fix: bin_dest output points to self-updated pnpm, not bootstrap (#249)

* fix: bin_dest output points to self-updated pnpm, not bootstrap (#247)

`pnpm self-update <version>` writes the target binary to
`${PNPM_HOME}/bin/`, leaving the bootstrap symlink at `${PNPM_HOME}/pnpm`
untouched. The `bin_dest` output was set to `${PNPM_HOME}`, so consumers
invoking `${{ steps.pnpm.outputs.bin_dest }}/pnpm` got the bootstrap
version (currently 11.0.4) instead of the version they requested.

PATH lookup hid the bug: `${PNPM_HOME}/bin` was prepended ahead of
`${PNPM_HOME}`, so `pnpm` resolved from PATH was the right one. Existing
version-respect tests only checked `pnpm --version`, not `bin_dest`.

Resolve `binDest` inside `runSelfInstaller` (target lives in
`${PNPM_HOME}/bin` after self-update, otherwise stays at `${PNPM_HOME}`)
and plumb it through to `setOutputs`. Add a regression test that invokes
`${bin_dest}/pnpm --version` directly across Linux/macOS/Windows.

* test(ci): pass bin_dest via env to survive Windows backslashes

Direct GitHub-expression interpolation of `${{ steps.pnpm.outputs.bin_dest }}`
into the bash script let bash eat the backslashes in the Windows path
(`C:Usersrunneradminsetup-pnpmnode_modules.binbin/pnpm`), failing with
"No such file or directory". Forward the value via env so the path
reaches bash unmangled.

* build: rebuild dist with clean lockfile-matched deps

src/install-pnpm/run.ts

@@ -12,7 +12,12 @@ import exeLock from './bootstrap/exe-lock.json'
 const BOOTSTRAP_PNPM_PACKAGE_JSON = JSON.stringify({ private: true, dependencies: { pnpm: pnpmLock.packages['node_modules/pnpm'].version } })
 const BOOTSTRAP_EXE_PACKAGE_JSON = JSON.stringify({ private: true, dependencies: { '@pnpm/exe': exeLock.packages['node_modules/@pnpm/exe'].version } })
 
-export async function runSelfInstaller(inputs: Inputs): Promise<number> {
+export interface SelfInstallerResult {
+  exitCode: number
+  binDest: string
+}
+
+export async function runSelfInstaller(inputs: Inputs): Promise<SelfInstallerResult> {
   const { version, dest, packageJsonFile } = inputs
 
   // pnpm v11 requires Node >= 22.13; use standalone (exe) bootstrap which
@@ -45,7 +50,7 @@ export async function runSelfInstaller(inputs: Inputs): Promise<number> {
   const npmEnv = { ...process.env, [pathKey]: currentPath ? currentPath + path.delimiter + nodeDir : nodeDir }
   const npmExitCode = await runCommand('npm', ['ci'], { cwd: dest, env: npmEnv })
   if (npmExitCode !== 0) {
-    return npmExitCode
+    return { exitCode: npmExitCode, binDest: path.join(dest, 'node_modules', '.bin') }
   }
 
   // On Windows with standalone mode, npm's .bin shims can't properly
@@ -87,11 +92,18 @@ export async function runSelfInstaller(inputs: Inputs): Promise<number> {
     const args = standalone ? ['self-update', targetVersion] : [bootstrapPnpm, 'self-update', targetVersion]
     const exitCode = await runCommand(cmd, args, { cwd: dest })
     if (exitCode !== 0) {
-      return exitCode
+      return { exitCode, binDest: pnpmHome }
     }
+    // self-update writes the target pnpm/pnpx into PNPM_HOME/bin, leaving
+    // the bootstrap symlinks in pnpmHome pointing at the old version. Use
+    // PNPM_HOME/bin so consumers of the bin_dest output (e.g.
+    // `${steps.pnpm.outputs.bin_dest}/pnpm`) invoke the requested version.
+    return { exitCode: 0, binDest: path.join(pnpmHome, 'bin') }
   }
 
-  return 0
+  // No explicit target version: rely on the bootstrap pnpm to switch to
+  // the version declared in packageManager/devEngines at runtime.
+  return { exitCode: 0, binDest: pnpmHome }
 }
 
 function readTargetVersion(opts: {