From ed0caf121880f652d5cf3013d136bf40de97d0c2 Mon Sep 17 00:00:00 2001 From: Jimisola Laursen Date: Sat, 7 Mar 2026 22:45:17 +0100 Subject: [PATCH] build: pin dependencies and use lockfile in CI Pin package.json dependencies to exact versions (antora==3.1.14, asciidoctor-kroki==0.18.1) and use npm ci in publish workflow to install from lockfile instead of bare npm install. Signed-off-by: jimisola --- .github/workflows/publish_gh_pages.yml | 6 ++---- package-lock.json | 6 +++--- package.json | 4 ++-- 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/.github/workflows/publish_gh_pages.yml b/.github/workflows/publish_gh_pages.yml index 9460af3..6c3743b 100644 --- a/.github/workflows/publish_gh_pages.yml +++ b/.github/workflows/publish_gh_pages.yml @@ -32,10 +32,8 @@ jobs: uses: actions/setup-node@v6 with: node-version: "24" - - name: Install Antora - run: npm i antora - - name: Install Asciidoctor Kroki extension - run: npm i asciidoctor asciidoctor-kroki + - name: Install dependencies + run: npm ci - name: Generate Site run: npx antora docs/antora-playbook.yml - name: Create site folders diff --git a/package-lock.json b/package-lock.json index 512e742..6ed6071 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { - "name": "reqstool-docs", + "name": "reqstool.github.io", "lockfileVersion": 3, "requires": true, "packages": { "": { "dependencies": { - "antora": "^3.1", - "asciidoctor-kroki": "^0.18" + "antora": "3.1.14", + "asciidoctor-kroki": "0.18.1" } }, "node_modules/@antora/asciidoc-loader": { diff --git a/package.json b/package.json index 02841a7..086840e 100644 --- a/package.json +++ b/package.json @@ -6,7 +6,7 @@ "preview": "npx http-server docs/build/site -o" }, "dependencies": { - "antora": "^3.1", - "asciidoctor-kroki": "^0.18" + "antora": "3.1.14", + "asciidoctor-kroki": "0.18.1" } }