actions/setup-pnpm
2
0
Fork 0
mirror of https://github.com/pnpm/action-setup.git synced 2026-03-16 23:36:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: use --no-lockfile for target install

Browse Source 
--lockfile-dir pointing to GITHUB_WORKSPACE causes the bootstrap pnpm
to use the project's pnpm-lock.yaml (which tracks project deps, not
pnpm itself), corrupting the install. Revert to --no-lockfile for now.
Lockfile-based integrity verification can be added when pnpm v11 has
proper support for verifying the pnpm package itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Zoltan Kochan
2026-03-16 02:06:14 +01:00
parent af96d9fd0e
commit 9fbc6cd1d1
2 changed files with 2 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dist/index.js vendored
View File

File diff suppressed because one or more lines are too long

7
src/install-pnpm/run.ts
View File

@@ -47,12 +47,7 @@ export async function runSelfInstaller(inputs: Inputs): Promise<number> {
// prepare target pnpm // prepare target pnpm
const target = await readTarget({ version, packageJsonFile, standalone }) const target = await readTarget({ version, packageJsonFile, standalone })
const installArgs = ['install', target] const installArgs = ['install', target, '--no-lockfile']
if (GITHUB_WORKSPACE) {
installArgs.push('--lockfile-dir', GITHUB_WORKSPACE)
} else {
installArgs.push('--no-lockfile')
}
const exitCode = await runCommand(bootstrapPnpm, installArgs, { cwd: dest }) const exitCode = await runCommand(bootstrapPnpm, installArgs, { cwd: dest })
if (exitCode === 0) { if (exitCode === 0) {
const pnpmHome = path.join(dest, 'node_modules/.bin') const pnpmHome = path.join(dest, 'node_modules/.bin')