chore: rebuild bundle after reverting bootstrap pnpm to 11.0.4

The previous version of this test self-updated to pnpm 10.33.0 and expected
pnpm --version to fail under devEngines.onFail=error. But pnpm v10 only reads
the packageManager field, not devEngines, so the check never fired and the
test failed.

Switch the assertion to the contract the af8e203 scope fix actually enforces:
when an explicit version: is supplied, pnpm_config_pm_on_fail must not be
exported by the action. That's deterministic and pnpm-version-agnostic.

.github/FUNDING.yml

@@ -1,12 +1,2 @@
-# These are supported funding model platforms
-
-github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
-patreon: khai96_
-open_collective: # Collective unavailable
-ko_fi: # Replace with a single Ko-fi username
-tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # disabled
-otechie: # Replace with a single Otechie username
-custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
+custom:
+  - https://opencollective.com/pnpm

.github/workflows/pr-check.yaml

@@ -0,0 +1,28 @@
+name: pr-check
+
+on: [ pull_request ]
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
+jobs:
+  check-dist:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+        with:
+          run_install: true
+          version: 9
+
+      - name: Update dist/index.js
+        run: pnpm run build
+
+      - name: Check for uncommitted changes in dist
+        run: git diff --exit-code dist/index.js

.github/workflows/test.yaml

@@ -1,92 +1,210 @@
 name: Test Action
 
 on:
-  - push
-  - pull_request
-  - workflow_dispatch
+  pull_request:
+  push:
+    branches:
+      - master
+  workflow_dispatch:
 
 jobs:
-  test_default_inputs:
-    name: Test with default inputs
+  smoke:
+    # Cross-OS coverage. Exercises the bootstrap install + PATH on each platform,
+    # the version-respects-request regression (#225 / #230 — Windows PATH shadow),
+    # and the bin_dest output regression (#247). Multi-version coverage on Linux
+    # so we don't pay 3x for major-version differences.
+    name: 'Smoke (${{ matrix.name }})'
 
     runs-on: ${{ matrix.os }}
 
     strategy:
       fail-fast: false
       matrix:
-        pnpm:
-          - 4.11.1
-        os:
-          - ubuntu-latest
-          - macos-latest
-          - windows-latest
+        include:
+          - name: 'ubuntu / v9.15.5'
+            os: ubuntu-latest
+            version: '9.15.5'
+          - name: 'ubuntu / v10.33.0'
+            os: ubuntu-latest
+            version: '10.33.0'
+          - name: 'ubuntu / v9.15.5 / custom-dest'
+            os: ubuntu-latest
+            version: '9.15.5'
+            dest: '~/test/pnpm'
+          - name: 'macos / v9.15.5'
+            os: macos-latest
+            version: '9.15.5'
+          - name: 'windows / v9.15.5'
+            os: windows-latest
+            version: '9.15.5'
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+
+      - id: pnpm
+        name: Run the action
+        uses: ./
+        with:
+          version: ${{ matrix.version }}
+          dest: ${{ matrix.dest || '~/setup-pnpm' }}
+
+      - name: 'Test: pnpm/pnpx on PATH report the requested version (incl. via bin_dest)'
+        # Pass paths via env, not template interpolation, so Windows
+        # backslashes in `bin_dest` aren't eaten by bash's escape handling.
+        env:
+          BIN_DEST: ${{ steps.pnpm.outputs.bin_dest }}
+          REQUIRED: ${{ matrix.version }}
+        run: |
+          set -e
+          which pnpm
+          which pnpx
+          actual="$(pnpm --version)"
+          echo "pnpm --version: ${actual}"
+          if [ "${actual}" != "${REQUIRED}" ]; then
+            echo "Expected pnpm version ${REQUIRED}, but got ${actual}"
+            exit 1
+          fi
+          bin_dest_version="$("$BIN_DEST/pnpm" --version)"
+          echo "bin_dest pnpm --version: ${bin_dest_version}"
+          if [ "${bin_dest_version}" != "${REQUIRED}" ]; then
+            echo "Expected ${REQUIRED} via bin_dest, but got ${bin_dest_version}"
+            exit 1
+          fi
+        shell: bash
+
+      - name: 'Test: install in a fresh project'
+        run: |
+          mkdir /tmp/test-project
+          cd /tmp/test-project
+          pnpm init
+          pnpm add is-odd
+        shell: bash
+
+  manifest_pin:
+    # Folds the old test_package_manager_field, test_dev_engines, and
+    # test_dev_engines_on_fail_error jobs. The action's manifest handling is
+    # OS-independent, so ubuntu-only is sufficient.
+    name: 'Manifest pin: ${{ matrix.label }}'
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - label: 'packageManager pnpm@9.15.5 (#227)'
+            manifest: '{"packageManager":"pnpm@9.15.5"}'
+            version: '9.15.5'
+          - label: 'packageManager pnpm@10.33.0'
+            manifest: '{"packageManager":"pnpm@10.33.0"}'
+            version: '10.33.0'
+          - label: 'devEngines onFail=download, exact'
+            manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":"9.15.5","onFail":"download"}}}'
+            version: '9.15.5'
+          - label: 'devEngines onFail=download, range'
+            manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":">=9.15.0","onFail":"download"}}}'
+            version: '>=9.15.0'
+          - label: 'devEngines onFail=error, exact (#252)'
+            manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":"9.15.5","onFail":"error"}}}'
+            version: '9.15.5'
+          - label: 'devEngines onFail=error, range (#252)'
+            manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":">=9.15.0","onFail":"error"}}}'
+            version: '>=9.15.0'
+          - label: 'explicit version: pnpm_config_pm_on_fail not exported'
+            # Regression guard for the af8e203 scope fix: when the user passes an
+            # explicit `version:` input, the action must NOT export
+            # pnpm_config_pm_on_fail=download, so the user's strict onFail policy
+            # is preserved. Asserted directly on the env var rather than pnpm
+            # runtime behavior — different pnpm majors read devEngines
+            # differently (v10 ignores it, v11+ honors it).
+            manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":"9.15.5","onFail":"error"}}}'
+            explicit_version: '10.33.0'
+            expect_pm_on_fail_unset: true
+
+    steps:
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+
+      - name: Set up package.json
+        run: echo '${{ matrix.manifest }}' > package.json
+        shell: bash
 
       - name: Run the action
         uses: ./
         with:
-          version: 4.11.1
+          version: ${{ matrix.explicit_version }}
 
-      - name: 'Test: which'
-        run: which pnpm; which pnpx
+      - name: 'Test: pnpm reports the pinned version'
+        if: ${{ !matrix.expect_pm_on_fail_unset }}
+        env:
+          REQUIRED: ${{ matrix.version }}
+        run: |
+          set -e
+          actual="$(pnpm --version)"
+          echo "pnpm version: ${actual}"
+          if [ "${REQUIRED}" = ">=9.15.0" ]; then
+            min="9.15.0"
+            if [ "$(printf '%s\n' "${min}" "${actual}" | sort -V | head -n1)" != "${min}" ]; then
+              echo "Expected pnpm version >= ${min}, but got ${actual}"
+              exit 1
+            fi
+          else
+            if [ "${actual}" != "${REQUIRED}" ]; then
+              echo "Expected pnpm version ${REQUIRED}, but got ${actual}"
+              exit 1
+            fi
+          fi
+        shell: bash
 
-      - name: 'Test: install'
-        run: pnpm install
+      - name: 'Test: pnpm_config_pm_on_fail not exported (explicit version preserves strict policy)'
+        if: ${{ matrix.expect_pm_on_fail_unset }}
+        run: |
+          if [ -n "${pnpm_config_pm_on_fail:-}" ]; then
+            echo "Expected pnpm_config_pm_on_fail to be unset, but got: '${pnpm_config_pm_on_fail}'"
+            exit 1
+          fi
+          echo "pnpm_config_pm_on_fail is unset, as expected"
+        shell: bash
 
-  test_explicit_inputs:
-    name: Test with explicit inputs
+  standalone:
+    name: Standalone mode
 
-    runs-on: ${{ matrix.os }}
-
-    strategy:
-      fail-fast: false
-      matrix:
-        pnpm:
-          - 4.11.1
-        os:
-          - ubuntu-latest
-          - macos-latest
-          - windows-latest
+    runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
 
       - name: Run the action
         uses: ./
         with:
-          version: 4.11.1
-          dest: ~/test/pnpm
+          version: 9.15.0
+          standalone: true
 
-      - name: 'Test: which'
-        run: which pnpm && which pnpx
+      - name: 'Test: pnpm works'
+        run: |
+          set -e
+          which pnpm
+          actual="$(pnpm --version)"
+          if [ "${actual}" != "9.15.0" ]; then
+            echo "Expected 9.15.0, got ${actual}"
+            exit 1
+          fi
+          mkdir /tmp/test-standalone
+          cd /tmp/test-standalone
+          pnpm init
+          pnpm add is-odd
+        shell: bash
 
-      - name: 'Test: install'
-        run: pnpm install
+  run_install:
+    name: 'run_install (${{ matrix.run_install.name }})'
 
-  test_run_install:
-    name: 'Test with run_install (${{ matrix.run_install.name }}, ${{ matrix.os }})'
-
-    runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-latest
 
     strategy:
       fail-fast: false
       matrix:
-        pnpm:
-          - 4.11.1
-        os:
-          - ubuntu-latest
-          - macos-latest
-          - windows-latest
         run_install:
           - name: 'null'
             value: 'null'
-          - name: 'empty object'
-            value: '{}'
-          - name: 'recursive'
-            value: |
-              recursive: true
           - name: 'global'
             value: |
               args:
@@ -94,29 +212,24 @@ jobs:
                 - --global-dir=./pnpm-global
                 - npm
                 - yarn
-                - pnpm
-          - name: 'array'
-            value: |
-              - {}
-              - recursive: true
-              - args:
-                - --global
-                - --global-dir=./pnpm-global
-                - npm
-                - yarn
-                - pnpm
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
 
       - name: Run the action
         uses: ./
         with:
-          version: 4.11.1
+          version: 9.15.5
           run_install: ${{ matrix.run_install.value }}
 
-      - name: 'Test: which'
-        run: which pnpm; which pnpx
-
-      - name: 'Test: install'
-        run: pnpm install
+      - name: 'Test: pnpm works'
+        run: |
+          set -e
+          which pnpm
+          which pnpx
+          actual="$(pnpm --version)"
+          if [ "${actual}" != "9.15.5" ]; then
+            echo "Expected 9.15.5, got ${actual}"
+            exit 1
+          fi
+        shell: bash

.gitignore

@@ -2,7 +2,6 @@ node_modules
 *.log
 /dist/*
 !/dist/index.js
-!/dist/pnpm.js
 tmp
 temp
 *.tmp
@@ -10,3 +9,4 @@ temp
 tmp.*
 temp.*
 .pnpm-store
+.claude

README.md

@@ -1,3 +1,7 @@
+> ## :warning: Upgrade from v2!
+>
+> The v2 version of this action [has stopped working](https://github.com/pnpm/action-setup/issues/135) with newer Node.js versions. Please, upgrade to the latest version to fix any issues.
+
 # Setup pnpm
 
 Install pnpm package manager.
@@ -10,7 +14,7 @@ Version of pnpm to install.
 
 **Optional** when there is a [`packageManager` field in the `package.json`](https://nodejs.org/api/corepack.html).
 
-otherwise, this field is **required** It supports npm versioning scheme, it could be an exact version (such as `6.24.1`), or a version range (such as `6`, `6.x.x`, `6.24.x`, `^6.24.1`, `*`, etc.), or `latest`.
+otherwise, this field is **required** It supports npm versioning scheme, it could be an exact version (such as `10.9.8`), or a version range (such as `10`, `10.x.x`, `10.9.x`, `^10.9.8`, `*`, etc.), or `latest`.
 
 ### `dest`
 
@@ -36,7 +40,25 @@ If `run_install` is a YAML string representation of either an object or an array
 
 #### `run_install.args`
 
-**Optional** (_type:_ `string[]`) Additional arguments after `pnpm [recursive] install`, e.g. `[--frozen-lockfile, --strict-peer-dependencies]`.
+**Optional** (_type:_ `string[]`) Additional arguments after `pnpm [recursive] install`, e.g. `[--ignore-scripts, --strict-peer-dependencies]`.
+
+### `cache`
+
+**Optional** (_type:_ `boolean`, _default:_ `false`) Whether to cache the pnpm store directory.
+
+### `cache_dependency_path`
+
+**Optional** (_type:_ `string|string[]`, _default:_ `pnpm-lock.yaml`) File path to the pnpm lockfile, which contents hash will be used as a cache key.
+
+### `package_json_file`
+
+**Optional** (_type:_ `string`, _default:_ `package.json`) File path to the `package.json`/[`package.yaml`](https://github.com/pnpm/pnpm/pull/1799) to read "packageManager" configuration.
+
+### `standalone`
+
+**Optional** (_type:_ `boolean`, _default:_ `false`) When set to true, [@pnpm/exe](https://www.npmjs.com/package/@pnpm/exe), which is a Node.js bundled package, will be installed, enabling using `pnpm` without Node.js.
+
+This is useful when you want to use a incompatible pair of Node.js and pnpm.
 
 ## Outputs
 
@@ -50,7 +72,9 @@ Location of `pnpm` and `pnpx` command.
 
 ## Usage example
 
-### Just install pnpm
+### Install only pnpm without `packageManager`
+
+This works when the repo either doesn't have a `package.json` or has a `package.json` but it doesn't specify `packageManager`.
 
 ```yaml
 on:
@@ -62,9 +86,26 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: pnpm/action-setup@v2.2.4
+      - uses: pnpm/action-setup@v6
         with:
-          version: 6.0.2
+          version: 10
+```
+
+###  Install only pnpm with `packageManager`
+
+Omit `version` input to use the version in the [`packageManager` field in the `package.json`](https://nodejs.org/api/corepack.html).
+
+```yaml
+on:
+  - push
+  - pull_request
+
+jobs:
+  install:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: pnpm/action-setup@v6
 ```
 
 ### Install pnpm and a few npm packages
@@ -79,14 +120,14 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v6
 
-      - uses: pnpm/action-setup@v2.2.4
+      - uses: pnpm/action-setup@v6
         with:
-          version: 6.0.2
+          version: 10
           run_install: |
             - recursive: true
-              args: [--frozen-lockfile, --strict-peer-dependencies]
+              args: [--strict-peer-dependencies]
             - args: [--global, gulp, prettier, typescript]
 ```
 
@@ -103,32 +144,13 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
 
-      - name: Install Node.js
-        uses: actions/setup-node@v3
-        with:
-          node-version: 16
-
-      - uses: pnpm/action-setup@v2.0.1
+      - uses: pnpm/action-setup@v6
         name: Install pnpm
-        id: pnpm-install
         with:
-          version: 7
-          run_install: false
-
-      - name: Get pnpm store directory
-        id: pnpm-cache
-        run: |
-          echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
-
-      - uses: actions/cache@v3
-        name: Setup pnpm cache
-        with:
-          path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}
-          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
-          restore-keys: |
-            ${{ runner.os }}-pnpm-store-
+          version: 10
+          cache: true
 
       - name: Install dependencies
         run: pnpm install
@@ -142,4 +164,4 @@ This action does not setup Node.js for you, use [actions/setup-node](https://git
 
 ## License
 
-[MIT](https://git.io/JfclH) © [Hoàng Văn Khải](https://github.com/KSXGitHub/)
+[MIT](https://github.com/pnpm/action-setup/blob/master/LICENSE.md) © [Hoàng Văn Khải](https://github.com/KSXGitHub/)

action.yml

@@ -6,6 +6,7 @@ branding:
 inputs:
   version:
     description: Version of pnpm to install
+    required: false
   dest:
     description: Where to store pnpm files
     required: false
@@ -14,7 +15,28 @@ inputs:
     description: If specified, run `pnpm install`
     required: false
     default: 'null'
+  cache:
+    description: Whether to cache the pnpm store directory
+    required: false
+    default: 'false'
+  cache_dependency_path:
+    description: File path to the pnpm lockfile, which contents hash will be used as a cache key
+    required: false
+    default: 'pnpm-lock.yaml'
+  package_json_file:
+    description: File path to the package.json to read "packageManager" configuration. This path must be relative to the repository root (GITHUB_WORKSPACE).
+    required: false
+    default: 'package.json'
+  standalone:
+    description: When set to true, @pnpm/exe, which is a Node.js bundled package, will be installed, enabling using pnpm without Node.js.
+    required: false
+    default: 'false'
+outputs:
+  dest:
+    description: Expanded path of inputs#dest
+  bin_dest:
+    description: Location of `pnpm` and `pnpx` command
 runs:
-  using: node16
+  using: node24
   main: dist/index.js
   post: dist/index.js

package.json

@@ -1,26 +1,24 @@
 {
   "private": true,
   "scripts": {
-    "build:schemas": "ts-schema-autogen generate",
-    "build:ncc": "ncc build --minify --no-source-map-register --no-cache dist/tsc/index.js --out dist/",
-    "build": "pnpm run build:schemas && tsc && pnpm run build:ncc && cp src/install-pnpm/pnpm.js dist/pnpm.js",
-    "start": "pnpm run build && sh ./run.sh"
+    "build:bundle": "esbuild src/index.ts --bundle --platform=node --target=node24 --format=cjs --minify --outfile=dist/index.js --loader:.json=json",
+    "build": "pnpm run build:bundle",
+    "start": "pnpm run build && sh ./run.sh",
+    "update-bootstrap": "node scripts/update-bootstrap.mjs"
   },
   "dependencies": {
-    "@actions/core": "^1.10.0",
-    "@types/expand-tilde": "^2.0.0",
-    "@types/fs-extra": "^9.0.13",
-    "@types/js-yaml": "^4.0.5",
-    "@types/node": "^14.18.32",
-    "@types/node-fetch": "^2.6.2",
-    "ajv": "^6.12.6",
+    "@actions/cache": "^4.1.0",
+    "@actions/core": "^1.10.1",
+    "@actions/exec": "^1.1.1",
+    "@actions/glob": "^0.5.0",
+    "@types/expand-tilde": "^2.0.2",
+    "@types/node": "^22.0.0",
     "expand-tilde": "^2.0.2",
-    "fs-extra": "^10.1.0",
-    "js-yaml": "^4.1.0"
+    "yaml": "^2.3.4",
+    "zod": "^3.22.4"
   },
   "devDependencies": {
-    "@ts-schema-autogen/cli": "^0.1.2",
-    "@vercel/ncc": "^0.33.4",
-    "typescript": "^4.8.4"
+    "esbuild": "^0.27.4",
+    "typescript": "^5.3.3"
   }
 }

pnpm-workspace.yaml

@@ -0,0 +1,4 @@
+packages:
+  - '.'
+allowBuilds:
+  esbuild: true

run.sh

@@ -4,4 +4,5 @@ export HOME="$(pwd)"
 export INPUT_VERSION=4.11.1
 export INPUT_DEST='~/pnpm.temp'
 export INPUT_RUN_INSTALL=null
+export INPUT_standalone=false
 exec node dist/index.js

scripts/update-bootstrap.mjs

@@ -0,0 +1,47 @@
+#!/usr/bin/env node
+
+// Usage: node scripts/update-bootstrap.mjs [version]
+// If version is omitted, fetches the latest next-11 tag from npm.
+// Regenerates the bootstrap lockfiles used by action-setup to install pnpm via npm.
+
+import { execSync } from 'child_process'
+import { mkdtempSync, rmSync, readFileSync, writeFileSync } from 'fs'
+import { join } from 'path'
+import { tmpdir } from 'os'
+
+const BOOTSTRAP_DIR = new URL('../src/install-pnpm/bootstrap/', import.meta.url).pathname
+
+const version = process.argv[2] || resolveLatestVersion()
+
+console.log(`Updating bootstrap lockfiles to pnpm@${version} ...`)
+
+generateLock('pnpm-lock.json', { pnpm: version }, 'bootstrap-pnpm')
+generateLock('exe-lock.json', { '@pnpm/exe': version }, 'bootstrap-exe')
+
+console.log('Done!')
+
+function resolveLatestVersion() {
+  const json = execSync('npm view @pnpm/exe dist-tags --json', { encoding: 'utf8' })
+  const tags = JSON.parse(json)
+  const version = tags['next-11'] || tags['latest']
+  if (!version) {
+    console.error('Could not determine latest pnpm version from npm dist-tags')
+    process.exit(1)
+  }
+  return version
+}
+
+function generateLock(filename, dependencies, name) {
+  const tmp = mkdtempSync(join(tmpdir(), 'pnpm-bootstrap-'))
+  try {
+    writeFileSync(join(tmp, 'package.json'), JSON.stringify({ private: true, dependencies }))
+    execSync('npm install --package-lock-only --ignore-scripts', { cwd: tmp, stdio: 'pipe' })
+    const lock = readFileSync(join(tmp, 'package-lock.json'), 'utf8')
+    const parsed = JSON.parse(lock)
+    parsed.name = name
+    writeFileSync(join(BOOTSTRAP_DIR, filename), JSON.stringify(parsed, null, 2) + '\n')
+    console.log(`  ${filename} -> ${Object.values(dependencies)[0]}@${version}`)
+  } finally {
+    rmSync(tmp, { recursive: true, force: true })
+  }
+}

src/cache-restore/index.ts

@@ -0,0 +1,19 @@
+import { isFeatureAvailable } from '@actions/cache'
+import { endGroup, startGroup, warning } from '@actions/core'
+import { Inputs } from '../inputs'
+import { runRestoreCache } from './run'
+
+export async function restoreCache(inputs: Inputs) {
+  if (!inputs.cache) return
+
+  if (!isFeatureAvailable()) {
+    warning('Cache is not available, skipping cache restoration')
+    return
+  }
+
+  startGroup('Restoring cache...')
+  await runRestoreCache(inputs)
+  endGroup()
+}
+
+export default restoreCache

src/cache-restore/run.ts

@@ -0,0 +1,39 @@
+import { restoreCache } from '@actions/cache'
+import { debug, info, saveState, setOutput } from '@actions/core'
+import { getExecOutput } from '@actions/exec'
+import { hashFiles } from '@actions/glob'
+import os from 'os'
+import { Inputs } from '../inputs'
+
+export async function runRestoreCache(inputs: Inputs) {
+  const cachePath = await getCacheDirectory()
+  saveState('cache_path', cachePath)
+
+  const fileHash = await hashFiles(inputs.cacheDependencyPath)
+  if (!fileHash) {
+    throw new Error('Some specified paths were not resolved, unable to cache dependencies.')
+  }
+
+  const primaryKey = `pnpm-cache-${process.env.RUNNER_OS}-${os.arch()}-${fileHash}`
+  debug(`Primary key is ${primaryKey}`)
+  saveState('cache_primary_key', primaryKey)
+
+  let cacheKey = await restoreCache([cachePath], primaryKey)
+
+  setOutput('cache-hit', Boolean(cacheKey))
+
+  if (!cacheKey) {
+    info(`Cache is not found`)
+    return
+  }
+
+  saveState('cache_restored_key', cacheKey)
+  info(`Cache restored from key: ${cacheKey}`)
+}
+
+async function getCacheDirectory() {
+  const { stdout } = await getExecOutput('pnpm store path --silent')
+  const cacheFolderPath = stdout.trim()
+  debug(`Cache folder is set to "${cacheFolderPath}"`)
+  return cacheFolderPath
+}

src/cache-save/index.ts

@@ -0,0 +1,15 @@
+import { setFailed } from '@actions/core'
+import { Inputs } from '../inputs'
+import { runSaveCache } from './run'
+
+export async function saveCache(inputs: Inputs) {
+  if (!inputs.cache) return
+
+  try {
+    await runSaveCache()
+  } catch (error) {
+    setFailed((error as Error).message)
+  }
+}
+
+export default saveCache

src/cache-save/run.ts

@@ -0,0 +1,18 @@
+import { saveCache } from '@actions/cache'
+import { getState, info } from '@actions/core'
+
+export async function runSaveCache() {
+  const state = getState('cache_restored_key')
+  const primaryKey = getState('cache_primary_key')
+  const cachePath = getState('cache_path')
+
+  if (primaryKey === state) {
+    info(`Cache hit occurred on the primary key ${primaryKey}, not saving cache.`)
+    return
+  }
+
+  const cacheId = await saveCache([cachePath], primaryKey)
+  if (cacheId == -1) return
+
+  info(`Cache saved with the key: ${primaryKey}`)
+}

src/index.ts

@@ -1,5 +1,7 @@
 import { setFailed, saveState, getState } from '@actions/core'
-import getInputs from './inputs'
+import restoreCache from './cache-restore'
+import saveCache from './cache-save'
+import getInputs, { Inputs } from './inputs'
 import installPnpm from './install-pnpm'
 import setOutputs from './outputs'
 import pnpmInstall from './pnpm-install'
@@ -7,15 +9,32 @@ import pruneStore from './pnpm-store-prune'
 
 async function main() {
   const inputs = getInputs()
-  const isPost = getState('is_post')
-  if (isPost === 'true') return pruneStore(inputs)
+
+  if (getState('is_post') === 'true') {
+    await runPost(inputs)
+  } else {
+    await runMain(inputs)
+  }
+}
+
+async function runMain(inputs: Inputs) {
   saveState('is_post', 'true')
-  await installPnpm(inputs)
+
+  const binDest = await installPnpm(inputs)
+  if (binDest === undefined) return
   console.log('Installation Completed!')
-  setOutputs(inputs)
+  setOutputs(inputs, binDest)
+
+  await restoreCache(inputs)
+
   pnpmInstall(inputs)
 }
 
+async function runPost(inputs: Inputs) {
+  pruneStore(inputs)
+  await saveCache(inputs)
+}
+
 main().catch(error => {
   console.error(error)
   setFailed(error)

src/inputs/index.ts

@@ -1,11 +1,15 @@
-import { getInput, InputOptions } from '@actions/core'
+import { getBooleanInput, getInput, InputOptions } from '@actions/core'
 import expandTilde from 'expand-tilde'
 import { RunInstall, parseRunInstall } from './run-install'
 
 export interface Inputs {
   readonly version?: string
   readonly dest: string
+  readonly cache: boolean
+  readonly cacheDependencyPath: string
   readonly runInstall: RunInstall[]
+  readonly packageJsonFile: string
+  readonly standalone: boolean
 }
 
 const options: InputOptions = {
@@ -17,7 +21,11 @@ const parseInputPath = (name: string) => expandTilde(getInput(name, options))
 export const getInputs = (): Inputs => ({
   version: getInput('version'),
   dest: parseInputPath('dest'),
+  cache: getBooleanInput('cache'),
+  cacheDependencyPath: parseInputPath('cache_dependency_path'),
   runInstall: parseRunInstall('run_install'),
+  packageJsonFile: parseInputPath('package_json_file'),
+  standalone: getBooleanInput('standalone'),
 })
 
 export default getInputs

src/inputs/run-install-input.schema.autogen.json

@@ -1,21 +0,0 @@
-{
-  "$schema": "https://raw.githubusercontent.com/ksxnodeapps/ts-schema-autogen/master/packages/schemas/config.schema.json",
-  "instruction": {
-    "compilerOptions": {
-      "strict": true,
-      "target": "ES2018",
-      "lib": [
-        "ES2018",
-        "ES2019",
-        "ES2020",
-        "ESNext"
-      ],
-      "moduleResolution": "Node",
-      "esModuleInterop": true,
-      "resolveJsonModule": true
-    },
-    "input": "run-install.ts",
-    "symbol": "RunInstallInput",
-    "output": "run-install-input.schema.json"
-  }
-}

src/inputs/run-install-input.schema.json

@@ -1,39 +0,0 @@
-{
-  "anyOf": [
-    {
-      "$ref": "#/definitions/RunInstall"
-    },
-    {
-      "type": "array",
-      "items": {
-        "$ref": "#/definitions/RunInstall"
-      }
-    },
-    {
-      "type": [
-        "null",
-        "boolean"
-      ]
-    }
-  ],
-  "definitions": {
-    "RunInstall": {
-      "type": "object",
-      "properties": {
-        "recursive": {
-          "type": "boolean"
-        },
-        "cwd": {
-          "type": "string"
-        },
-        "args": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        }
-      }
-    }
-  },
-  "$schema": "http://json-schema.org/draft-07/schema#"
-}

src/inputs/run-install.ts

@@ -1,39 +1,41 @@
-import { getInput, error, InputOptions } from '@actions/core'
-import Ajv from 'ajv'
-import { load } from 'js-yaml'
-import process from 'process'
-import runInstallSchema from './run-install-input.schema.json'
+import { getInput, error } from '@actions/core'
+import { parse as parseYaml } from 'yaml'
+import { z, ZodError } from 'zod'
 
-export interface RunInstall {
-  readonly recursive?: boolean
-  readonly cwd?: string
-  readonly args?: readonly string[]
-}
+const RunInstallSchema = z.object({
+  recursive: z.boolean().optional(),
+  cwd: z.string().optional(),
+  args: z.array(z.string()).optional(),
+})
 
-export type RunInstallInput =
-  | null
-  | boolean
-  | RunInstall
-  | RunInstall[]
+const RunInstallInputSchema = z.union([
+  z.null(),
+  z.boolean(),
+  RunInstallSchema,
+  z.array(RunInstallSchema),
+])
 
-const options: InputOptions = {
-  required: true,
-}
+export type RunInstallInput = z.infer<typeof RunInstallInputSchema>
+export type RunInstall = z.infer<typeof RunInstallSchema>
 
-export function parseRunInstall(name: string): RunInstall[] {
-  const result: RunInstallInput = load(getInput(name, options)) as any
-  const ajv = new Ajv({
-    allErrors: true,
-  })
-  const validate = ajv.compile(runInstallSchema)
-  if (!validate(result)) {
-    for (const errorItem of validate.errors!) {
-      error(`with.run_install${errorItem.dataPath}: ${errorItem.message}`)
+export function parseRunInstall(inputName: string): RunInstall[] {
+  const input = getInput(inputName, { required: true })
+  const parsedInput: unknown = parseYaml(input)
+
+  try {
+    const result: RunInstallInput = RunInstallInputSchema.parse(parsedInput)
+    if (!result) return []
+    if (result === true) return [{ recursive: true }]
+    if (Array.isArray(result)) return result
+    return [result]
+  } catch (exception: unknown) {
+    error(`Error for input "${inputName}" = ${input}`)
+
+    if (exception instanceof ZodError) {
+      error(`Errors: ${exception.errors}`)
+    } else {
+      error(`Exception: ${exception}`)
     }
-    return process.exit(1)
+    process.exit(1)
   }
-  if (!result) return []
-  if (result === true) return [{ recursive: true }]
-  if (Array.isArray(result)) return result
-  return [result]
 }

src/install-pnpm/bootstrap/exe-lock.json

@@ -0,0 +1,344 @@
+{
+  "name": "bootstrap-exe",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "dependencies": {
+        "@pnpm/exe": "11.0.4"
+      }
+    },
+    "node_modules/@pnpm/exe": {
+      "version": "11.0.4",
+      "resolved": "https://registry.npmjs.org/@pnpm/exe/-/exe-11.0.4.tgz",
+      "integrity": "sha512-3OwYqbbj1KtuUqoMo5OEkY8nU/WutZ7L5ADFl0bbW9oyqU55U37aDqA3NJNSk28CyszNARfrjerAF2DW2TsV7w==",
+      "hasInstallScript": true,
+      "license": "MIT",
+      "dependencies": {
+        "@reflink/reflink": "0.1.19",
+        "detect-libc": "^2.0.3"
+      },
+      "bin": {
+        "pn": "pn",
+        "pnpm": "pnpm",
+        "pnpx": "pnpx",
+        "pnx": "pnx"
+      },
+      "funding": {
+        "url": "https://opencollective.com/pnpm"
+      },
+      "optionalDependencies": {
+        "@pnpm/linux-arm64": "11.0.4",
+        "@pnpm/linux-x64": "11.0.4",
+        "@pnpm/linuxstatic-arm64": "11.0.4",
+        "@pnpm/linuxstatic-x64": "11.0.4",
+        "@pnpm/macos-arm64": "11.0.4",
+        "@pnpm/macos-x64": "11.0.4",
+        "@pnpm/win-arm64": "11.0.4",
+        "@pnpm/win-x64": "11.0.4"
+      }
+    },
+    "node_modules/@pnpm/linux-arm64": {
+      "version": "11.0.4",
+      "resolved": "https://registry.npmjs.org/@pnpm/linux-arm64/-/linux-arm64-11.0.4.tgz",
+      "integrity": "sha512-Bz7V2sFypoGHX/t5w/w7jnCw5DCK3C8s5q8whHJJ3iS5kRznX3Q1F4LwSjjy+lsi777fHyNIvD7qtNmdt9IKoA==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/pnpm"
+      }
+    },
+    "node_modules/@pnpm/linux-x64": {
+      "version": "11.0.4",
+      "resolved": "https://registry.npmjs.org/@pnpm/linux-x64/-/linux-x64-11.0.4.tgz",
+      "integrity": "sha512-u0Yn1gytR1vKdPk6fYF500H8ZWQlj0cTuIQPp+5GYVPkMmA5bSw41RNIDPBfjDlE8ERmQWaQcrgmTcmTZ+n22A==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/pnpm"
+      }
+    },
+    "node_modules/@pnpm/linuxstatic-arm64": {
+      "version": "11.0.4",
+      "resolved": "https://registry.npmjs.org/@pnpm/linuxstatic-arm64/-/linuxstatic-arm64-11.0.4.tgz",
+      "integrity": "sha512-0aitEcfhWNXNZhfJGt/kJaRvfcdtJzXZpV+toJN94kfawSJnhuawfnUSXMi/3m0G97HkJc7BH8rOz3sojUKt0g==",
+      "cpu": [
+        "arm64"
+      ],
+      "libc": [
+        "musl"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/pnpm"
+      }
+    },
+    "node_modules/@pnpm/linuxstatic-x64": {
+      "version": "11.0.4",
+      "resolved": "https://registry.npmjs.org/@pnpm/linuxstatic-x64/-/linuxstatic-x64-11.0.4.tgz",
+      "integrity": "sha512-xDJdeJ7D2YvDBy2/IH9lEqMKiSuZiV8190XKWOgQgxUGGeuW4z3j6Ewpl0S5bXsWuNjAgC+uCKp7Qp3P7cXAvw==",
+      "cpu": [
+        "x64"
+      ],
+      "libc": [
+        "musl"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/pnpm"
+      }
+    },
+    "node_modules/@pnpm/macos-arm64": {
+      "version": "11.0.4",
+      "resolved": "https://registry.npmjs.org/@pnpm/macos-arm64/-/macos-arm64-11.0.4.tgz",
+      "integrity": "sha512-dNR69jUARtGFuyyLE9VuyxhRUKC8MO/7/xIyAdeIMZAD5ej0Y/Ct0DYCa/FLbgFL1nXaXmp4+gRMfJBkkrKfQQ==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/pnpm"
+      }
+    },
+    "node_modules/@pnpm/macos-x64": {
+      "version": "11.0.4",
+      "resolved": "https://registry.npmjs.org/@pnpm/macos-x64/-/macos-x64-11.0.4.tgz",
+      "integrity": "sha512-RfyrxSBajeEU16dZsgFjbdagDV9F4HNCJfbBgm8IbGjL0+J95naM/VmCDLd6S3+1tISeI2MxtcyCxqjKJsD/BA==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/pnpm"
+      }
+    },
+    "node_modules/@pnpm/win-arm64": {
+      "version": "11.0.4",
+      "resolved": "https://registry.npmjs.org/@pnpm/win-arm64/-/win-arm64-11.0.4.tgz",
+      "integrity": "sha512-fOQEv8b9KxZlUAxPPXSQQUUIrt2nY24Qwd4RzCPpatacBnsE4JIadlr/B4V5z2zFxmV7FdHr7nYUhv2RqTlY/w==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/pnpm"
+      }
+    },
+    "node_modules/@pnpm/win-x64": {
+      "version": "11.0.4",
+      "resolved": "https://registry.npmjs.org/@pnpm/win-x64/-/win-x64-11.0.4.tgz",
+      "integrity": "sha512-pErHAV8m3NZuPSeCmH3senTSHX0nwkH5lLzQSpiFuyt08hq8sqL3jDymT4ri9N7ixPN9RFZghZIiT3h+Croaew==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/pnpm"
+      }
+    },
+    "node_modules/@reflink/reflink": {
+      "version": "0.1.19",
+      "resolved": "https://registry.npmjs.org/@reflink/reflink/-/reflink-0.1.19.tgz",
+      "integrity": "sha512-DmCG8GzysnCZ15bres3N5AHCmwBwYgp0As6xjhQ47rAUTUXxJiK+lLUxaGsX3hd/30qUpVElh05PbGuxRPgJwA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 10"
+      },
+      "optionalDependencies": {
+        "@reflink/reflink-darwin-arm64": "0.1.19",
+        "@reflink/reflink-darwin-x64": "0.1.19",
+        "@reflink/reflink-linux-arm64-gnu": "0.1.19",
+        "@reflink/reflink-linux-arm64-musl": "0.1.19",
+        "@reflink/reflink-linux-x64-gnu": "0.1.19",
+        "@reflink/reflink-linux-x64-musl": "0.1.19",
+        "@reflink/reflink-win32-arm64-msvc": "0.1.19",
+        "@reflink/reflink-win32-x64-msvc": "0.1.19"
+      }
+    },
+    "node_modules/@reflink/reflink-darwin-arm64": {
+      "version": "0.1.19",
+      "resolved": "https://registry.npmjs.org/@reflink/reflink-darwin-arm64/-/reflink-darwin-arm64-0.1.19.tgz",
+      "integrity": "sha512-ruy44Lpepdk1FqDz38vExBY/PVUsjxZA+chd9wozjUH9JjuDT/HEaQYA6wYN9mf041l0yLVar6BCZuWABJvHSA==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "node_modules/@reflink/reflink-darwin-x64": {
+      "version": "0.1.19",
+      "resolved": "https://registry.npmjs.org/@reflink/reflink-darwin-x64/-/reflink-darwin-x64-0.1.19.tgz",
+      "integrity": "sha512-By85MSWrMZa+c26TcnAy8SDk0sTUkYlNnwknSchkhHpGXOtjNDUOxJE9oByBnGbeuIE1PiQsxDG3Ud+IVV9yuA==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "node_modules/@reflink/reflink-linux-arm64-gnu": {
+      "version": "0.1.19",
+      "resolved": "https://registry.npmjs.org/@reflink/reflink-linux-arm64-gnu/-/reflink-linux-arm64-gnu-0.1.19.tgz",
+      "integrity": "sha512-7P+er8+rP9iNeN+bfmccM4hTAaLP6PQJPKWSA4iSk2bNvo6KU6RyPgYeHxXmzNKzPVRcypZQTpFgstHam6maVg==",
+      "cpu": [
+        "arm64"
+      ],
+      "libc": [
+        "glibc"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "node_modules/@reflink/reflink-linux-arm64-musl": {
+      "version": "0.1.19",
+      "resolved": "https://registry.npmjs.org/@reflink/reflink-linux-arm64-musl/-/reflink-linux-arm64-musl-0.1.19.tgz",
+      "integrity": "sha512-37iO/Dp6m5DDaC2sf3zPtx/hl9FV3Xze4xoYidrxxS9bgP3S8ALroxRK6xBG/1TtfXKTvolvp+IjrUU6ujIGmA==",
+      "cpu": [
+        "arm64"
+      ],
+      "libc": [
+        "musl"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "node_modules/@reflink/reflink-linux-x64-gnu": {
+      "version": "0.1.19",
+      "resolved": "https://registry.npmjs.org/@reflink/reflink-linux-x64-gnu/-/reflink-linux-x64-gnu-0.1.19.tgz",
+      "integrity": "sha512-jbI8jvuYCaA3MVUdu8vLoLAFqC+iNMpiSuLbxlAgg7x3K5bsS8nOpTRnkLF7vISJ+rVR8W+7ThXlXlUQ93ulkw==",
+      "cpu": [
+        "x64"
+      ],
+      "libc": [
+        "glibc"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "node_modules/@reflink/reflink-linux-x64-musl": {
+      "version": "0.1.19",
+      "resolved": "https://registry.npmjs.org/@reflink/reflink-linux-x64-musl/-/reflink-linux-x64-musl-0.1.19.tgz",
+      "integrity": "sha512-e9FBWDe+lv7QKAwtKOt6A2W/fyy/aEEfr0g6j/hWzvQcrzHCsz07BNQYlNOjTfeytrtLU7k449H1PI95jA4OjQ==",
+      "cpu": [
+        "x64"
+      ],
+      "libc": [
+        "musl"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "node_modules/@reflink/reflink-win32-arm64-msvc": {
+      "version": "0.1.19",
+      "resolved": "https://registry.npmjs.org/@reflink/reflink-win32-arm64-msvc/-/reflink-win32-arm64-msvc-0.1.19.tgz",
+      "integrity": "sha512-09PxnVIQcd+UOn4WAW73WU6PXL7DwGS6wPlkMhMg2zlHHG65F3vHepOw06HFCq+N42qkaNAc8AKIabWvtk6cIQ==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "node_modules/@reflink/reflink-win32-x64-msvc": {
+      "version": "0.1.19",
+      "resolved": "https://registry.npmjs.org/@reflink/reflink-win32-x64-msvc/-/reflink-win32-x64-msvc-0.1.19.tgz",
+      "integrity": "sha512-E//yT4ni2SyhwP8JRjVGWr3cbnhWDiPLgnQ66qqaanjjnMiu3O/2tjCPQXlcGc/DEYofpDc9fvhv6tALQsMV9w==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "node_modules/detect-libc": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz",
+      "integrity": "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==",
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=8"
+      }
+    }
+  }
+}

src/install-pnpm/bootstrap/pnpm-lock.json

@@ -0,0 +1,30 @@
+{
+  "name": "bootstrap-pnpm",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "dependencies": {
+        "pnpm": "11.0.4"
+      }
+    },
+    "node_modules/pnpm": {
+      "version": "11.0.4",
+      "resolved": "https://registry.npmjs.org/pnpm/-/pnpm-11.0.4.tgz",
+      "integrity": "sha512-CjlxZQB6AU7VKRmmHl9GxIubyohATDA+yuzGP2Le9WOJjTxril1epYEes5jP4DqwXaGlzpY/Em1erUwC+TuDww==",
+      "license": "MIT",
+      "bin": {
+        "pn": "bin/pnpm.mjs",
+        "pnpm": "bin/pnpm.mjs",
+        "pnpx": "bin/pnpx.mjs",
+        "pnx": "bin/pnpx.mjs"
+      },
+      "engines": {
+        "node": ">=22.13"
+      },
+      "funding": {
+        "url": "https://opencollective.com/pnpm"
+      }
+    }
+  }
+}

src/install-pnpm/index.ts

@@ -4,13 +4,15 @@ import runSelfInstaller from './run'
 
 export { runSelfInstaller }
 
-export async function install(inputs: Inputs) {
+export async function install(inputs: Inputs): Promise<string | undefined> {
   startGroup('Running self-installer...')
-  const status = await runSelfInstaller(inputs)
+  const { exitCode, binDest } = await runSelfInstaller(inputs)
   endGroup()
-  if (status) {
-    return setFailed(`Something went wrong, self-installer exits with code ${status}`)
+  if (exitCode) {
+    setFailed(`Something went wrong, self-installer exits with code ${exitCode}`)
+    return undefined
   }
+  return binDest
 }
 
 export default install

src/install-pnpm/run.ts

@@ -1,61 +1,202 @@
 import { addPath, exportVariable } from '@actions/core'
 import { spawn } from 'child_process'
-import { remove, ensureFile, writeFile, readFile } from 'fs-extra'
+import { rm, writeFile, mkdir, symlink } from 'fs/promises'
+import { readFileSync, existsSync } from 'fs'
 import path from 'path'
-import { execPath } from 'process'
+import util from 'util'
 import { Inputs } from '../inputs'
+import { parse as parseYaml } from 'yaml'
+import pnpmLock from './bootstrap/pnpm-lock.json'
+import exeLock from './bootstrap/exe-lock.json'
 
-export async function runSelfInstaller(inputs: Inputs): Promise<number> {
-  const { version, dest } = inputs
+const BOOTSTRAP_PNPM_PACKAGE_JSON = JSON.stringify({ private: true, dependencies: { pnpm: pnpmLock.packages['node_modules/pnpm'].version } })
+const BOOTSTRAP_EXE_PACKAGE_JSON = JSON.stringify({ private: true, dependencies: { '@pnpm/exe': exeLock.packages['node_modules/@pnpm/exe'].version } })
 
-  // prepare self install
-  await remove(dest)
-  const pkgJson = path.join(dest, 'package.json')
-  await ensureFile(pkgJson)
-  await writeFile(pkgJson, JSON.stringify({ private: true }))
-
-  // prepare target pnpm
-  const target = await readTarget(version)
-  const cp = spawn(execPath, [path.join(__dirname, 'pnpm.js'), 'install', target, '--no-lockfile'], {
-    cwd: dest,
-    stdio: ['pipe', 'inherit', 'inherit'],
-  })
-
-  const exitCode = await new Promise<number>((resolve, reject) => {
-    cp.on('error', reject)
-    cp.on('close', resolve)
-  })
-  if (exitCode === 0) {
-    const pnpmHome = path.join(dest, 'node_modules/.bin')
-    addPath(pnpmHome)
-    exportVariable('PNPM_HOME', pnpmHome)
-  }
-  return exitCode
+export interface SelfInstallerResult {
+  exitCode: number
+  binDest: string
 }
 
-async function readTarget(version?: string | undefined) {
-  if (version) return `pnpm@${version}`
+export async function runSelfInstaller(inputs: Inputs): Promise<SelfInstallerResult> {
+  const { version, dest, packageJsonFile } = inputs
 
+  // pnpm v11 requires Node >= 22.13; use standalone (exe) bootstrap which
+  // bundles its own Node.js when the system Node is too old
+  const systemNode = await getSystemNodeVersion()
+  const standalone = inputs.standalone || systemNode.major < 22 || (systemNode.major === 22 && systemNode.minor < 13)
+
+  // Install bootstrap pnpm via npm (integrity verified by committed lockfile)
+  await rm(dest, { recursive: true, force: true })
+  await mkdir(dest, { recursive: true })
+
+  const lockfile = standalone ? exeLock : pnpmLock
+  const packageJson = standalone ? BOOTSTRAP_EXE_PACKAGE_JSON : BOOTSTRAP_PNPM_PACKAGE_JSON
+  await writeFile(path.join(dest, 'package.json'), packageJson)
+  await writeFile(path.join(dest, 'package-lock.json'), JSON.stringify(lockfile))
+
+  // Append the action's node directory to PATH so npm's
+  // `#!/usr/bin/env node` shebang resolves on runners (e.g. GHE
+  // self-hosted) where node isn't already on PATH. Append (not
+  // prepend) so a user-installed toolchain on PATH — e.g. from a
+  // prior `setup-node` step — keeps precedence; otherwise the
+  // runner-bundled node would shadow it and pair the user's npm
+  // with a mismatched node version. npm itself is resolved via
+  // PATH — on the GitHub Actions runner it is not co-located with
+  // `process.execPath`.
+  const nodeDir = path.dirname(process.execPath)
+  // On Windows, the PATH key casing varies; search case-insensitively.
+  const pathKey = Object.keys(process.env).find(k => k.toUpperCase() === 'PATH') ?? 'PATH'
+  const currentPath = process.env[pathKey]
+  const npmEnv = { ...process.env, [pathKey]: currentPath ? currentPath + path.delimiter + nodeDir : nodeDir }
+  const npmExitCode = await runCommand('npm', ['ci'], { cwd: dest, env: npmEnv })
+  if (npmExitCode !== 0) {
+    return { exitCode: npmExitCode, binDest: path.join(dest, 'node_modules', '.bin') }
+  }
+
+  // On Windows with standalone mode, npm's .bin shims can't properly
+  // execute the extensionless @pnpm/exe native binaries. Add the
+  // @pnpm/exe directory directly to PATH so pnpm.exe is found natively.
+  const pnpmHome = standalone && process.platform === 'win32'
+    ? path.join(dest, 'node_modules', '@pnpm', 'exe')
+    : path.join(dest, 'node_modules', '.bin')
+  // PNPM_HOME/bin is where `pnpm self-update` places the target version
+  // binary. It must have higher PATH precedence than pnpmHome (which
+  // contains the bootstrap binary) so the self-updated version is found
+  // first. The bootstrap pnpm is invoked via absolute path, not PATH,
+  // so this ordering does not affect the bootstrap step.
+  addPath(pnpmHome)
+  addPath(path.join(pnpmHome, 'bin'))
+  exportVariable('PNPM_HOME', pnpmHome)
+
+  // Ensure pnpm bin link exists — npm ci sometimes doesn't create it
+  if (process.platform !== 'win32') {
+    const pnpmBinLink = path.join(dest, 'node_modules', '.bin', 'pnpm')
+    if (!existsSync(pnpmBinLink)) {
+      await mkdir(path.join(dest, 'node_modules', '.bin'), { recursive: true })
+      const target = standalone
+        ? path.join('..', '@pnpm', 'exe', 'pnpm')
+        : path.join('..', 'pnpm', 'bin', 'pnpm.mjs')
+      await symlink(target, pnpmBinLink)
+    }
+  }
+
+  const bootstrapPnpm = standalone
+    ? path.join(dest, 'node_modules', '@pnpm', 'exe', process.platform === 'win32' ? 'pnpm.exe' : 'pnpm')
+    : path.join(dest, 'node_modules', 'pnpm', 'bin', 'pnpm.mjs')
+
+  // Determine the target version
+  const targetVersion = readTargetVersion({ version, packageJsonFile })
+
+  if (targetVersion) {
+    const cmd = standalone ? bootstrapPnpm : process.execPath
+    const args = standalone ? ['self-update', targetVersion] : [bootstrapPnpm, 'self-update', targetVersion]
+    const exitCode = await runCommand(cmd, args, { cwd: dest })
+    if (exitCode !== 0) {
+      return { exitCode, binDest: pnpmHome }
+    }
+    // self-update writes the target pnpm/pnpx into PNPM_HOME/bin, leaving
+    // the bootstrap symlinks in pnpmHome pointing at the old version. Use
+    // PNPM_HOME/bin so consumers of the bin_dest output (e.g.
+    // `${steps.pnpm.outputs.bin_dest}/pnpm`) invoke the requested version.
+    return { exitCode: 0, binDest: path.join(pnpmHome, 'bin') }
+  }
+
+  // No explicit target version: rely on the bootstrap pnpm to switch to
+  // the version declared in packageManager/devEngines at runtime. Force
+  // `pmOnFail=download` so a project that pins
+  // `devEngines.packageManager.onFail = "error"` doesn't trip BAD_PM_VERSION
+  // before the switch can happen (issue #252). Scoped to this branch so users
+  // who pass an explicit `version:` input keep strict onFail behavior.
+  exportVariable('pnpm_config_pm_on_fail', 'download')
+  return { exitCode: 0, binDest: pnpmHome }
+}
+
+function readTargetVersion(opts: {
+  readonly version?: string | undefined
+  readonly packageJsonFile: string
+}): string | undefined {
+  const { version, packageJsonFile } = opts
   const { GITHUB_WORKSPACE } = process.env
+
+  let packageManager: string | undefined
+  let devEngines: { packageManager?: { name?: string; version?: string } } | undefined
+
+  if (GITHUB_WORKSPACE) {
+    try {
+      const content = readFileSync(path.join(GITHUB_WORKSPACE, packageJsonFile), 'utf8');
+      const manifest = packageJsonFile.endsWith(".yaml")
+        ? parseYaml(content, { merge: true })
+        : JSON.parse(content)
+      packageManager = manifest.packageManager
+      devEngines = manifest.devEngines
+    } catch (error: unknown) {
+      // Swallow error if package.json doesn't exist in root
+      if (!util.types.isNativeError(error) || !('code' in error) || error.code !== 'ENOENT') throw error
+    }
+  }
+
+  if (version) {
+    if (
+      typeof packageManager === 'string' &&
+      packageManager.startsWith('pnpm@') &&
+      packageManager.replace('pnpm@', '') !== version
+    ) {
+      throw new Error(`Multiple versions of pnpm specified:
+  - version ${version} in the GitHub Action config with the key "version"
+  - version ${packageManager} in the package.json with the key "packageManager"
+Remove one of these versions to avoid version mismatch errors like ERR_PNPM_BAD_PM_VERSION`)
+    }
+
+    return version
+  }
+
+  // pnpm will automatically download and switch to the right version
+  if (typeof packageManager === 'string' && packageManager.startsWith('pnpm@')) {
+    return undefined
+  }
+
+  if (devEngines?.packageManager?.name === 'pnpm' && devEngines.packageManager.version) {
+    return undefined
+  }
+
   if (!GITHUB_WORKSPACE) {
     throw new Error(`No workspace is found.
-If you're intended to let pnpm/action-setup read preferred pnpm version from the "packageManager" field in the package.json file,
+If you've intended to let pnpm/action-setup read preferred pnpm version from the "packageManager" field in the package.json file,
 please run the actions/checkout before pnpm/action-setup.
 Otherwise, please specify the pnpm version in the action configuration.`)
   }
 
-  const { packageManager } = JSON.parse(await readFile(path.join(GITHUB_WORKSPACE, 'package.json'), 'utf8'))
-  if (typeof packageManager !== 'string') {
-    throw new Error(`No pnpm version is specified.
+  throw new Error(`No pnpm version is specified.
 Please specify it by one of the following ways:
   - in the GitHub Action config with the key "version"
-  - in the package.json with the key "packageManager" (See https://nodejs.org/api/corepack.html)`)
-  }
+  - in the package.json with the key "packageManager"
+  - in the package.json with the key "devEngines.packageManager"`)
+}
 
-  if (!packageManager.startsWith('pnpm@')) {
-    throw new Error('Invalid packageManager field in package.json')
-  }
-  return packageManager
+function getSystemNodeVersion(): Promise<{ major: number; minor: number }> {
+  return new Promise((resolve) => {
+    const cp = spawn('node', ['--version'], { stdio: ['pipe', 'pipe', 'pipe'], shell: process.platform === 'win32' })
+    let output = ''
+    cp.stdout.on('data', (data: Buffer) => { output += data.toString() })
+    cp.on('close', () => {
+      const match = output.match(/^v(\d+)\.(\d+)/)
+      resolve(match ? { major: parseInt(match[1], 10), minor: parseInt(match[2], 10) } : { major: 0, minor: 0 })
+    })
+    cp.on('error', () => resolve({ major: 0, minor: 0 }))
+  })
+}
+
+function runCommand(cmd: string, args: string[], opts: { cwd: string; env?: Record<string, string | undefined> }): Promise<number> {
+  return new Promise<number>((resolve, reject) => {
+    const cp = spawn(cmd, args, {
+      cwd: opts.cwd,
+      env: opts.env,
+      stdio: ['pipe', 'inherit', 'inherit'],
+      shell: process.platform === 'win32',
+    })
+    cp.on('error', reject)
+    cp.on('close', resolve)
+  })
 }
 
 export default runSelfInstaller

src/outputs/index.ts

@@ -1,10 +1,9 @@
-import { setOutput, addPath } from '@actions/core'
+import { setOutput } from '@actions/core'
 import { Inputs } from '../inputs'
-import { getBinDest } from '../utils'
 
-export function setOutputs(inputs: Inputs) {
-  const binDest = getBinDest(inputs)
-  addPath(binDest)
+export function setOutputs(inputs: Inputs, binDest: string) {
+  // NOTE: addPath is already called in installPnpm — do not call it again
+  // here, as a second addPath would shadow the correct entry on Windows.
   setOutput('dest', inputs.dest)
   setOutput('bin_dest', binDest)
 }

src/utils/index.ts

@@ -6,5 +6,5 @@ export const getBinDest = (inputs: Inputs): string => path.join(inputs.dest, 'no
 
 export const patchPnpmEnv = (inputs: Inputs): NodeJS.ProcessEnv => ({
   ...process.env,
-  PATH: getBinDest(inputs) + path.delimiter + process.env.PATH,
+  PATH: path.join(getBinDest(inputs), 'bin') + path.delimiter + getBinDest(inputs) + path.delimiter + process.env.PATH,
 })

tsconfig.json

@@ -1,30 +1,19 @@
-
 {
   "compilerOptions": {
-    "target": "ES2018",
-    "module": "CommonJS",
-    "moduleResolution": "Node",
+    "target": "ES2022",
+    "module": "ESNext",
+    "moduleResolution": "bundler",
     "resolveJsonModule": true,
     "lib": [
-      "ES2018",
-      "ES2019",
-      "ES2020",
-      "ESNext"
+      "ES2023"
     ],
-    "outDir": "./dist/tsc",
-    "preserveConstEnums": true,
-    "incremental": false,
-    "declaration": true,
-    "sourceMap": true,
-    "importHelpers": false,
+    "noEmit": true,
     "strict": true,
     "pretty": true,
     "noUnusedLocals": true,
     "noUnusedParameters": true,
     "noImplicitReturns": true,
     "noFallthroughCasesInSwitch": true,
-    "esModuleInterop": true,
-    "experimentalDecorators": true,
-    "emitDecoratorMetadata": true
+    "esModuleInterop": true
   }
 }