ci: use package-lock.json file to enable consistent CI runs

node-oauth · Jul 24, 2024 · e092cb2 · e092cb2
1 parent e1523b7
commit e092cb2
Show file tree

Hide file tree

Showing 6 changed files with 6,129 additions and 16 deletions.
diff --git a/.github/workflows/tests-release.yml b/.github/workflows/tests-release.yml
@@ -26,9 +26,7 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 20
-      # install to create local package-lock.json but don't cache the files
-      # also: no audit for dev dependencies
-      - run: npm i --package-lock-only  && npm audit --production
+      - run: npm clean-install && npm audit --production
 
   # STEP 2 - basic unit tests
 
@@ -50,7 +48,7 @@ jobs:
           node-version: ${{ matrix.node }}
           cache: npm
       # for this workflow we also require npm audit to pass
-      - run: npm i
+      - run: npm clean-install
       - run: npm run test:coverage
 
       # with the following action we enforce PRs to have a high coverage
@@ -97,7 +95,7 @@ jobs:
       # xxx: added bluebird as explicit dependency
       - run: |
           cd github/testing/express
-          npm i
+          npm install
           npm install https://github.com/node-oauth/node-oauth2-server.git#${{ github.ref_name }}
           npm run test
 
@@ -112,7 +110,7 @@ jobs:
         with:
           node-version: 16
           registry-url: https://registry.npmjs.org/
-      - run: npm i
+      - run: npm clean-install
       - run: npm publish --dry-run
         env:
           NODE_AUTH_TOKEN: ${{secrets.npm_token}}
@@ -130,7 +128,7 @@ jobs:
           # we always publish targeting the lowest supported node version
           node-version: 16
           registry-url: $registry-url(npm)
-      - run: npm i
+      - run: npm clean-install
       - run: npm publish --dry-run
         env:
           NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -25,7 +25,7 @@ jobs:
         with:
           node-version: 20
           cache: npm
-      - run: npm install
+      - run: npm clean-install
       - run: npm run lint
 
   unittest:
@@ -44,7 +44,7 @@ jobs:
       with:
         node-version: ${{ matrix.node }}
         cache: npm
-    - run: npm i
+    - run: npm clean-install
     - run: npm run test:coverage
 
     # with the following action we enforce PRs to have a high coverage

diff --git a/.gitignore b/.gitignore
@@ -39,6 +39,3 @@ tramp
 # coverage
 coverage
 .nyc_output
-
-package-lock.json
-yarn.lock
diff --git a/.npmignore b/.npmignore
diff --git a/.npmrc b/.npmrc