name: "Lint"

# any branch is useful for testing before a PR is submitted
on: [push, pull_request]

jobs:
  lint-package-lock:
    # run on pushes to any branch
    # run on PRs from external forks
    if: |
         (github.event_name != 'pull_request')
         || (github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id)
    name: package-lock.json
    runs-on: ubuntu-latest

    steps:
    - name: Checkout repository
      uses: actions/checkout@v2

    - name: Install lockfile-lint
      run: npm install lockfile-lint

    - name: Run lockfile-lint on package-lock.json
      run: npx lockfile-lint --path src/package-lock.json --validate-https --allowed-hosts npm