Merge pull request #27 from OriginTrail/package-lock-check #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check Package Lock File | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: check-package-lock-${{ github.ref }} | |
| cancel-in-progress: true | |
| on: | |
| push: | |
| branches: | |
| - main # Run on push to main branch only | |
| pull_request: | |
| branches: | |
| - "**" # Run on PR to any branch | |
| jobs: | |
| verify-package-lock: | |
| name: Verify package-lock.json exists | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Check if package-lock.json exists | |
| run: | | |
| if [ ! -f "package-lock.json" ]; then | |
| echo "ERROR: package-lock.json file is missing from the repository" | |
| echo "This file is required to ensure consistent dependency versions across all environments" | |
| echo "Please ensure package-lock.json is committed with your changes" | |
| exit 1 | |
| fi | |
| echo "SUCCESS: package-lock.json file is present" | |
| - name: Verify package-lock.json is not empty | |
| run: | | |
| if [ ! -s "package-lock.json" ]; then | |
| echo "ERROR: package-lock.json file exists but is empty" | |
| echo "Please run 'npm install' to regenerate the lock file" | |
| exit 1 | |
| fi | |
| echo "SUCCESS: package-lock.json file is valid and not empty" | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| - name: Validate package-lock.json is valid and in sync | |
| run: npm ci --dry-run --ignore-scripts |