integrity.yml

# Integrity Check
#
# References:
#
# - https://docs.github.com/actions/learn-github-actions/contexts
# - https://docs.github.com/actions/learn-github-actions/expressions
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#create
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#pull_request
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#push
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#create
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#push
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_dispatch
# - https://github.com/actions/checkout
# - https://yarnpkg.com/cli/dedupe

---
name: integrity
on:
  create:
    branches:
      - main
  pull_request:
    paths:
      - .github/workflows/integrity.yml
      - .yarnrc.yml
      - yarn.lock
    types:
      - opened
      - reopened
      - synchronize
  push:
    branches:
      - main
    paths:
      - .github/workflows/integrity.yml
      - .yarnrc.yml
      - yarn.lock
  workflow_dispatch:
permissions:
  packages: read
env:
  REF: ${{ github.head_ref || github.ref_name }}
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
jobs:
  integrity:
    if: github.actor != 'dependabot[bot]'
    runs-on: ubuntu-latest
    steps:
      - id: checkout
        name: Checkout ${{ env.REF }}
        uses: actions/checkout@v3.5.3
        with:
          persist-credentials: false
          ref: ${{ env.REF }}
      - id: dedupe-check
        name: Check for duplicate dependencies in lockfile
        run: yarn dedupe --check
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}