From ca02d70a9f2b2373e38cace29375095fccb0444a Mon Sep 17 00:00:00 2001
From: Tomas Kislan <tomas@kislan.sk>
Date: Thu, 30 Oct 2025 12:44:37 +0000
Subject: [PATCH 1/6] ci: Add package.lock drift check CI step

Signed-off-by: Tomas Kislan <tomas@kislan.sk>
---
 .github/workflows/ci.yml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f47be9fa91..197e62a536 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -190,6 +190,30 @@ jobs:
       - name: Run spell check
         run: npm run spell-check
 
+  package-lock-drift-check:
+    name: Package Lock Drift Check
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+
+      - name: Setup Node.js
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6
+        with:
+          cache: 'npm'
+          node-version-file: '.nvmrc'
+          registry-url: 'https://npm.pkg.github.com'
+          scope: '@deepnote'
+
+      - name: Install dependencies
+        run: npm install
+
+      - name: Check package lock drift
+        run: |
+          git diff HEAD
+          test "$(git diff --name-only HEAD | wc -l | xargs)" -eq 0
+
   audit-prod:
     name: Audit - Production
     runs-on: ubuntu-latest

From 47e82ec1c54a4d27f36b928354abe3000d6f57fd Mon Sep 17 00:00:00 2001
From: Tomas Kislan <tomas@kislan.sk>
Date: Thu, 30 Oct 2025 12:44:55 +0000
Subject: [PATCH 2/6] test: Manually change package-lock.json to test CI drift
 check

Signed-off-by: Tomas Kislan <tomas@kislan.sk>
---
 package-lock.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package-lock.json b/package-lock.json
index 852dcc923e..3358bd27ce 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3023,6 +3023,7 @@
             }
         },
         "node_modules/@opentelemetry/api": {
+            "peer": true,
             "version": "1.4.1",
             "resolved": "https://registry.npmjs.org/@opentelemetry/api/-/api-1.4.1.tgz",
             "integrity": "sha512-O2yRJce1GOc6PAy3QxFM4NzFiWzvScDC1/5ihYBL6BUEVdq0XMWN01sppE+H6bBXbaFYipjwFLEWLg5PaSOThA==",

From 850bc061338f0c4d1882038d20de4ee048beff8b Mon Sep 17 00:00:00 2001
From: Tomas Kislan <tomas@kislan.sk>
Date: Thu, 30 Oct 2025 12:47:31 +0000
Subject: [PATCH 3/6] ci: Add NODE_AUTH_TOKEN environment variable for
 dependency installation in CI workflow

Signed-off-by: Tomas Kislan <tomas@kislan.sk>
---
 .github/workflows/ci.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 197e62a536..d2b809ba22 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -208,6 +208,8 @@ jobs:
 
       - name: Install dependencies
         run: npm install
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Check package lock drift
         run: |

From 855fa010cc4a4deb78fdd86eeab857b459313e4e Mon Sep 17 00:00:00 2001
From: Tomas Kislan <tomas@kislan.sk>
Date: Thu, 30 Oct 2025 12:48:40 +0000
Subject: [PATCH 4/6] fix: Revert package-lock.json manual change

Signed-off-by: Tomas Kislan <tomas@kislan.sk>
---
 package-lock.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/package-lock.json b/package-lock.json
index 3358bd27ce..852dcc923e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3023,7 +3023,6 @@
             }
         },
         "node_modules/@opentelemetry/api": {
-            "peer": true,
             "version": "1.4.1",
             "resolved": "https://registry.npmjs.org/@opentelemetry/api/-/api-1.4.1.tgz",
             "integrity": "sha512-O2yRJce1GOc6PAy3QxFM4NzFiWzvScDC1/5ihYBL6BUEVdq0XMWN01sppE+H6bBXbaFYipjwFLEWLg5PaSOThA==",

From d5bf19c1f2446fc5835458901ce711255eea6e46 Mon Sep 17 00:00:00 2001
From: Tomas Kislan <tomas@kislan.sk>
Date: Thu, 30 Oct 2025 12:59:58 +0000
Subject: [PATCH 5/6] refactor: Simplify package-lock.json git diff CI step

Signed-off-by: Tomas Kislan <tomas@kislan.sk>
---
 .github/workflows/ci.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d2b809ba22..a94a09a4ae 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -213,8 +213,7 @@ jobs:
 
       - name: Check package lock drift
         run: |
-          git diff HEAD
-          test "$(git diff --name-only HEAD | wc -l | xargs)" -eq 0
+          git diff --exit-code HEAD
 
   audit-prod:
     name: Audit - Production

From 5d75213ba586b0d8eb036d2b77a1e8dfaf2537f2 Mon Sep 17 00:00:00 2001
From: Tomas Kislan <tomas@kislan.sk>
Date: Thu, 30 Oct 2025 15:38:18 +0100
Subject: [PATCH 6/6] ci: Reduce timeout

Co-authored-by: James Hobbs <15235276+jamesbhobbs@users.noreply.github.com>
---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index a94a09a4ae..c99997aebe 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -193,7 +193,7 @@ jobs:
   package-lock-drift-check:
     name: Package Lock Drift Check
     runs-on: ubuntu-latest
-    timeout-minutes: 15
+    timeout-minutes: 5
     steps:
       - name: Checkout
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5