Lock file maintenance #2591

	name: CI
	on:
	pull_request:
	push:
	branches:
	- main
	# validate configs that are pushed to a branch
	- 'v[0-9]*'

	concurrency:
	group: ${{ github.ref }}-ci
	cancel-in-progress: true

	permissions: {}

	jobs:
	ci:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
	with:
	fetch-depth: 0

	- run: printenv \| sort

	- name: Set up Node
	uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
	with:
	cache: yarn
	node-version-file: .nvmrc

	- run: yarn --immutable

	- name: Check token
	run: \|
	if [[ -n "$TOKEN" \|\| "$GITHUB_EVENT_NAME" -eq "push" ]]; then
	yarn check-token "$TOKEN"
	else
	echo "Skipping token check"
	fi
	env:
	TOKEN: ${{ secrets.TOKEN_GITHUB_READ }}

	- name: Check formatting
	run: yarn format:check

	- name: Check readme
	run: yarn update-readme --check

	- name: Type check scripts
	run: yarn build

	- name: Lint presets
	run: yarn lint

	- name: Basic preset validation
	run: yarn test:basic
	id: validate

	- name: Upload validation logs
	uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
	if: ${{ always() && steps.validate.outcome != 'skipped' }}
	with:
	path: renovate.validate.log
	name: renovate-validate-log

	- name: Renovate dry run with all presets
	run: yarn test:full
	id: dryRun
	env:
	TOKEN: ${{ secrets.TOKEN_GITHUB_READ }}
	TOKEN_REQUIRED: 1

	- name: Upload dry run logs
	uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
	if: ${{ always() && steps.dryRun.outcome != 'skipped' }}
	with:
	path: renovate.log
	name: renovate-dry-run-log

Provide feedback