Merge remote-tracking branch 'origin/v8/develop' into fix/approve-called-without-sufficient-TRAC

Zvonimir · Zvonimir · commit f3acdf6738ec · 2026-02-10T10:58:15.000+01:00
diff --git a/.github/workflows/check-package-lock.yml b/.github/workflows/check-package-lock.yml
@@ -0,0 +1,75 @@
+name: Check Package Lock File
+
+permissions:
+  contents: read
+
+concurrency:
+  group: check-package-lock-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "package.json"
+      - "package-lock.json"
+  pull_request:
+    branches:
+      - "**"
+    paths:
+      - "package.json"
+      - "package-lock.json"
+
+jobs:
+  verify-package-lock:
+    name: Verify package-lock.json exists
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Check if package-lock.json exists
+        run: |
+          if [ ! -f "package-lock.json" ]; then
+            echo "ERROR: package-lock.json file is missing from the repository"
+            echo "This file is required to ensure consistent dependency versions across all environments"
+            echo "Please ensure package-lock.json is committed with your changes"
+            exit 1
+          fi
+          echo "SUCCESS: package-lock.json file is present"
+
+      - name: Verify package-lock.json is not empty
+        run: |
+          if [ ! -s "package-lock.json" ]; then
+            echo "ERROR: package-lock.json file exists but is empty"
+            echo "Please run 'npm install' to regenerate the lock file"
+            exit 1
+          fi
+          echo "SUCCESS: package-lock.json file is valid and not empty"
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+
+      - name: Validate package-lock.json is valid and in sync
+        run: npm ci --dry-run --ignore-scripts
+
+      - name: Check package-lock.json is up to date with package.json
+        if: github.event_name == 'pull_request'
+        run: |
+          # Regenerate the lock file from the current package.json without
+          # installing node_modules, then check if it differs from what was committed.
+          cp package-lock.json package-lock.json.bak
+          npm install --package-lock-only --ignore-scripts
+          
+          if ! diff -q package-lock.json package-lock.json.bak > /dev/null 2>&1; then
+            echo "ERROR: package-lock.json is out of date with package.json"
+            echo "Please run 'npm install' and commit the updated package-lock.json"
+            exit 1
+          fi
+          
+          echo "SUCCESS: package-lock.json is up to date"
