deps(deps): bump the production-dependencies group across 1 directory with 4 updates #33
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Lock File Synchronization | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| paths: | |
| - 'package.json' | |
| - 'package-lock.json' | |
| workflow_dispatch: | |
| jobs: | |
| validate-lockfile: | |
| name: Validate and Sync Lock File | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| fetch-depth: 0 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20.x' | |
| cache: 'npm' | |
| - name: Check lock file sync | |
| id: check_sync | |
| run: | | |
| echo "Checking if package-lock.json is in sync with package.json..." | |
| # Try to install dependencies - this will fail if lock file is out of sync | |
| if npm ci --dry-run 2>&1 | grep -q "requires a peer"; then | |
| echo "sync_status=needs_update" >> $GITHUB_OUTPUT | |
| echo "::warning::Lock file may need updating due to peer dependency warnings" | |
| elif ! npm ci --dry-run > /dev/null 2>&1; then | |
| echo "sync_status=out_of_sync" >> $GITHUB_OUTPUT | |
| echo "::error::package-lock.json is out of sync with package.json" | |
| exit 0 | |
| else | |
| echo "sync_status=synced" >> $GITHUB_OUTPUT | |
| echo "✅ Lock file is in sync" | |
| fi | |
| - name: Regenerate lock file if needed | |
| if: steps.check_sync.outputs.sync_status == 'out_of_sync' | |
| id: regenerate | |
| run: | | |
| echo "Regenerating package-lock.json..." | |
| rm -f package-lock.json | |
| npm install --package-lock-only | |
| # Check if lock file was modified | |
| if git diff --quiet package-lock.json; then | |
| echo "lock_file_changed=false" >> $GITHUB_OUTPUT | |
| echo "No changes needed to lock file" | |
| else | |
| echo "lock_file_changed=true" >> $GITHUB_OUTPUT | |
| echo "Lock file has been regenerated" | |
| fi | |
| - name: Commit and push updated lock file | |
| if: steps.regenerate.outputs.lock_file_changed == 'true' | |
| run: | | |
| git config --local user.email "github-actions[bot]@users.noreply.github.com" | |
| git config --local user.name "github-actions[bot]" | |
| git add package-lock.json | |
| git commit -m "chore: regenerate package-lock.json to sync with package.json | |
| Automatically regenerated by lockfile-sync workflow" | |
| git push | |
| - name: Add PR comment if lock file was updated | |
| if: steps.regenerate.outputs.lock_file_changed == 'true' | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: '🔄 **Lock File Updated**\n\n' + | |
| 'The `package-lock.json` file was out of sync with `package.json` and has been automatically regenerated.\n\n' + | |
| '**Best Practices:**\n' + | |
| '- Always run `npm install` after pulling changes\n' + | |
| '- Use `npm ci` in CI/CD pipelines\n' + | |
| '- Never manually edit `package-lock.json`\n' + | |
| '- Commit lock file changes along with `package.json` updates' | |
| }) | |
| - name: Validation summary | |
| run: | | |
| echo "=== Lock File Validation Summary ===" | |
| echo "Status: ${{ steps.check_sync.outputs.sync_status }}" | |
| if [ "${{ steps.regenerate.outputs.lock_file_changed }}" == "true" ]; then | |
| echo "Action: Lock file regenerated and committed" | |
| else | |
| echo "Action: No changes needed" | |
| fi |