ci: Only run Check lockfile when package.json or yarn.lock changes#21077
Open
mydea wants to merge 1 commit into
Open
ci: Only run Check lockfile when package.json or yarn.lock changes#21077mydea wants to merge 1 commit into
mydea wants to merge 1 commit into
Conversation
On PRs that don't touch any package.json or yarn.lock, the lockfile check is wasted work — it just re-runs `yarn install --frozen-lockfile` + dedupe-deps:check against an unchanged lockfile. Adds a `deps` dorny/paths-filter entry in ci-metadata.yml (matching `**/package.json` and `yarn.lock`), exposes it as `changed_deps`, and gates job_check_lockfile on it. Still runs on base-branch pushes and release branches so develop / release/* are always verified end-to-end.
mydea
requested review from
a team,
Lms24 and
andreiborza
and removed request for
a team
Lms24
approved these changes
May 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Gates the
job_check_lockfilejob inbuild.ymlon whetherpackage.json(any of them) oryarn.lockactually changed. PRs that don't touch dependencies skip it.How
Adds a
depsfilter to the existingdorny/paths-filterstep inci-metadata.yml(matching**/package.json+yarn.lock), exposes it as a newchanged_depsoutput, and adds anif:condition tojob_check_lockfile:Pushes to base branches (
develop/v9/v8) and release branches still run the check unconditionally — same safety pattern asjob_build, so the lockfile is always verified end-to-end on those.