jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 09:57:42 -05:00
Code Issues Projects Releases Wiki Activity
Files
main
docs/.github/workflows/package-lock-lint.yml
dependabot[bot] 3e333183fb Bump actions/checkout from 5.0.0 to 6.0.1 (#58937) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-16 23:37:47 +00:00

64 lines
2.4 KiB
YAML
Raw Permalink Blame History

name: Package lock lint
# **What it does**: Makes sure package.json and package-lock.json is in sync
# **Why we have it**: Accidental manual edits of the dependencies directly in package.json
# **Who does it impact**: Docs engineering/writers/contributors.
on:
pull_request:
paths:
- package.json
- package-lock.json
- .github/workflows/package-lock-lint.yml
permissions:
contents: read
# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
cancel-in-progress: true
jobs:
lint:
runs-on: ubuntu-latest
if: github.repository == 'github/docs-internal' || github.repository == 'github/docs'
steps:
- name: Check out repo
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Setup Node.js
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version-file: 'package.json'
cache: npm
- name: Run check
run: |
npm --version
# Save the current top-level dependencies from package-lock.json
node -e "console.log(JSON.stringify(require('./package-lock.json').packages['']))" > /tmp/before.json
# From https://docs.npmjs.com/cli/v7/commands/npm-install
#
# The --package-lock-only argument will only update the
# package-lock.json, instead of checking node_modules and
# downloading dependencies.
#
npm install --package-lock-only --ignore-scripts --include=optional
# Extract the top-level dependencies after regeneration
node -e "console.log(JSON.stringify(require('./package-lock.json').packages['']))" > /tmp/after.json
# Compare only the top-level package dependencies
# This ignores platform-specific differences in nested dependency resolution
# (like "peer" flags) that don't affect actual installed versions
if ! diff /tmp/before.json /tmp/after.json; then
echo "ERROR: Top-level dependencies in package-lock.json are out of sync with package.json"
echo "Please run 'npm install' locally and commit the updated package-lock.json"
exit 1
fi
echo "✓ Top-level dependencies are in sync"
Reference in New Issue View Git Blame Copy Permalink