actions/setup-node
1
0
Fork 0
mirror of https://github.com/actions/setup-node.git synced 2025-07-26 08:28:23 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge c2dd1f600a into 9fc76ff685

Browse source
This commit is contained in:
Nick Schonning 2022-08-30 10:25:53 +02:00 committed by GitHub
commit b29a0dc58a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
28 changed files with 1503 additions and 1457 deletions
Download patch file Download diff file Expand all files Collapse all files

222
docs/advanced-usage.md
View file

@ -14,6 +14,7 @@ In order to get the most out of using your lockfile on continuous integration fo
Ensure that `package-lock.json` is always committed, use `npm ci` instead of `npm install` when installing packages.
**See also:**
- [Documentation of `package-lock.json`](https://docs.npmjs.com/cli/v8/configuring-npm/package-lock-json)
- [Documentation of `npm ci`](https://docs.npmjs.com/cli/v8/commands/npm-ci)
@ -22,6 +23,7 @@ Ensure that `package-lock.json` is always committed, use `npm ci` instead of `np
To ensure that `yarn.lock` is always committed, use `yarn install --immutable` when installing packages.
**See also:**
- [Documentation of `yarn.lock`](https://classic.yarnpkg.com/en/docs/yarn-lock)
- [Documentation of `--frozen-lockfile` option](https://classic.yarnpkg.com/en/docs/cli/install#toc-yarn-install-frozen-lockfile)
- [QA - Should lockfiles be committed to the repoistory?](https://yarnpkg.com/getting-started/qa/#should-lockfiles-be-committed-to-the-repository)
@ -32,6 +34,7 @@ To ensure that `yarn.lock` is always committed, use `yarn install --immutable` w
Ensure that `pnpm-lock.yaml` is always committed, when on CI pass `--frozen-lockfile` to `pnpm install` when installing packages.
**See also:**
- [Working with Git - Lockfiles](https://pnpm.io/git#lockfiles)
- [Documentation of `--frozen-lockfile` option](https://pnpm.io/cli/install#--frozen-lockfile)
@ -45,29 +48,30 @@ If `check-latest` is set to `true`, the action first checks if the cached versio
```yaml
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '14'
check-latest: true
- run: npm ci
- run: npm test
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '14'
check-latest: true
- run: npm ci
- run: npm test
```
## Node version file
The `node-version-file` input accepts a path to a file containing the version of Node.js to be used by a project, for example `.nvmrc`, `.node-version` or `.tool-versions`. If both the `node-version` and the `node-version-file` inputs are provided then the `node-version` input is used.
See [supported version syntax](https://github.com/actions/setup-node#supported-version-syntax)
> The action will search for the node version file relative to the repository root.
```yaml
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
- run: npm ci
- run: npm test
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
- run: npm ci
- run: npm test
```
## Architecture
@ -75,6 +79,7 @@ steps:
You can use any of the [supported operating systems](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners), and the compatible `architecture` can be selected using `architecture`. Values are `x86`, `x64`, `arm64`, `armv6l`, `armv7l`, `ppc64le`, `s390x` (not all of the architectures are available on all platforms).
When using `architecture`, `node-version` must be provided as well.
```yaml
jobs:
build:
@ -91,22 +96,25 @@ jobs:
```
## Caching packages data
The action follows [actions/cache](https://github.com/actions/cache/blob/main/examples.md#node---npm) guidelines, and caches global cache on the machine instead of `node_modules`, so cache can be reused between different Node.js versions.
**Caching yarn dependencies:**
Yarn caching handles both yarn versions: 1 or 2.
```yaml
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '14'
cache: 'yarn'
- run: yarn install --frozen-lockfile # optional, --immutable
- run: yarn test
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '14'
cache: 'yarn'
- run: yarn install --frozen-lockfile # optional, --immutable
- run: yarn test
```
**Caching pnpm (v6.10+) dependencies:**
```yaml
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
@ -116,44 +124,46 @@ steps:
# NOTE: pnpm caching support requires pnpm version >= 6.10.0
steps:
- uses: actions/checkout@v3
- uses: pnpm/action-setup@v2
with:
version: 6.32.9
- uses: actions/setup-node@v3
with:
node-version: '14'
cache: 'pnpm'
- run: pnpm install --frozen-lockfile
- run: pnpm test
- uses: actions/checkout@v3
- uses: pnpm/action-setup@v2
with:
version: 6.32.9
- uses: actions/setup-node@v3
with:
node-version: '14'
cache: 'pnpm'
- run: pnpm install --frozen-lockfile
- run: pnpm test
```
**Using wildcard patterns to cache dependencies**
```yaml
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '14'
cache: 'npm'
cache-dependency-path: '**/package-lock.json'
- run: npm ci
- run: npm test
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '14'
cache: 'npm'
cache-dependency-path: '**/package-lock.json'
- run: npm ci
- run: npm test
```
**Using a list of file paths to cache dependencies**
```yaml
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '14'
cache: 'npm'
cache-dependency-path: |
server/app/package-lock.json
frontend/app/package-lock.json
- run: npm ci
- run: npm test
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '14'
cache: 'npm'
cache-dependency-path: |
server/app/package-lock.json
frontend/app/package-lock.json
- run: npm ci
- run: npm test
```
## Multiple Operating Systems and Architectures
@ -192,80 +202,86 @@ jobs:
```
## Publish to npmjs and GPR with npm
```yaml
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '14.x'
registry-url: 'https://registry.npmjs.org'
- run: npm ci
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- uses: actions/setup-node@v3
with:
registry-url: 'https://npm.pkg.github.com'
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '14.x'
registry-url: 'https://registry.npmjs.org'
- run: npm ci
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- uses: actions/setup-node@v3
with:
registry-url: 'https://npm.pkg.github.com'
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
```
## Publish to npmjs and GPR with yarn
```yaml
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '14.x'
registry-url: <registry url>
- run: yarn install --frozen-lockfile
- run: yarn publish
env:
NODE_AUTH_TOKEN: ${{ secrets.YARN_TOKEN }}
- uses: actions/setup-node@v3
with:
registry-url: 'https://npm.pkg.github.com'
- run: yarn publish
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '14.x'
registry-url: <registry url>
- run: yarn install --frozen-lockfile
- run: yarn publish
env:
NODE_AUTH_TOKEN: ${{ secrets.YARN_TOKEN }}
- uses: actions/setup-node@v3
with:
registry-url: 'https://npm.pkg.github.com'
- run: yarn publish
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
```
## Use private packages
```yaml
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '14.x'
registry-url: 'https://registry.npmjs.org'
# Skip post-install scripts here, as a malicious
# script could steal NODE_AUTH_TOKEN.
- run: npm ci --ignore-scripts
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
# `npm rebuild` will run all those post-install scripts for us.
- run: npm rebuild && npm run prepare --if-present
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '14.x'
registry-url: 'https://registry.npmjs.org'
# Skip post-install scripts here, as a malicious
# script could steal NODE_AUTH_TOKEN.
- run: npm ci --ignore-scripts
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
# `npm rebuild` will run all those post-install scripts for us.
- run: npm rebuild && npm run prepare --if-present
```
### Yarn2 configuration
Yarn2 ignores both .npmrc and .yarnrc files created by the action, so before installing dependencies from the private repo it is necessary either to create or to modify existing yarnrc.yml file with `yarn config set` commands.
Below you can find a sample "Setup .yarnrc.yml" step, that is going to allow you to configure a private GitHub registry for 'my-org' organisation.
```yaml
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '14.x'
- name: Setup .yarnrc.yml
run: |
yarn config set npmScopes.my-org.npmRegistryServer "https://npm.pkg.github.com"
yarn config set npmScopes.my-org.npmAlwaysAuth true
yarn config set npmScopes.my-org.npmAuthToken $NPM_AUTH_TOKEN
env:
NPM_AUTH_TOKEN: ${{ secrets.YARN_TOKEN }}
- name: Install dependencies
run: yarn install --immutable
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '14.x'
- name: Setup .yarnrc.yml
run: |
yarn config set npmScopes.my-org.npmRegistryServer "https://npm.pkg.github.com"
yarn config set npmScopes.my-org.npmAlwaysAuth true
yarn config set npmScopes.my-org.npmAuthToken $NPM_AUTH_TOKEN
env:
NPM_AUTH_TOKEN: ${{ secrets.YARN_TOKEN }}
- name: Install dependencies
run: yarn install --immutable
```
NOTE: As per https://github.com/actions/setup-node/issues/49 you cannot use `secrets.GITHUB_TOKEN` to access private GitHub Packages within the same organisation but in a different repository.