From 3bfeabdbb3531fe0459f36ca9052b2253b2b5d4e Mon Sep 17 00:00:00 2001 From: Ed Fricker Date: Fri, 8 May 2026 11:31:49 +0100 Subject: [PATCH] fix(ci): run validate without a package-lock.json The repo has no committed package-lock.json. The validate workflow used `actions/setup-node` with `cache: npm` (which requires a lockfile to compute the cache key) and `npm ci` (which requires a lockfile to install). Both fail with: Dependencies lock file is not found ... Supported file patterns: package-lock.json, npm-shrinkwrap.json, yarn.lock Switch the workflow to invoke spectral and redocly directly via `npx --yes`, pinned to the same versions as `package.json`'s devDependencies. No install step or cache needed. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/validate.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 36d1996..2aefe6f 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -20,15 +20,12 @@ jobs: - uses: actions/setup-node@v4 with: node-version: "24" - cache: npm - - - run: npm ci - name: Lint OpenAPI specs with Spectral - run: npx spectral lint specs/v3/*.yaml --fail-severity error + run: npx --yes @stoplight/spectral-cli@^6.14.0 lint specs/v3/*.yaml --fail-severity error - name: Bundle OpenAPI specs - run: npx redocly bundle specs/v3/*.yaml -o bundled/openapi-v3.yaml + run: npx --yes @redocly/cli@^1.28.0 bundle specs/v3/*.yaml -o bundled/openapi-v3.yaml - name: Verify bundled spec is valid - run: npx spectral lint bundled/openapi-v3.yaml --fail-severity error + run: npx --yes @stoplight/spectral-cli@^6.14.0 lint bundled/openapi-v3.yaml --fail-severity error