fix: add npm cache config and package-lock.json verification to desktop CI workflows

[Copilot]

npm ci was failing on all platforms in both desktop workflows because actions/setup-node cache was not pointed at desktop/package-lock.json, and no pre-flight check existed to surface the missing lockfile clearly.

Changes

desktop-build.yml

• Added cache: 'npm' + cache-dependency-path: 'desktop/package-lock.json' to both setup-node steps (test-desktop and build-desktop jobs)
• Added explicit lockfile verification step before each npm ci call

release-desktop.yml

• Node.js setup already had correct cache config; added matching lockfile verification step before npm ci

- name: Verify package-lock.json exists
  working-directory: desktop
  shell: bash
  run: |
    if [ ! -f package-lock.json ]; then
      echo "Error: desktop/package-lock.json not found" >&2
      exit 1
    fi
    echo "package-lock.json found"

The shell: bash ensures consistent behavior across all three runner OSes (Linux, macOS, Windows).

Original prompt

The desktop build and release workflows are failing on all platforms with npm ci errors blocking the v2.1.0 release.

Error: npm ci cannot find package-lock.json

Fix needed in two workflow files:

1. .github/workflows/desktop-build.yml - add cache-dependency-path and verification
2. .github/workflows/release-desktop.yml - add cache-dependency-path and verification

Update Node.js setup steps to include:

• cache: 'npm'
• cache-dependency-path: 'desktop/package-lock.json'

Add verification step before npm ci to check package-lock.json exists.

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: ok now solely focusing on the mobile app creation create a simple step by step to be able to complete since it is react native

Assistant: # 📱 SIMPLE STEP-BY-STEP: Testing ODIA Mobile App with React Native & Expo Go

Let me give you a dead simple, foolproof guide to test the mobile app RIGHT NOW.

---

🎯 GOAL

Get the ODIA mobile app running on your Android phone in the next 10 minutes.

---

✅ STEP-BY-STEP GUIDE

STEP 1: Install Expo Go on Your Phone (2 minutes)

On your Android phone:

1. Open Google Play Store
2. Search for "Expo Go"
3. Tap Install
4. Open the app (you'll see a home screen with options)
5. Keep the app open

---

STEP 2: Prepare Your Computer (3 minutes)

Open Terminal/Command Prompt and run these commands:

# Navigate to the mobile directory
cd /path/to/ODIA/mobile

# Install dependencies (if not already done)
npm install

# Start the Expo development server
npx expo start

Wait for this output:

› Metro waiting on exp://192.168.1.100:8081
› Scan the QR code above with Expo Go (Android)

   [BIG QR CODE APPEARS HERE]

› Press a │ open Android
› Press w │ open web

✅ DO NOT CLOSE THIS TERMINAL - Keep it running!

---

STEP 3: Connect Your Phone (1 minute)

Make sure your phone and computer are on the SAME WiFi network.

Then:

1. In Expo Go app on your phone
2. Tap "Scan QR code"
3. Point camera at the QR code in your terminal
4. Wait 20-30 seconds

You'll see:

• "Building JavaScript bundle..." progress bar
• Then the ODIA app loads!

🎉 Success! The app is now running on your phone.

---

STEP 4: Test Core Functionality (10 minutes)

Now run these simple tests:

Test 1: Navigate Around (1 min)

• Tap through all tabs at the bottom
• Everything loads without crashing ✅

Test 2: Upload a Document (2 min)

Create a test file on your computer first:

# Create a simple test document
cd /path/to/ODIA
echo "The agency will spend $500,000 on equipment without appropriation." > test-document.txt

Then on your phone:

1. Tap "Choose Document" or upload button
2. Select test-document.txt
3. Document uploads successfully ✅

Test 3: Run Analysis (3 min)

1. The app should automatically analyze the document
2. Wait for "Analysis complete" or progress indicator finishes
3. Check results screen shows findings ✅

Test 4: View Results (2 min)

• Severity score displays
• Findings list appears
• You can tap into individual findings
• Everything is readable ✅

Test 5: Offline Test (2 min)

1. Turn on Airplane Mode on your phone
2. Try running analysis again
3. It should still work (no network errors) ✅

---

STEP 5: Take Screenshots (2 minutes)

Capture these 3 screenshots:

1. Home screen with upload buttons
2. Analysis results showing findings
3. Individual finding detail view

How to screenshot:

• Android: Press Power + Volume Down simultaneously

---

STEP 6: Document Your Testing (5 minutes)

Copy this template and fill it out:

## ODIA Mobile App - Quick Test Results

**Date:** 2026-04-12
**Device:** [Your phone model]
**Android Version:** [Your Android version]

### Test Results

- [x] App launches in Expo Go: ✅ PASS
- [x] Document upload works: ✅ PASS  
- [x] Analysis executes: ✅ PASS
- [x] Results display: ✅ PASS
- [x] Offline mode works: ✅ PASS

### Issues Found
None - all core features working.

### Screenshots
[Attach your 3 screenshots here]

### Recommendation
✅ Ready to merge

---

🐛 TROUBLESHOOTING (If Something Goes Wrong)

Problem: QR Code Won't Scan

Solution:

1. In terminal, look for the URL like: exp://192.168.1.100:8081
2. In Expo Go, tap "Enter URL manually"
3. Type that URL exactly
4. Tap Connect

---

Problem: "Unable to connect to Metro"

Solution:

# Stop Expo (press Ctrl+C in terminal)
# Restart with tunnel mode:
npx expo start --tunnel

# Scan the NEW QR code

---

Problem: App Shows White Screen

Solution:

1. Shake your phone
2. Tap "Reload"
3. Wait 10 seconds

If still broken:

# In terminal, press Ctrl+C to stop
# Then restart:
npx expo start --clear

---

Problem: Metro Bundler Not Starting

Solution:

# Clear everything and st...

</details>



<!-- START COPILOT CODING AGENT SUFFIX -->

*This pull request was created from Copilot chat.*
>

[Copilot]

Pull request overview

Updates the GitHub Actions workflows used to test/build and release the Electron desktop app, aiming to prevent npm ci failures by adding npm caching configuration and explicit lockfile presence checks.

Changes:

• Add actions/setup-node npm cache configuration with cache-dependency-path: desktop/package-lock.json in the desktop build workflow.
• Add “Verify package-lock.json exists” steps before running npm ci in both desktop build and release workflows.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
.github/workflows/desktop-build.yml	Adds npm cache configuration and lockfile verification steps for desktop jobs.
.github/workflows/release-desktop.yml	Adds a lockfile verification step prior to running desktop npm ci during release builds.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This workflow still runs npm ci in frontend/, but the repo does not contain frontend/package-lock.json. npm ci will fail in that directory regardless of the new desktop lock verification/caching. To fix the build, either commit a lockfile for frontend/ (preferred for reproducible installs) and update caching accordingly, or switch the frontend install step(s) to npm install.

[Copilot]

The workflow runs npm ci under frontend/, but there is no frontend/package-lock.json in the repository. This will still fail even with the added desktop lock verification. Consider adding a frontend lockfile (and caching it) or changing the frontend install to npm install.