Publish Storybook via child pipeline

What does this MR do?

Publish Storybook under a different domain

Storybook will no longer be published directly under the design.gitlab.com domain in production.

Instead, it'll be published under design-system-pages-2b622b.gitlab.io, via the https://gitlab.com/gitlab-org/frontend/design-system-pages project.

Here's how it works:

1. A pipeline on the main branch of this project runs, e.g., after a merge request merges.
2. The ui:build_storybook and ui:build_storybook_vue3 jobs run, and expose artifacts containing the built Storybook applications for Vue 2 and Vue 3 (@vue/compat).
3. The ui:pages_storybook_redirect and ui:pages_storybook_vue3_redirect jobs run, which publish stub HTML files to https://design.gitlab.com/storybook/index.html and https://design.gitlab.com/storybook-vue3/index.html, which redirect the user to the alternate domain, design-system-pages-2b622b.gitlab.io, with query parameters intact.
4. The ui:trigger_design_system_pages job runs, triggering a pipeline on the main branch of the https://gitlab.com/gitlab-org/frontend/design-system-pages project (via a pipeline trigger token, rather than a child pipeline, to avoid permissions issues - just like for the Duo UI pipeline).
5. That new pipeline fetches the artifacts from step 2, and publishes them to design-system-pages-2b622b.gitlab.io, i.e., the Pages site of the https://gitlab.com/gitlab-org/frontend/design-system-pages project.

Review apps are unaffected, and continue to be published under the same domain that the main Design System site is published under. In other words, these redirection shenanigans only happen in production.

Why not rely on GitLab Pages _redirects? Because they do not support query parameters, which is what Storybook uses for stateful navigation.

Why not embed Storybook within an iframe, avoiding the redirect? Because then the browser's address bar would not reflect the current Storybook URL as the user navigated around. This could be wired up, but doesn't seem worth the effort.

Screenshots or screen recordings

N/A

Sanity checks

• The Storybook review app still works
• The Storybook Vue 3 review app still works
• The main site review app still correctly links to the review app Storybook Vue 2 review app

Integrations

• GitLab: mr_url
• CustomersDot: mr_url
• Duo UI: mr_url
• Status Page: mr_url
• Docs: mr_url
• Switchboard: mr_url

Does this MR meet the acceptance criteria?

This checklist encourages the authors, reviewers, and maintainers of merge requests (MRs) to confirm changes were analyzed for conformity with the project's guidelines, security and accessibility.

Toggle the acceptance checklist

Conformity

• The “What does this MR do?” section in the MR description is filled out, explaining the reasons for and scope of the proposed changes, per “Say why not just what”.
  • For example, if the MR is focused on usage guidelines, addressing accessibility challenges could be added in a separate MR.
• Relevant label(s) are applied to the MR.
• The MR is added to a milestone.
• Added the ~"component:*" label(s) if applicable.
• A changeset is added when this MR will do a patch, minor, or major update. More information can be found in doc/publishing-packages.md.

Components

• GitLab UI's contributing guidelines.
• If the MR changes a component's API, integration MR(s) have been opened (see integrations above).

Documentation

• If creating a new component page from scratch, it follows the page template structure.
• Content follows the Pajamas voice and tone guidelines, falling back on the GitLab Documentation Style Guide when needed.
• Related pages are cross-linked, where helpful. Component pages have related components and patterns defined in their Markdown front matter.
• If embedding a Figma file, it follows the Figma embed guide.
• Review requested from any GitLab designer or directly from a maintainer or trainee maintainer.
• Maintainer review follows the Pajamas UX maintainer review checklist.

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• Label as security and @ mention @gitlab-com/gl-security/appsec
• Security reports checked/validated by a reviewer from the AppSec team

Accessibility

If this MR adds or modifies a component, take a few moments to review the following:

• All actions and functionality can be done with a keyboard.
• Links, buttons, and controls have a visible focus state.
• All content is presented in text or with a text equivalent. For example, alt text for SVG, or aria-label for icons that have meaning or perform actions.
• Changes in a component’s state are announced by a screen reader. For example, changing aria-expanded="false" to aria-expanded="true" when an accordion is expanded.
• Color combinations have sufficient contrast.