From 410db7b9b40d2565761e49c6ed1926cbe1e4eeac Mon Sep 17 00:00:00 2001
From: Brandyn Phelps <brphelps@github.com>
Date: Mon, 27 Jun 2022 14:15:19 -0700
Subject: [PATCH] Fail if generated code is out of date, annotate generated
 code (#18)

* Fail if generated code is out of date, Annotate generated code

* try shell bash

* Add quotes!

* regenerate following what's in the build

* Add some more context to README
---
 .gitattributes             |  1 +
 .github/workflows/test.yml | 10 ++++++++--
 README.md                  | 14 ++++++++++++++
 3 files changed, 23 insertions(+), 2 deletions(-)
 create mode 100644 .gitattributes

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..dbf636d
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+dist/* linguist-generated=true
\ No newline at end of file
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 44c12ac..9a14ea4 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -24,8 +24,14 @@ jobs:
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
 
-      - run: npm ci --ignore-scripts
+      - name: Install NPM dependencies
+        run: npm ci --ignore-scripts
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
 
-      - run: npm rebuild && npm run all
+      - name: Build and run tests 
+        run: npm rebuild && npm run all
+
+      - name: Verify no uncommitted files
+        run: '[ -z "$(git status --porcelain=v1 2>/dev/null)" ]'
+        shell: bash
\ No newline at end of file
diff --git a/README.md b/README.md
index 89366e0..d6c693e 100644
--- a/README.md
+++ b/README.md
@@ -3,6 +3,20 @@
 This GitHub Action calculates dependencies for a Go build-target (a Go file with a
 `main` function) and submits the list to the [Dependency submission API](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api). Dependencies then appear in your repository's dependency graph, and you'll receive Dependabot alerts and updates for vulnerable or out-of-date dependencies. 
 
+### Running locally
+
+In order for NPM install to succeed (and not 401) you need to login to github's NPM feed: 
+```
+npm login --scope=@github --registry=https://npm.pkg.github.com
+```
+
+Because we are checking in the Typescript output, you may see check failures if you don't generate the contents of `dist/` in a similar manner to our CI check. You can easily rectify this by regenerating in a codespace and using what we use in our workflow YAML:
+
+```
+npm ci --ignore-scripts
+npm rebuild && npm run all
+```
+
 ### Example
 ```yaml
 name: Go Dependency Submission