chore: add workflow for lockfile checks #892
Conversation
achou11
force-pushed
the
ac/lockfile-action
branch
2 times, most recently
from
43e5240 to
0c1942b
Compare
Run the action a second time and pass: However it needs an update to our lockfile workflow fork to include the comment header when identifying which comment to update (the header contains the path), otherwise it will be overwritten. |
|
any ideas for how to go about the lockfile version check on the backend? doesn't accept a path input like the lockfile changes one, unfortunately did a quick try with just cd-ing into the backend directory before running the version check action but that didn't seem to work. maybe i did something wrong there? |
|
No not sure. There are probably some things we can do around checking out a subdirectory, or just the package-lock, but I don't think it's worth the effort at this point for this check. |
Copies over the workflow we've set up in core. On pull requests, it runs a job for each of the following:
checking that the lockfile version doesn't change. this usually happens if someone uses an incompatible package manager version to manage dependencies, which we want to prevent
highlighting changes in dependencies that the PR introduces, if any, by writing a PR comment with a table
Introducing this will be helpful for avoiding any surprise updates and highlighting intended changes moving forward
Note that this only does a check on the top-level lockfile. Ideally this would also account for the backend's lockfile, but haven't fully figured out how to get that working just yet.