One of the challenges, at least for me, in modern web development, is keeping track of dependencies. On the one hand they help you avoid reinventing the wheel. On the otherhand they can cause unexpected problems which are sometimes hard to diagnose. I like to keep them to a minimum, especially when I don't really understand how they do what they do.
So, I improved my GitHub action that builds my eleventy based website by removing my dependency on an action from a GitHub user called TartanLlama. This action used a Docker file to build and generate the actual HTML pages for the website. The action has served me well for the last three years, but I did worry about what would happen if there was a bug and the user stopped maintaining this bit of code. It had stopped working once and it took me a couple of days to realise that I had to update my link to the action to a newer version. I didn't want to end up in this situation, should the user decide to call it a day.
So I did some Googling and found this blog post and this answer on Stack Overflow. (Yes, I know I am trying to avoid Stack Overflow, but Google makes it very hard!). Between the two, I came up with this step in my GitHub action:
- name: Install dependencies & build
npm install --package-lock-only
npm run build