-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PR level check that verifies if contributed package-lock.json
is created with v2
#177
Comments
This issue has been automatically marked as stale because it has not had recent activity 😴 It will be closed in 120 days if no further activity occurs. To unstale this issue, add a comment with a detailed explanation. There can be many reasons why some specific issue has no activity. The most probable cause is lack of time, not lack of interest. AsyncAPI Initiative is a Linux Foundation project not owned by a single for-profit company. It is a community-driven initiative ruled under open governance model. Let us figure out together how to push this issue forward. Connect with us through one of many communication channels we established here. Thank you for your patience ❤️ |
Maybe we could just check, in the git diff, that the lockVersion is not being degraded? I.e. from 3 to 2. |
we would have to assume that nobody intentionally will degrade. But I guess it is not a bad assumption 🤔 you think variables are not good? we can easily set org variable to 2 and then on repo level maintainers can override with local variable |
This issue has been automatically marked as stale because it has not had recent activity 😴 It will be closed in 120 days if no further activity occurs. To unstale this issue, add a comment with a detailed explanation. There can be many reasons why some specific issue has no activity. The most probable cause is lack of time, not lack of interest. AsyncAPI Initiative is a Linux Foundation project not owned by a single for-profit company. It is a community-driven initiative ruled under open governance model. Let us figure out together how to push this issue forward. Connect with us through one of many communication channels we established here. Thank you for your patience ❤️ |
We need a new global workflow, with a dedicated configuration in https://github.com/asyncapi/.github/blob/master/.github/workflows/global-replicator.yml that only certain projects can opt into if they want
The goal is that it runs on a PR and it checks if the PR modifies
package-lock.json
and the file is created with"lockfileVersion": 2
. Otherwise the check fails and we post a nice friendly comment saying "oy, sorry but we use lockfileVersion 2, so please make sure you are not using npm 6 to install dependencies in the project, thanks a 💯 " (just an example 😄 ).Then once the fix is done, we remove the bot comment
related to asyncapi/parser-js#427
The text was updated successfully, but these errors were encountered: