From 551b54f1839da682bc5ff080af967a9d586c3f1a Mon Sep 17 00:00:00 2001 From: Damien Retzinger Date: Tue, 12 May 2026 15:17:53 -0400 Subject: [PATCH 1/3] fix(setup-node): calculate npm verion in cache-key --- setup-node/action.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/setup-node/action.yml b/setup-node/action.yml index 01f5041..ac71641 100644 --- a/setup-node/action.yml +++ b/setup-node/action.yml @@ -29,13 +29,14 @@ runs: - run: | npx npm -g i npm@${{ inputs.npm-version }} - echo "npm_version=$(npm -v)" >> ${GITHUB_OUTPUT} - working-directory: ${{ inputs.working-directory }} shell: bash - name: Upgrade npm - id: npm-upgrade if: inputs.npm-version != '' + - run: echo "npm_version=$(npm -v)" >> ${GITHUB_OUTPUT} + shell: bash + name: Upgrade npm + id: get-npm-version + - name: Get npm cache directory id: npm-cache-dir shell: bash @@ -54,7 +55,7 @@ runs: shell: bash env: NODE_VERSION: ${{ inputs.node-version }} - NPM_VERSION: ${{ steps.npm-upgrade.outputs.npm_version }} + NPM_VERSION: ${{ steps.get-npm-version.outputs.npm_version }} PACKAGE_HASH: ${{ hashFiles('**/package-lock.json') }} OS: ${{ runner.os }} STAMP: ${{ inputs.use-stamp-cache }} From c45d57f072a4f03dd09b778972c309d438a27af3 Mon Sep 17 00:00:00 2001 From: Damien Retzinger Date: Tue, 12 May 2026 15:18:24 -0400 Subject: [PATCH 2/3] feat(setup-node): prevent cache save on pull_request_target --- setup-node/action.yml | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/setup-node/action.yml b/setup-node/action.yml index ac71641..45fbbc1 100644 --- a/setup-node/action.yml +++ b/setup-node/action.yml @@ -69,8 +69,18 @@ runs: echo "restore=npm-$OS-$NODE_VERSION-$NPM_VERSION-" >> ${GITHUB_OUTPUT} fi - - uses: actions/cache@v3 + - uses: actions/cache@v5 id: npm-cache + if: github.event_name != 'pull_request_target' + with: + path: ${{ steps.npm-cache-dir.outputs.dir }} + key: ${{ steps.npm-cache-keys.outputs.key }} + restore-keys: | + ${{ steps.npm-cache-keys.outputs.restore }} + + - uses: actions/cache/restore@v5 + id: npm-cache-restore + if: github.event_name == 'pull_request_target' with: path: ${{ steps.npm-cache-dir.outputs.dir }} key: ${{ steps.npm-cache-keys.outputs.key }} @@ -81,7 +91,9 @@ runs: working-directory: ${{ inputs.working-directory }} shell: bash name: Install Dependencies - if: inputs.use-stamp-cache && steps.npm-cache.outputs.cache-hit != 'true' + if: | + (inputs.use-stamp-cache) && + !(steps.npm-cache.outputs.cache-hit == 'true' || steps.npm-cache-restore.outputs.cache-hit == 'true') - run: | rm -rf node_modules/.ng-packagr-ngcc @@ -90,5 +102,7 @@ runs: working-directory: ${{ inputs.working-directory }} shell: bash name: Clear nx and angular junk - if: inputs.use-stamp-cache && steps.npm-cache.outputs.cache-hit == 'true' + if: | + (inputs.use-stamp-cache) && + (steps.npm-cache.outputs.cache-hit == 'true' || steps.npm-cache-restore.outputs.cache-hit == 'true') From e5c92ec6d5614d2a904c25f1b3700247055bb881 Mon Sep 17 00:00:00 2001 From: Damien Retzinger Date: Tue, 12 May 2026 15:19:00 -0400 Subject: [PATCH 3/3] ci: add test coverage for setup-node --- .github/workflows/_internal-setup-node.yml | 121 +++++++++++++++++++++ 1 file changed, 121 insertions(+) create mode 100644 .github/workflows/_internal-setup-node.yml diff --git a/.github/workflows/_internal-setup-node.yml b/.github/workflows/_internal-setup-node.yml new file mode 100644 index 0000000..05c0893 --- /dev/null +++ b/.github/workflows/_internal-setup-node.yml @@ -0,0 +1,121 @@ +name: setup-node Test + +on: + pull_request: + branches: + - main + paths: + - 'setup-node/**' + - '.github/workflows/_internal-setup-node.yml' + +jobs: + minimal: + name: Minimal (node-version only) + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + with: + fetch-depth: 1 + + - uses: ./setup-node + with: + node-version: '24' + + - name: Assert node + npm available + shell: bash + run: | + node -v + npm -v + + node-version-matrix: + name: node-version=${{ matrix.node }} + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + node: ['22', '24'] + steps: + - uses: actions/checkout@v6 + with: + fetch-depth: 1 + + - uses: ./setup-node + with: + node-version: ${{ matrix.node }} + + - name: Assert major matches + shell: bash + env: + EXPECTED: ${{ matrix.node }} + run: | + ACTUAL=$(node -v | sed 's/^v\([0-9]*\).*/\1/') + test "$ACTUAL" = "$EXPECTED" + + npm-version: + name: npm-version pinned + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + with: + fetch-depth: 1 + + - uses: ./setup-node + with: + node-version: '22' + npm-version: '11.5.0' + + - name: Assert npm version matches + shell: bash + run: | + test "$(npm -v)" = "11.5.0" + + stamp-cache: + name: use-stamp-cache=true + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + with: + fetch-depth: 1 + + - uses: ./setup-node + with: + node-version: '24' + use-stamp-cache: 'true' + + - name: Assert node_modules populated + shell: bash + run: | + test -d node_modules + test -d node_modules/typescript + + working-directory: + name: working-directory=subdir + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + with: + fetch-depth: 1 + + - name: Seed isolated project + shell: bash + run: | + mkdir -p subproject + cat > subproject/package.json <<'JSON' + { + "name": "subproject", + "version": "1.0.0", + "dependencies": { "is-odd": "3.0.1" } + } + JSON + (cd subproject && npm install --package-lock-only --no-audit) + + - uses: ./setup-node + with: + node-version: '24' + working-directory: subproject + + - name: Assert install ran in subdir + shell: bash + run: | + test -d subproject/node_modules/is-odd + test ! -d node_modules/is-odd || (echo "install leaked to root" && exit 1)