@@ -50,30 +50,26 @@ jobs:
5050 fi
5151 echo "SUCCESS: package-lock.json file is valid and not empty"
5252
53- name : Check package-lock.json is updated when package.json changes
54- if : github.event_name == 'pull_request'
55- run : |
56- git fetch origin ${{ github.base_ref }} --depth=1
57-
58- # Check if package.json was changed in this PR
59- if git diff --name-only origin/${{ github.base_ref }}...HEAD | grep -q "^package\.json$"; then
60- echo "package.json was modified - checking if package-lock.json was also updated..."
61-
62- if ! git diff --name-only origin/${{ github.base_ref }}...HEAD | grep -q "^package-lock\.json$"; then
63- echo "ERROR: package.json was changed but package-lock.json was NOT updated"
64- echo "Please run 'npm install' to update the lock file and commit it"
65- exit 1
66- fi
67-
68- echo "SUCCESS: Both package.json and package-lock.json were updated"
69- else
70- echo "SKIP: package.json was not modified, only package-lock.json changed"
71- fi
72-
7353name : Setup Node.js
7454 uses : actions/setup-node@v4
7555 with :
7656 node-version : ' 16.x'
7757
7858 - name : Validate package-lock.json is valid and in sync
7959 run : npm ci --dry-run --ignore-scripts
60+
61+ - name : Check package-lock.json is up to date with package.json
62+ if : github.event_name == 'pull_request'
63+ run : |
64+ # Regenerate the lock file from the current package.json without
65+ # installing node_modules, then check if it differs from what was committed.
66+ cp package-lock.json package-lock.json.bak
67+ npm install --package-lock-only --ignore-scripts
68+
69+ if ! diff -q package-lock.json package-lock.json.bak > /dev/null 2>&1; then
70+ echo "ERROR: package-lock.json is out of date with package.json"
71+ echo "Please run 'npm install' and commit the updated package-lock.json"
72+ exit 1
73+ fi
74+
75+ echo "SUCCESS: package-lock.json is up to date"
0 commit comments