ci: remove unnecessary checkout in dependency diff job

[yoshi-taka]

Dependency diff runs in artifact mode and compares packed .tgz files, so repository checkout (and full history fetch) is not required.

[43081j]

the rest of the analysis is over the lock files, though. so we need this to fetch the lock file from main, no?

basically this:

action-dependency-diff/src/main.ts

Lines 101 to 105 in ee4d7ff

	const basePackageLock = getFileFromRef(baseRef, lockfilePath, baseWorkspace);
	if (!basePackageLock) {
	core.info('No package lockfile found in base ref');
	return;
	}

the comment action that consumes the artifact already skips checkout

[yoshi-taka]

Ah, this seems to be the key part.

detectLockfile(workspacePath) only checks for lockfiles directly in the workspace via existsSync(join(workspacePath, c)). It does not inspect the downloaded package artifacts.

So even in mode: artifact, the analyze step still needs a checked-out workspace with a lockfile before it can proceed to the package artifact comparison.

Apologies. I initially misunderstood how this part works.