actions/setup-pnpm
1
0
Fork 0
mirror of https://github.com/pnpm/action-setup.git synced 2026-05-14 22:33:32 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: actions:v6
Branches Tags
actions:master actions:update-pnpm actions:fix-standalone-windows-path actions:fix/233 actions:fix/252 actions:fix/247 actions:fix/240 actions:test-reproduce-version-issues actions:fix-windows2 actions:fix-windows actions:dev-engines-pm actions:fix/pn-pnx-alias-links actions:next actions:fix/add-pnpm-home-bin-to-path actions:update-node actions:fix-ci-macos actions:refactor-remove-star-imports actions:update-pnpm-test actions:remove-v2-warning actions:v2 actions:fix/135 actions:dependabot/npm_and_yarn/undici-5.28.4 actions:v3 actions:bundle actions:feat/18 actions:pnpm-v7-test actions:add-to-path actions:install-command actions:inspect-is-post actions:fixing-windows
actions:v6 actions:v6.0.8 actions:v6.0.7 actions:v6.0.6 actions:v6.0.5 actions:v6.0.4 actions:v6.0.3 actions:v6.0.2 actions:v6.0.1 actions:v6.0.0 actions:v4 actions:v5.0.0 actions:v5 actions:v4.4.0 actions:v4.3.0 actions:v4.2.0 actions:v4.1.0 actions:v2.4.1 actions:v4.0.0 actions:v3.0.0 actions:v2.4.0 actions:v2.3.0 actions:v2.2.4 actions:v2.2.3 actions:v2.2.2 actions:v2.2.1 actions:v2.2.0 actions:v2.1.0 actions:v2.0.1 actions:v2.0.0 actions:v2.0.0-rc.0 actions:v1.2.1 actions:v1.2.0 actions:v1.1.1 actions:v1.1.0 actions:v1 actions:v1.0.0
..
compare: actions:fix/247
Branches Tags
actions:master actions:update-pnpm actions:fix-standalone-windows-path actions:fix/233 actions:fix/252 actions:fix/247 actions:fix/240 actions:test-reproduce-version-issues actions:fix-windows2 actions:fix-windows actions:dev-engines-pm actions:fix/pn-pnx-alias-links actions:next actions:fix/add-pnpm-home-bin-to-path actions:update-node actions:fix-ci-macos actions:refactor-remove-star-imports actions:update-pnpm-test actions:remove-v2-warning actions:v2 actions:fix/135 actions:dependabot/npm_and_yarn/undici-5.28.4 actions:v3 actions:bundle actions:feat/18 actions:pnpm-v7-test actions:add-to-path actions:install-command actions:inspect-is-post actions:fixing-windows
actions:v6 actions:v6.0.8 actions:v6.0.7 actions:v6.0.6 actions:v6.0.5 actions:v6.0.4 actions:v6.0.3 actions:v6.0.2 actions:v6.0.1 actions:v6.0.0 actions:v4 actions:v5.0.0 actions:v5 actions:v4.4.0 actions:v4.3.0 actions:v4.2.0 actions:v4.1.0 actions:v2.4.1 actions:v4.0.0 actions:v3.0.0 actions:v2.4.0 actions:v2.3.0 actions:v2.2.4 actions:v2.2.3 actions:v2.2.2 actions:v2.2.1 actions:v2.2.0 actions:v2.1.0 actions:v2.0.1 actions:v2.0.0 actions:v2.0.0-rc.0 actions:v1.2.1 actions:v1.2.0 actions:v1.1.1 actions:v1.1.0 actions:v1 actions:v1.0.0

3 Commits
v6 ... fix/247

Author SHA1 Message Date
Zoltan Kochan
d3bf712ddd build: rebuild dist with clean lockfile-matched deps 2026-05-07 09:03:15 +02:00
Zoltan Kochan
01da663869 test(ci): pass bin_dest via env to survive Windows backslashes 
Direct GitHub-expression interpolation of `${{ steps.pnpm.outputs.bin_dest }}`
into the bash script let bash eat the backslashes in the Windows path
(`C:Usersrunneradminsetup-pnpmnode_modules.binbin/pnpm`), failing with
"No such file or directory". Forward the value via env so the path
reaches bash unmangled.
 2026-05-07 08:59:18 +02:00
Zoltan Kochan
624e28f5d0 fix: bin_dest output points to self-updated pnpm, not bootstrap (#247) 
`pnpm self-update <version>` writes the target binary to
`${PNPM_HOME}/bin/`, leaving the bootstrap symlink at `${PNPM_HOME}/pnpm`
untouched. The `bin_dest` output was set to `${PNPM_HOME}`, so consumers
invoking `${{ steps.pnpm.outputs.bin_dest }}/pnpm` got the bootstrap
version (currently 11.0.4) instead of the version they requested.

PATH lookup hid the bug: `${PNPM_HOME}/bin` was prepended ahead of
`${PNPM_HOME}`, so `pnpm` resolved from PATH was the right one. Existing
version-respect tests only checked `pnpm --version`, not `bin_dest`.

Resolve `binDest` inside `runSelfInstaller` (target lives in
`${PNPM_HOME}/bin` after self-update, otherwise stays at `${PNPM_HOME}`)
and plumb it through to `setOutputs`. Add a regression test that invokes
`${bin_dest}/pnpm --version` directly across Linux/macOS/Windows.
 2026-05-07 08:55:16 +02:00
12 changed files with 447 additions and 447 deletions
Expand all files Collapse all files

1
.github/CODEOWNERS vendored
View File

@@ -1 +0,0 @@
* @zkochan

409
.github/workflows/test.yaml vendored
View File

@@ -1,73 +1,43 @@
name: Test Action
on:
pull_request:
push:
branches:
- master
workflow_dispatch:
- push
- pull_request
- workflow_dispatch
jobs:
smoke:
# Cross-OS coverage. Exercises the bootstrap install + PATH on each platform,
# the version-respects-request regression (#225 / #230 — Windows PATH shadow),
# and the bin_dest output regression (#247). Multi-version coverage on Linux
# so we don't pay 3x for major-version differences.
name: 'Smoke (${{ matrix.name }})'
test_default_inputs:
name: Test with default inputs
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
- name: 'ubuntu / v9.15.5'
os: ubuntu-latest
version: '9.15.5'
- name: 'ubuntu / v10.33.0'
os: ubuntu-latest
version: '10.33.0'
- name: 'ubuntu / v9.15.5 / custom-dest'
os: ubuntu-latest
version: '9.15.5'
dest: '~/test/pnpm'
- name: 'macos / v9.15.5'
os: macos-latest
version: '9.15.5'
- name: 'windows / v9.15.5'
os: windows-latest
version: '9.15.5'
pnpm:
- 9.15.5
os:
- ubuntu-latest
- macos-latest
- windows-latest
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- id: pnpm
name: Run the action
- name: Run the action
uses: ./
with:
version: ${{ matrix.version }}
dest: ${{ matrix.dest || '~/setup-pnpm' }}
version: 9.15.5
- name: 'Test: pnpm/pnpx on PATH report the requested version (incl. via bin_dest)'
# Pass paths via env, not template interpolation, so Windows
# backslashes in `bin_dest` aren't eaten by bash's escape handling.
env:
BIN_DEST: ${{ steps.pnpm.outputs.bin_dest }}
REQUIRED: ${{ matrix.version }}
- name: 'Test: which'
run: which pnpm; which pnpx
- name: 'Test: version'
run: |
set -e
which pnpm
which pnpx
actual="$(pnpm --version)"
echo "pnpm --version: ${actual}"
if [ "${actual}" != "${REQUIRED}" ]; then
echo "Expected pnpm version ${REQUIRED}, but got ${actual}"
exit 1
fi
bin_dest_version="$("$BIN_DEST/pnpm" --version)"
echo "bin_dest pnpm --version: ${bin_dest_version}"
if [ "${bin_dest_version}" != "${REQUIRED}" ]; then
echo "Expected ${REQUIRED} via bin_dest, but got ${bin_dest_version}"
echo "pnpm version: ${actual}"
if [[ ! "${actual}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-.+)?$ ]]; then
echo "ERROR: pnpm --version did not produce valid output"
exit 1
fi
shell: bash
@@ -80,95 +50,54 @@ jobs:
pnpm add is-odd
shell: bash
manifest_pin:
# Folds the old test_package_manager_field, test_dev_engines, and
# test_dev_engines_on_fail_error jobs. The action's manifest handling is
# OS-independent, so ubuntu-only is sufficient.
name: 'Manifest pin: ${{ matrix.label }}'
test_dest:
name: Test with dest
runs-on: ubuntu-latest
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
- label: 'packageManager pnpm@9.15.5 (#227)'
manifest: '{"packageManager":"pnpm@9.15.5"}'
version: '9.15.5'
- label: 'packageManager pnpm@10.33.0'
manifest: '{"packageManager":"pnpm@10.33.0"}'
version: '10.33.0'
- label: 'devEngines onFail=download, exact'
manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":"9.15.5","onFail":"download"}}}'
version: '9.15.5'
- label: 'devEngines onFail=download, range'
manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":">=9.15.0","onFail":"download"}}}'
version: '>=9.15.0'
- label: 'devEngines onFail=error, exact (#252)'
manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":"9.15.5","onFail":"error"}}}'
version: '9.15.5'
- label: 'devEngines onFail=error, range (#252)'
manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":">=9.15.0","onFail":"error"}}}'
version: '>=9.15.0'
- label: 'explicit version: pnpm_config_pm_on_fail not exported'
# Regression guard for the af8e203 scope fix: when the user passes an
# explicit `version:` input, the action must NOT export
# pnpm_config_pm_on_fail=download, so the user's strict onFail policy
# is preserved. Asserted directly on the env var rather than pnpm
# runtime behavior — different pnpm majors read devEngines
# differently (v10 ignores it, v11+ honors it).
manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":"9.15.5","onFail":"error"}}}'
explicit_version: '10.33.0'
expect_pm_on_fail_unset: true
pnpm:
- 9.15.5
os:
- ubuntu-latest
- macos-latest
- windows-latest
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- name: Set up package.json
run: echo '${{ matrix.manifest }}' > package.json
shell: bash
- name: Run the action
uses: ./
with:
version: ${{ matrix.explicit_version }}
version: 9.15.5
dest: ~/test/pnpm
- name: 'Test: pnpm reports the pinned version'
if: ${{ !matrix.expect_pm_on_fail_unset }}
env:
REQUIRED: ${{ matrix.version }}
- name: 'Test: which'
run: which pnpm && which pnpx
- name: 'Test: version'
run: |
set -e
actual="$(pnpm --version)"
echo "pnpm version: ${actual}"
if [ "${REQUIRED}" = ">=9.15.0" ]; then
min="9.15.0"
if [ "$(printf '%s\n' "${min}" "${actual}" | sort -V | head -n1)" != "${min}" ]; then
echo "Expected pnpm version >= ${min}, but got ${actual}"
exit 1
fi
else
if [ "${actual}" != "${REQUIRED}" ]; then
echo "Expected pnpm version ${REQUIRED}, but got ${actual}"
exit 1
fi
fi
shell: bash
- name: 'Test: pnpm_config_pm_on_fail not exported (explicit version preserves strict policy)'
if: ${{ matrix.expect_pm_on_fail_unset }}
run: |
if [ -n "${pnpm_config_pm_on_fail:-}" ]; then
echo "Expected pnpm_config_pm_on_fail to be unset, but got: '${pnpm_config_pm_on_fail}'"
if [[ ! "${actual}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-.+)?$ ]]; then
echo "ERROR: pnpm --version did not produce valid output"
exit 1
fi
echo "pnpm_config_pm_on_fail is unset, as expected"
shell: bash
standalone:
name: Standalone mode
test_standalone:
name: Test with standalone
runs-on: ubuntu-latest
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- windows-latest
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
@@ -179,125 +108,210 @@ jobs:
version: 9.15.0
standalone: true
- name: 'Test: pnpm works'
- name: 'Test: which'
run: which pnpm
- name: 'Test: version'
run: |
set -e
which pnpm
actual="$(pnpm --version)"
if [ "${actual}" != "9.15.0" ]; then
echo "Expected 9.15.0, got ${actual}"
echo "pnpm version: ${actual}"
if [[ ! "${actual}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-.+)?$ ]]; then
echo "ERROR: pnpm --version did not produce valid output"
exit 1
fi
shell: bash
- name: 'Test: install in a fresh project'
run: |
mkdir /tmp/test-standalone
cd /tmp/test-standalone
pnpm init
pnpm add is-odd
shell: bash
standalone_windows_self_update:
# Regression guard for the patchPnpmEnv PATH-shadow bug. When
# standalone: true on Windows AND the requested pnpm differs from the
# bootstrap, the previous patchPnpmEnv prepended node_modules/.bin to
# PATH; that directory contains an npm-created pnpm.cmd shim pointing
# at the BOOTSTRAP pnpm, which shadowed the self-updated pnpm at
# $PNPM_HOME/bin and caused `pnpm install` inside the action to run
# under the bootstrap version. Exercising a newer-pnpm-only flag
# (`--no-runtime`, added in 11.1.0) makes the regression assertable:
# if the bootstrap (11.0.4) handles the install, it errors with
# "Unknown option: 'runtime'".
name: 'Standalone Windows self-update (PATH regression)'
runs-on: windows-latest
test_version_respects_request:
name: 'Test version input is actually installed (${{ matrix.version }}, ${{ matrix.os }})'
# Regression test for #225 / #230: the bootstrap pnpm on PATH was shadowing the self-updated binary,
# so a user requesting e.g. `version: 9.15.5` would silently get the bootstrap version.
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- macos-latest
- windows-latest
version:
- '9.15.5'
- '10.33.0'
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- name: Set up package.json with a minimal manifest
# run_install needs a manifest to install against. Removing the
# repo's existing pnpm-lock.yaml avoids frozen-lockfile mismatch.
run: |
rm -f pnpm-lock.yaml
echo '{"name":"sw","private":true,"packageManager":"pnpm@11.1.0"}' > package.json
shell: bash
- name: Run the action
uses: ./
with:
version: 11.1.0
standalone: true
run_install: |
args: ['--no-runtime']
version: ${{ matrix.version }}
- name: 'Test: pnpm install completed under the self-updated pnpm'
# If the bug recurs, the previous step's run_install will have failed
# the job with "Unknown option: 'runtime'", so reaching this step
# implies success. Still verify the version on PATH matches request.
env:
REQUIRED: '11.1.0'
- name: 'Test: exact version installed'
run: |
set -e
required='${{ matrix.version }}'
actual="$(pnpm --version)"
echo "pnpm --version: ${actual}"
if [ "${actual}" != "${REQUIRED}" ]; then
echo "Expected pnpm ${REQUIRED}, got ${actual}"
echo "pnpm version: ${actual}"
if [ "${actual}" != "${required}" ]; then
echo "Expected pnpm version ${required}, but got ${actual}"
exit 1
fi
shell: bash
cache_store_path:
# Regression guard for #233. When package.json pins a pnpm major that
# differs from the bootstrap pnpm's major, the bootstrap reports its
# own STORE_VERSION from `pnpm store path` (the `store` command skips
# pnpm's auto-switch). The user's actual `pnpm install` runs under the
# pinned version and writes to a different STORE_VERSION, so the post
# step's saveCache then fails with "Path Validation Error". The fix is
# to self-update the bootstrap to the pinned version up front.
name: 'Cache store path matches install (#233): ${{ matrix.label }}'
test_bin_dest_output:
name: 'Test bin_dest output points to requested version (${{ matrix.version }}, ${{ matrix.os }})'
# Regression test for #247: invoking pnpm via the `bin_dest` output returned the
# bootstrap version because self-update writes the target to `${bin_dest}/bin/`,
# not directly into `${bin_dest}/`.
runs-on: ubuntu-latest
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
- label: 'packageManager pnpm@10.33.0'
manifest: '{"packageManager":"pnpm@10.33.0","dependencies":{"is-odd":"3.0.1"}}'
- label: 'devEngines exact pnpm@10.33.0'
manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":"10.33.0"}},"dependencies":{"is-odd":"3.0.1"}}'
- label: 'devEngines range >=10 <11'
manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":">=10 <11"}},"dependencies":{"is-odd":"3.0.1"}}'
os:
- ubuntu-latest
- macos-latest
- windows-latest
version:
- '9.15.5'
- '10.33.2'
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- name: Set up package.json
run: echo '${{ matrix.manifest }}' > package.json
shell: bash
- id: pnpm
name: Run the action
uses: ./
with:
cache: true
run_install: |
- args: [--no-frozen-lockfile]
version: ${{ matrix.version }}
- name: 'Test: store path computed by the action exists on disk'
- name: 'Test: bin_dest/pnpm reports requested version'
# Pass paths via env, not template interpolation, so Windows
# backslashes in `bin_dest` aren't eaten by bash's escape handling.
env:
BIN_DEST: ${{ steps.pnpm.outputs.bin_dest }}
REQUIRED: ${{ matrix.version }}
run: |
set -e
actual="$(pnpm store path --silent)"
echo "pnpm store path: ${actual}"
if [ ! -d "${actual}" ]; then
echo "Expected store path to exist on disk; cache save would fail"
actual="$("$BIN_DEST/pnpm" --version)"
echo "pnpm version via bin_dest: ${actual}"
if [ "${actual}" != "${REQUIRED}" ]; then
echo "Expected pnpm version ${REQUIRED}, but got ${actual}"
exit 1
fi
shell: bash
run_install:
name: 'run_install (${{ matrix.run_install.name }})'
test_package_manager_field:
name: 'Test packageManager field is respected (${{ matrix.version }}, ${{ matrix.os }})'
# Reproduces #227: when `packageManager` is set in package.json and no `version:` input is given,
# the action should install the version specified there.
runs-on: ubuntu-latest
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- macos-latest
- windows-latest
version:
- '9.15.5'
- '10.33.0'
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- name: Set up package.json with packageManager field
run: echo '{"packageManager":"pnpm@${{ matrix.version }}"}' > package.json
shell: bash
- name: Run the action
uses: ./
- name: 'Test: exact version installed'
run: |
required='${{ matrix.version }}'
actual="$(pnpm --version)"
echo "pnpm version: ${actual}"
if [ "${actual}" != "${required}" ]; then
echo "Expected pnpm version ${required}, but got ${actual}"
exit 1
fi
shell: bash
test_dev_engines:
name: Test with devEngines.packageManager
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- macos-latest
- windows-latest
version:
- '9.15.5'
- '>=9.15.0'
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- name: Set up package.json with devEngines.packageManager
run: echo '{"devEngines":{"packageManager":{"name":"pnpm","version":"${{ matrix.version }}","onFail":"download"}}}' > package.json
shell: bash
- name: Run the action
uses: ./
- name: 'Test: which'
run: which pnpm; which pnpx
- name: 'Test: version'
run: |
set -e
required='${{ matrix.version }}'
actual="$(pnpm --version)"
echo "pnpm version: ${actual}"
if [ "${required}" = ">=9.15.0" ]; then
min="9.15.0"
if [ "$(printf '%s\n' "${min}" "${actual}" | sort -V | head -n1)" != "${min}" ]; then
echo "Expected pnpm version >= ${min}, but got ${actual}"
exit 1
fi
else
if [ "${actual}" != "${required}" ]; then
echo "Expected pnpm version ${required}, but got ${actual}"
exit 1
fi
fi
shell: bash
test_run_install:
name: 'Test with run_install (${{ matrix.run_install.name }}, ${{ matrix.os }})'
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
pnpm:
- 9.15.5
os:
- ubuntu-latest
- macos-latest
- windows-latest
run_install:
- name: 'null'
value: 'null'
@@ -318,14 +332,15 @@ jobs:
version: 9.15.5
run_install: ${{ matrix.run_install.value }}
- name: 'Test: pnpm works'
- name: 'Test: which'
run: which pnpm; which pnpx
- name: 'Test: version'
run: |
set -e
which pnpm
which pnpx
actual="$(pnpm --version)"
if [ "${actual}" != "9.15.5" ]; then
echo "Expected 9.15.5, got ${actual}"
echo "pnpm version: ${actual}"
if [[ ! "${actual}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-.+)?$ ]]; then
echo "ERROR: pnpm --version did not produce valid output"
exit 1
fi
shell: bash

29
README.md
View File

@@ -48,7 +48,7 @@ If `run_install` is a YAML string representation of either an object or an array
### `cache_dependency_path`
**Optional** (_type:_ `string`, _default:_ `pnpm-lock.yaml`) File path to the pnpm lockfile, whose contents hash will be used as a cache key. Accepts multiple paths delimited by newlines.
**Optional** (_type:_ `string|string[]`, _default:_ `pnpm-lock.yaml`) File path to the pnpm lockfile, which contents hash will be used as a cache key.
### `package_json_file`
@@ -158,33 +158,6 @@ jobs:
**Note:** You don't need to run `pnpm store prune` at the end; post-action has already taken care of that.
### Cache dependencies from multiple lockfiles
```yaml
on:
- push
- pull_request
jobs:
cache-and-install-multiple:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
- uses: pnpm/action-setup@v6
with:
version: 10
cache: true
cache_dependency_path: |
one/pnpm-lock.yaml
two/pnpm-lock.yaml
run_install: |
- cwd: one
- cwd: two
```
## Notes
This action does not setup Node.js for you, use [actions/setup-node](https://github.com/actions/setup-node) yourself.

2
action.yml
View File

@@ -20,7 +20,7 @@ inputs:
required: false
default: 'false'
cache_dependency_path:
description: File path to the pnpm lockfile, whose contents hash will be used as a cache key. Accepts multiple paths delimited by newlines.
description: File path to the pnpm lockfile, which contents hash will be used as a cache key
required: false
default: 'pnpm-lock.yaml'
package_json_file:

258
dist/index.js vendored
View File

File diff suppressed because one or more lines are too long

13
src/index.ts
View File

@@ -8,16 +8,16 @@ import pnpmInstall from './pnpm-install'
import pruneStore from './pnpm-store-prune'
async function main() {
const inputs = getInputs()
if (getState('is_post') === 'true') {
await runPost()
await runPost(inputs)
} else {
await runMain()
await runMain(inputs)
}
}
async function runMain() {
const inputs = getInputs()
saveState('inputs', inputs)
async function runMain(inputs: Inputs) {
saveState('is_post', 'true')
const binDest = await installPnpm(inputs)
@@ -30,8 +30,7 @@ async function runMain() {
pnpmInstall(inputs)
}
async function runPost() {
const inputs = JSON.parse(getState('inputs')) as Inputs
async function runPost(inputs: Inputs) {
pruneStore(inputs)
await saveCache(inputs)
}

81
src/install-pnpm/bootstrap/exe-lock.json
View File

@@ -5,13 +5,13 @@
"packages": {
"": {
"dependencies": {
"@pnpm/exe": "11.1.1"
"@pnpm/exe": "11.0.4"
}
},
"node_modules/@pnpm/exe": {
"version": "11.1.1",
"resolved": "https://registry.npmjs.org/@pnpm/exe/-/exe-11.1.1.tgz",
"integrity": "sha512-5mQnDW1NCBRRWA+cnGhQO+tIrfSfWm3/IyGxU88LnT+tzNW5UrwwKfjsnnYJToyAjIfdfEJtJKUxCvP+mhA+nQ==",
"version": "11.0.4",
"resolved": "https://registry.npmjs.org/@pnpm/exe/-/exe-11.0.4.tgz",
"integrity": "sha512-3OwYqbbj1KtuUqoMo5OEkY8nU/WutZ7L5ADFl0bbW9oyqU55U37aDqA3NJNSk28CyszNARfrjerAF2DW2TsV7w==",
"hasInstallScript": true,
"license": "MIT",
"dependencies": {
@@ -28,19 +28,20 @@
"url": "https://opencollective.com/pnpm"
},
"optionalDependencies": {
"@pnpm/linux-arm64": "11.1.1",
"@pnpm/linux-x64": "11.1.1",
"@pnpm/linuxstatic-arm64": "11.1.1",
"@pnpm/linuxstatic-x64": "11.1.1",
"@pnpm/macos-arm64": "11.1.1",
"@pnpm/win-arm64": "11.1.1",
"@pnpm/win-x64": "11.1.1"
"@pnpm/linux-arm64": "11.0.4",
"@pnpm/linux-x64": "11.0.4",
"@pnpm/linuxstatic-arm64": "11.0.4",
"@pnpm/linuxstatic-x64": "11.0.4",
"@pnpm/macos-arm64": "11.0.4",
"@pnpm/macos-x64": "11.0.4",
"@pnpm/win-arm64": "11.0.4",
"@pnpm/win-x64": "11.0.4"
}
},
"node_modules/@pnpm/linux-arm64": {
"version": "11.1.1",
"resolved": "https://registry.npmjs.org/@pnpm/linux-arm64/-/linux-arm64-11.1.1.tgz",
"integrity": "sha512-u9hs51XV0/gU5LLfNLoQsozGKIxNjxsh/0xPr+8Hny0M38psa4lBtwFvarL2bLToPIrtueQYi65LdlzRxITRyg==",
"version": "11.0.4",
"resolved": "https://registry.npmjs.org/@pnpm/linux-arm64/-/linux-arm64-11.0.4.tgz",
"integrity": "sha512-Bz7V2sFypoGHX/t5w/w7jnCw5DCK3C8s5q8whHJJ3iS5kRznX3Q1F4LwSjjy+lsi777fHyNIvD7qtNmdt9IKoA==",
"cpu": [
"arm64"
],
@@ -54,9 +55,9 @@
}
},
"node_modules/@pnpm/linux-x64": {
"version": "11.1.1",
"resolved": "https://registry.npmjs.org/@pnpm/linux-x64/-/linux-x64-11.1.1.tgz",
"integrity": "sha512-yQO9i57oyJmIG22BjV7sqLUT2syKQohiku8yNZRgp7M6wsVkikpVLLVSpBifQnrI/P/roueKnWSUEESH1aPaoA==",
"version": "11.0.4",
"resolved": "https://registry.npmjs.org/@pnpm/linux-x64/-/linux-x64-11.0.4.tgz",
"integrity": "sha512-u0Yn1gytR1vKdPk6fYF500H8ZWQlj0cTuIQPp+5GYVPkMmA5bSw41RNIDPBfjDlE8ERmQWaQcrgmTcmTZ+n22A==",
"cpu": [
"x64"
],
@@ -70,9 +71,9 @@
}
},
"node_modules/@pnpm/linuxstatic-arm64": {
"version": "11.1.1",
"resolved": "https://registry.npmjs.org/@pnpm/linuxstatic-arm64/-/linuxstatic-arm64-11.1.1.tgz",
"integrity": "sha512-FUZB8L9Z8L5m88G0RTx5AsHFr5yUQPW+28zQdTNUWxiLwj11FW/fOLodYdcNYHdNJFepsZyqt3aRnpiqIdZb2g==",
"version": "11.0.4",
"resolved": "https://registry.npmjs.org/@pnpm/linuxstatic-arm64/-/linuxstatic-arm64-11.0.4.tgz",
"integrity": "sha512-0aitEcfhWNXNZhfJGt/kJaRvfcdtJzXZpV+toJN94kfawSJnhuawfnUSXMi/3m0G97HkJc7BH8rOz3sojUKt0g==",
"cpu": [
"arm64"
],
@@ -89,9 +90,9 @@
}
},
"node_modules/@pnpm/linuxstatic-x64": {
"version": "11.1.1",
"resolved": "https://registry.npmjs.org/@pnpm/linuxstatic-x64/-/linuxstatic-x64-11.1.1.tgz",
"integrity": "sha512-I/z56hfa1zM5F/Unup/1NrgsA+dcptsKQ2TjJLFz3wHKDx0RLrfF7DB0Rkpnr5IoAZ33v0GFZjlGhkOtc9VFGw==",
"version": "11.0.4",
"resolved": "https://registry.npmjs.org/@pnpm/linuxstatic-x64/-/linuxstatic-x64-11.0.4.tgz",
"integrity": "sha512-xDJdeJ7D2YvDBy2/IH9lEqMKiSuZiV8190XKWOgQgxUGGeuW4z3j6Ewpl0S5bXsWuNjAgC+uCKp7Qp3P7cXAvw==",
"cpu": [
"x64"
],
@@ -108,9 +109,9 @@
}
},
"node_modules/@pnpm/macos-arm64": {
"version": "11.1.1",
"resolved": "https://registry.npmjs.org/@pnpm/macos-arm64/-/macos-arm64-11.1.1.tgz",
"integrity": "sha512-YQu6fC27F4jTIpXhF+4PdzOV7uSnVVG9KUxj5W+AFj0XFlUvBw+I1NsoPCY6uV1nccxWpIAZOTZtSj8+hWPb8w==",
"version": "11.0.4",
"resolved": "https://registry.npmjs.org/@pnpm/macos-arm64/-/macos-arm64-11.0.4.tgz",
"integrity": "sha512-dNR69jUARtGFuyyLE9VuyxhRUKC8MO/7/xIyAdeIMZAD5ej0Y/Ct0DYCa/FLbgFL1nXaXmp4+gRMfJBkkrKfQQ==",
"cpu": [
"arm64"
],
@@ -123,10 +124,26 @@
"url": "https://opencollective.com/pnpm"
}
},
"node_modules/@pnpm/macos-x64": {
"version": "11.0.4",
"resolved": "https://registry.npmjs.org/@pnpm/macos-x64/-/macos-x64-11.0.4.tgz",
"integrity": "sha512-RfyrxSBajeEU16dZsgFjbdagDV9F4HNCJfbBgm8IbGjL0+J95naM/VmCDLd6S3+1tISeI2MxtcyCxqjKJsD/BA==",
"cpu": [
"x64"
],
"license": "MIT",
"optional": true,
"os": [
"darwin"
],
"funding": {
"url": "https://opencollective.com/pnpm"
}
},
"node_modules/@pnpm/win-arm64": {
"version": "11.1.1",
"resolved": "https://registry.npmjs.org/@pnpm/win-arm64/-/win-arm64-11.1.1.tgz",
"integrity": "sha512-2HvZut3IcKPxzIfOjBJ4677PaLIh57mWccL86O+q71QhO5emnQvht0CE19IoEyUIOEe1WjlN+Su/dD5k6CuGyg==",
"version": "11.0.4",
"resolved": "https://registry.npmjs.org/@pnpm/win-arm64/-/win-arm64-11.0.4.tgz",
"integrity": "sha512-fOQEv8b9KxZlUAxPPXSQQUUIrt2nY24Qwd4RzCPpatacBnsE4JIadlr/B4V5z2zFxmV7FdHr7nYUhv2RqTlY/w==",
"cpu": [
"arm64"
],
@@ -140,9 +157,9 @@
}
},
"node_modules/@pnpm/win-x64": {
"version": "11.1.1",
"resolved": "https://registry.npmjs.org/@pnpm/win-x64/-/win-x64-11.1.1.tgz",
"integrity": "sha512-QXBIBErgPhGLovOVzTRIpHsejFKebyqlcF3fea/TfH87gkhN5yWH0WuTPRBoOWvpk6aNhjDW4RPUMx8RaPqxjw==",
"version": "11.0.4",
"resolved": "https://registry.npmjs.org/@pnpm/win-x64/-/win-x64-11.0.4.tgz",
"integrity": "sha512-pErHAV8m3NZuPSeCmH3senTSHX0nwkH5lLzQSpiFuyt08hq8sqL3jDymT4ri9N7ixPN9RFZghZIiT3h+Croaew==",
"cpu": [
"x64"
],

8
src/install-pnpm/bootstrap/pnpm-lock.json
View File

@@ -5,13 +5,13 @@
"packages": {
"": {
"dependencies": {
"pnpm": "11.1.1"
"pnpm": "11.0.4"
}
},
"node_modules/pnpm": {
"version": "11.1.1",
"resolved": "https://registry.npmjs.org/pnpm/-/pnpm-11.1.1.tgz",
"integrity": "sha512-0f319zxhe2T6GlaoHDyN/g6WbjOmAQqiVrUXrne+Idk+Ba/8DeGoOw5PKdVp9otEaujwaM1yR8C7PfD7TXvfmg==",
"version": "11.0.4",
"resolved": "https://registry.npmjs.org/pnpm/-/pnpm-11.0.4.tgz",
"integrity": "sha512-CjlxZQB6AU7VKRmmHl9GxIubyohATDA+yuzGP2Le9WOJjTxril1epYEes5jP4DqwXaGlzpY/Em1erUwC+TuDww==",
"license": "MIT",
"bin": {
"pn": "bin/pnpm.mjs",

69
src/install-pnpm/run.ts
View File

@@ -84,31 +84,32 @@ export async function runSelfInstaller(inputs: Inputs): Promise<SelfInstallerRes
? path.join(dest, 'node_modules', '@pnpm', 'exe', process.platform === 'win32' ? 'pnpm.exe' : 'pnpm')
: path.join(dest, 'node_modules', 'pnpm', 'bin', 'pnpm.mjs')
// Self-update the bootstrap to the requested pnpm version. readTargetVersion
// either returns a value or throws, so this always runs.
// Determine the target version
const targetVersion = readTargetVersion({ version, packageJsonFile })
const cmd = standalone ? bootstrapPnpm : process.execPath
const args = standalone ? ['self-update', targetVersion] : [bootstrapPnpm, 'self-update', targetVersion]
const exitCode = await runCommand(cmd, args, { cwd: dest })
if (exitCode !== 0) {
return { exitCode, binDest: pnpmHome }
if (targetVersion) {
const cmd = standalone ? bootstrapPnpm : process.execPath
const args = standalone ? ['self-update', targetVersion] : [bootstrapPnpm, 'self-update', targetVersion]
const exitCode = await runCommand(cmd, args, { cwd: dest })
if (exitCode !== 0) {
return { exitCode, binDest: pnpmHome }
}
// self-update writes the target pnpm/pnpx into PNPM_HOME/bin, leaving
// the bootstrap symlinks in pnpmHome pointing at the old version. Use
// PNPM_HOME/bin so consumers of the bin_dest output (e.g.
// `${steps.pnpm.outputs.bin_dest}/pnpm`) invoke the requested version.
return { exitCode: 0, binDest: path.join(pnpmHome, 'bin') }
}
// self-update writes the target pnpm/pnpx into PNPM_HOME/bin, leaving
// the bootstrap symlinks in pnpmHome pointing at the old version. Use
// PNPM_HOME/bin so consumers of the bin_dest output (e.g.
// `${steps.pnpm.outputs.bin_dest}/pnpm`) invoke the requested version.
//
// When the requested version resolves to the bootstrap version, self-update
// is a no-op and PNPM_HOME/bin is not created — fall back to pnpmHome,
// whose symlinks already point at the right version.
const updatedBinDir = path.join(pnpmHome, 'bin')
return { exitCode: 0, binDest: existsSync(updatedBinDir) ? updatedBinDir : pnpmHome }
// No explicit target version: rely on the bootstrap pnpm to switch to
// the version declared in packageManager/devEngines at runtime.
return { exitCode: 0, binDest: pnpmHome }
}
function readTargetVersion(opts: {
readonly version?: string | undefined
readonly packageJsonFile: string
}): string {
}): string | undefined {
const { version, packageJsonFile } = opts
const { GITHUB_WORKSPACE } = process.env
@@ -129,15 +130,12 @@ function readTargetVersion(opts: {
}
}
// packageManager is always exact `pnpm@<version>[+<integrity>]` per spec.
// Strip the integrity hash for self-update.
const packageManagerVersion =
typeof packageManager === 'string' && packageManager.startsWith('pnpm@')
? packageManager.slice('pnpm@'.length).split('+')[0]
: undefined
if (version) {
if (packageManagerVersion && packageManagerVersion !== version) {
if (
typeof packageManager === 'string' &&
packageManager.startsWith('pnpm@') &&
packageManager.replace('pnpm@', '') !== version
) {
throw new Error(`Multiple versions of pnpm specified:
- version ${version} in the GitHub Action config with the key "version"
- version ${packageManager} in the package.json with the key "packageManager"
@@ -147,22 +145,13 @@ Remove one of these versions to avoid version mismatch errors like ERR_PNPM_BAD_
return version
}
// Self-update the bootstrap pnpm to the version pinned in package.json so
// PATH-resolved `pnpm` (and the bin_dest output) reflect the target
// version. Without this, `pnpm store path` runs as the bootstrap and
// reports a different STORE_VERSION than the one the user's actual
// install writes to — breaking cache: true and actions/setup-node's
// `cache: pnpm` on cold caches (issue #233).
//
// devEngines.packageManager takes priority over packageManager, matching
// pnpm's getWantedPackageManager logic. `pnpm self-update` accepts both
// exact versions and semver ranges, so we pass either through directly.
if (devEngines?.packageManager?.name === 'pnpm' && devEngines.packageManager.version) {
return devEngines.packageManager.version
// pnpm will automatically download and switch to the right version
if (typeof packageManager === 'string' && packageManager.startsWith('pnpm@')) {
return undefined
}
if (packageManagerVersion) {
return packageManagerVersion
if (devEngines?.packageManager?.name === 'pnpm' && devEngines.packageManager.version) {
return undefined
}
if (!GITHUB_WORKSPACE) {

10
src/pnpm-install/index.ts
View File

@@ -1,8 +1,11 @@
import { setFailed, startGroup, endGroup } from '@actions/core'
import { spawnSync } from 'child_process'
import { Inputs } from '../inputs'
import { patchPnpmEnv } from '../utils'
export function runPnpmInstall(inputs: Inputs) {
const env = patchPnpmEnv(inputs)
for (const options of inputs.runInstall) {
const args = ['install']
if (options.recursive) args.unshift('recursive')
@@ -11,16 +14,11 @@ export function runPnpmInstall(inputs: Inputs) {
const cmdStr = ['pnpm', ...args].join(' ')
startGroup(`Running ${cmdStr}...`)
// spawnSync inherits process.env, which already has $PNPM_HOME/bin and
// $PNPM_HOME prepended via addPath() in install-pnpm. Do NOT pass a
// hand-patched env that adds node_modules/.bin to the front — on
// Windows standalone, .bin/pnpm.cmd is an npm shim pointing at the
// BOOTSTRAP pnpm, which would shadow the self-updated one and break
// newer-pnpm-only behavior.
const { error, status } = spawnSync('pnpm', args, {
stdio: 'inherit',
cwd: options.cwd,
shell: true,
env,
})
endGroup()

4
src/pnpm-store-prune/index.ts
View File

@@ -1,6 +1,7 @@
import { warning, startGroup, endGroup } from '@actions/core'
import { spawnSync } from 'child_process'
import { Inputs } from '../inputs'
import { patchPnpmEnv } from '../utils'
export function pruneStore(inputs: Inputs) {
if (inputs.runInstall.length === 0) {
@@ -9,11 +10,10 @@ export function pruneStore(inputs: Inputs) {
}
startGroup('Running pnpm store prune...')
// spawnSync inherits process.env (which has the right PATH from addPath
// in install-pnpm). See pnpm-install/index.ts for the rationale.
const { error, status } = spawnSync('pnpm', ['store', 'prune'], {
stdio: 'inherit',
shell: true,
env: patchPnpmEnv(inputs),
})
endGroup()

10
src/utils/index.ts Normal file
View File

@@ -0,0 +1,10 @@
import path from 'path'
import process from 'process'
import { Inputs } from '../inputs'
export const getBinDest = (inputs: Inputs): string => path.join(inputs.dest, 'node_modules', '.bin')
export const patchPnpmEnv = (inputs: Inputs): NodeJS.ProcessEnv => ({
...process.env,
PATH: path.join(getBinDest(inputs), 'bin') + path.delimiter + getBinDest(inputs) + path.delimiter + process.env.PATH,
})