Merge pull request #270 from OriginTrail/package-lock-check

add package lock github actions check

Author: Bojan131

.github/workflows/check-package-lock.yml

@@ -0,0 +1,53 @@
+name: Check Package Lock File
+
+permissions:
+  contents: read
+
+concurrency:
+  group: check-package-lock-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  push:
+    branches:
+      - main # Run on push to main branch only
+  pull_request:
+    branches:
+      - "**" # Run on PR to any branch
+
+jobs:
+  verify-package-lock:
+    name: Verify package-lock.json exists
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Check if package-lock.json exists
+        run: |
+          if [ ! -f "package-lock.json" ]; then
+            echo "ERROR: package-lock.json file is missing from the repository"
+            echo "This file is required to ensure consistent dependency versions across all environments"
+            echo "Please ensure package-lock.json is committed with your changes"
+            exit 1
+          fi
+          echo "SUCCESS: package-lock.json file is present"
+
+      - name: Verify package-lock.json is not empty
+        run: |
+          if [ ! -s "package-lock.json" ]; then
+            echo "ERROR: package-lock.json file exists but is empty"
+            echo "Please run 'npm install' to regenerate the lock file"
+            exit 1
+          fi
+          echo "SUCCESS: package-lock.json file is valid and not empty"
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '16.x'
+
+      - name: Validate package-lock.json is valid and in sync
+        run: npm ci --dry-run --ignore-scripts