run: |
           pnpm store prune
           pnpm install --no-frozen-lockfile
@@ -59,7 +60,7 @@ jobs:
           key: ${{ runner.os }}-chromium-native-${{ hashFiles('package.json') }}
           
       - name: 🔍 Install Chromium (Native & ARM64)
-        if: steps.cache-chromium.outputs.cache-hit != 'true'
+        if: steps.cache-chromium.outputs.cache-hit != 'true' && steps.deps.outcome == 'success'
         run: |
           rm -f /etc/apt/apt.conf.d/docker-clean
           apt-get update
@@ -83,21 +84,21 @@ jobs:
       # ── Quality Gates ─────────────────────────────────────────────────────────
 
       - name: 🌐 Full Sitemap HTML Validation
-        if: always()
+        if: always() && steps.deps.outcome == 'success'
         env:
           NEXT_PUBLIC_BASE_URL: ${{ inputs.TARGET_URL }}
           GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD }}
         run: pnpm run check:html
 
       - name: 🌐 Dynamic Asset Presence & Error Scan
-        if: always()
+        if: always() && steps.deps.outcome == 'success'
         env:
           NEXT_PUBLIC_BASE_URL: ${{ inputs.TARGET_URL }}
           GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD }}
         run: pnpm run check:assets
 
       - name: ♿ Accessibility Scan (WCAG)
-        if: always()
+        if: always() && steps.deps.outcome == 'success'
         continue-on-error: true
         env:
           NEXT_PUBLIC_BASE_URL: ${{ inputs.TARGET_URL }}
@@ -105,12 +106,12 @@ jobs:
         run: pnpm run check:wcag
 
       - name: 📦 Unused Dependencies Scan (depcheck)
-        if: always()
+        if: always() && steps.deps.outcome == 'success'
         continue-on-error: true
         run: pnpm dlx depcheck --ignores="*eslint*,*typescript*,*tailwindcss*,*postcss*,*prettier*,*@types/*,*husky*,*lint-staged*,*@next/*,*@lhci/*,*commitlint*,*cspell*,*rimraf*,*@payloadcms/*,*start-server-and-test*,*html-validate*,*critters*,*dotenv*,*turbo*"
 
       - name: 🔗 Markdown & HTML Link Check (Lychee)
-        if: always()
+        if: always() && steps.deps.outcome == 'success'
         uses: lycheeverse/lychee-action@v2
         with:
           args: --accept 200,204,429 --timeout 15 content/ app/ public/
@@ -118,7 +119,7 @@ jobs:
 
       - name: 🎭 LHCI Desktop Audit
         id: lhci_desktop
-        if: always()
+        if: always() && steps.deps.outcome == 'success'
         env:
           LHCI_URL: ${{ inputs.TARGET_URL }}
           GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD }}
@@ -126,7 +127,7 @@ jobs:
 
       - name: 📱 LHCI Mobile Audit
         id: lhci_mobile
-        if: always()
+        if: always() && steps.deps.outcome == 'success'
         env:
           LHCI_URL: ${{ inputs.TARGET_URL }}
           GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD }}