Merge branch 'da/add-lockfile-checks' into 'master'

Add CI job for checking yarn.lock See merge request gitlab-org/gitlab!51900

Merge branch 'da/add-lockfile-checks' into 'master'
Add CI job for checking yarn.lock See merge request gitlab-org/gitlab!51900
965fcd0b · Rémy Coutable · cb1a7626 · 8a400552 · 965fcd0b · 965fcd0b
Commit 965fcd0b authored Jan 19, 2021 by Rémy Coutable
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 1 deletion

.gitlab-ci.yml .gitlab-ci.yml +1 -0

.gitlab/ci/verify-lockfile.gitlab-ci.yml .gitlab/ci/verify-lockfile.gitlab-ci.yml +11 -0

yarn.lock yarn.lock +1 -1

No files found.
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -111,3 +111,4 @@ include:
  - local: .gitlab/ci/dast.gitlab-ci.yml
  - local: .gitlab/ci/workhorse.gitlab-ci.yml
  - local: .gitlab/ci/graphql.gitlab-ci.yml
+  - local: .gitlab/ci/verify-lockfile.gitlab-ci.yml
--- a/.gitlab/ci/verify-lockfile.gitlab-ci.yml
+++ b/.gitlab/ci/verify-lockfile.gitlab-ci.yml
+verify_lockfile:
+  stage: test
+  image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.2-git-2.29-lfs-2.9-node-12.18-yarn-1.22-graphicsmagick-1.3.34
+  needs: []
+  rules:
+    - changes:
+        - yarn.lock
+  script:
+    - npm config set @dappelt:registry https://gitlab.com/api/v4/projects/22564149/packages/npm/
+    - npx lockfile-lint@4.3.7 --path yarn.lock --allowed-hosts yarn --validate-https
+    - npx @dappelt/untamper-my-lockfile --lockfile yarn.lock
--- a/yarn.lock
+++ b/yarn.lock
@@ -8424,7 +8424,7 @@ mkdirp@1.x, mkdirp@^1.0.4, mkdirp@~1.0.3:

 "mkdirp@>=0.5 0", mkdirp@^0.5.0, mkdirp@^0.5.1, mkdirp@~0.5.1:
  version "0.5.1"
-  resolved "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz#30057438eac6cf7f8c4767f38648d6697d75c903"
+  resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.1.tgz#30057438eac6cf7f8c4767f38648d6697d75c903"
  integrity sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=
  dependencies:
    minimist "0.0.8"