ruvector/.github/workflows/validate-lockfile.yml

name: Validate Package Lock File

on:
  pull_request:
    paths:
      - 'npm/**/package.json'
      - 'npm/package-lock.json'
  push:
    branches:
      - main
      - develop
    paths:
      - 'npm/**/package.json'
      - 'npm/package-lock.json'

jobs:
  validate-lockfile:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '18'
          cache: 'npm'
          cache-dependency-path: npm/package-lock.json

      - name: Validate lock file is in sync
        run: |
          cd npm
          npm ci --dry-run

      - name: Check for lock file changes needed
        if: failure()
        run: |
          echo "❌ package-lock.json is out of sync with package.json"
          echo ""
          echo "To fix this issue:"
          echo "  1. Run: cd npm && npm install"
          echo "  2. Commit the updated package-lock.json"
          echo "  3. Push to your branch"
          echo ""
          echo "Or use the automated script:"
          echo "  ./scripts/sync-lockfile.sh"
          exit 1