mirror of
https://github.com/mermaid-js/mermaid.git
synced 2025-08-15 06:19:24 +02:00
65 lines
2.0 KiB
YAML
65 lines
2.0 KiB
YAML
name: Validate pnpm-lock.yaml
|
|
|
|
on:
|
|
pull_request:
|
|
paths:
|
|
- 'pnpm-lock.yaml'
|
|
- '**/package.json'
|
|
- '**/*.js'
|
|
- '.github/workflows/validate-lockfile.yml'
|
|
|
|
jobs:
|
|
validate-lockfile:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Set up Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
|
|
- name: Validate pnpm-lock.yaml entries
|
|
run: |
|
|
forbidden=(
|
|
'tarball:' # no tarball fields
|
|
'packages/mermaid/src/vitepress' # no vitepress paths
|
|
)
|
|
|
|
for pat in "${forbidden[@]}"; do
|
|
if grep -qF "$pat" pnpm-lock.yaml; then
|
|
echo "❌ Forbidden pattern \"$pat\" found in pnpm-lock.yaml"
|
|
exit 1
|
|
fi
|
|
done
|
|
|
|
- name: Ensure pnpm-lock.yaml only when package.json changes
|
|
run: |
|
|
git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} > changed_files.txt
|
|
if grep -q '^pnpm-lock.yaml$' changed_files.txt && \
|
|
! grep -q 'package.json' changed_files.txt; then
|
|
echo "❌ pnpm-lock.yaml was changed without any package.json"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Comment on PR if validation failed
|
|
if: failure()
|
|
uses: peter-evans/create-or-update-comment@v4
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
issue-number: ${{ github.event.pull_request.number }}
|
|
body: |
|
|
## 🔍 Lockfile Validation Failed
|
|
|
|
One or more issues were found in `pnpm-lock.yaml`:
|
|
- Tarball references are not allowed.
|
|
- `packages/mermaid/src/vitepress` path must not appear in the lockfile.
|
|
- `pnpm-lock.yaml` should only change when `package.json` changes.
|
|
|
|
Please fix these issues and push an update.
|
|
|
|
_Posted automatically by GitHub Actions_
|