* default to auto-caching only for npm package manager and documentation update
* refactor: enhance package manager detection for auto-caching
* add devEngines.packageManager detection logic for npm auto-caching
* chore: bump version to 6.0.0 and update documentation
* docs: update README and action.yml for npm caching logic clarification
* chore: update Node.js version in workflows
* chore: update Node.js versions in versions.yml
* chore: update rc Node.js version in versions.yml
* chore: switch macos-13 runner to macos-latest-large in workflow
* docs: update README and advanced usage documentation
@ -12,6 +12,10 @@ This action provides the following functionality for GitHub Actions users:
- Registering problem matchers for error output
- Registering problem matchers for error output
- Configuring authentication for GPR or npm
- Configuring authentication for GPR or npm
## Breaking changes in V6
- Caching is now automatically enabled for npm projects when either the `devEngines.packageManager` field or the top-level `packageManager` field in `package.json` is set to `npm`. For other package managers, such as Yarn and pnpm, caching is disabled by default and must be configured manually using the `cache` input.
## Breaking changes in V5
## Breaking changes in V5
- Enabled caching by default with package manager detection if no cache input is provided.
- Enabled caching by default with package manager detection if no cache input is provided.
@ -28,7 +32,7 @@ See [action.yml](action.yml)
<!-- start usage -->
<!-- start usage -->
```yaml
```yaml
- uses: actions/setup-node@v5
- uses: actions/setup-node@v6
with:
with:
# Version Spec of the version to use in SemVer notation.
# Version Spec of the version to use in SemVer notation.
# It also admits such aliases as lts/*, latest, nightly and canary builds
# It also admits such aliases as lts/*, latest, nightly and canary builds
@ -67,7 +71,8 @@ See [action.yml](action.yml)
# Default: ''
# Default: ''
cache: ''
cache: ''
# Used to disable automatic caching based on the package manager field in package.json. By default, caching is enabled if the package manager field is present and no cache input is provided'
# Controls automatic caching for npm. By default, caching for npm is enabled if either the devEngines.packageManager field or the top-level packageManager field in package.json specifies npm and no explicit cache input is provided.
# To disable automatic caching for npm, set package-manager-cache to false.
# default: true
# default: true
package-manager-cache: true
package-manager-cache: true
@ -113,9 +118,9 @@ See [action.yml](action.yml)
```yaml
```yaml
steps:
steps:
- uses: actions/checkout@v5
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
- uses: actions/setup-node@v6
with:
with:
node-version: 18
node-version: 24
- run: npm ci
- run: npm ci
- run: npm test
- run: npm test
```
```
@ -132,9 +137,9 @@ The `node-version` input supports the Semantic Versioning Specification, for mor
Examples:
Examples:
- Major versions: `18`, `20`
- Major versions: `22`, `24`
- More specific versions: `10.15`, `16.15.1` , `18.4.0`
- More specific versions: `20.19`, `22.17.1` , `24.8.0`
- Latest release: `*` or `latest`/`current`/`node`
- Latest release: `*` or `latest`/`current`/`node`
**Note:** Like the other values, `*` will get the latest [locally-cached Node.js version](https://github.com/actions/runner-images/blob/main/images/ubuntu/Ubuntu2204-Readme.md#nodejs), or the latest version from [actions/node-versions](https://github.com/actions/node-versions/blob/main/versions-manifest.json), depending on the [`check-latest`](docs/advanced-usage.md#check-latest-version) input.
**Note:** Like the other values, `*` will get the latest [locally-cached Node.js version](https://github.com/actions/runner-images/blob/main/images/ubuntu/Ubuntu2204-Readme.md#nodejs), or the latest version from [actions/node-versions](https://github.com/actions/node-versions/blob/main/versions-manifest.json), depending on the [`check-latest`](docs/advanced-usage.md#check-latest-version) input.
@ -151,18 +156,6 @@ It's **always** recommended to commit the lockfile of your package manager for s
The action has a built-in functionality for caching and restoring dependencies. It uses [actions/cache](https://github.com/actions/cache) under the hood for caching global packages data but requires less configuration settings. Supported package managers are `npm`, `yarn`, `pnpm` (v6.10+). The `cache` input is optional.
The action has a built-in functionality for caching and restoring dependencies. It uses [actions/cache](https://github.com/actions/cache) under the hood for caching global packages data but requires less configuration settings. Supported package managers are `npm`, `yarn`, `pnpm` (v6.10+). The `cache` input is optional.
Caching is turned on by default when a `packageManager` field is detected in the `package.json` file and no `cache` input is provided. The `package-manager-cache` input provides control over this automatic caching behavior. By default, `package-manager-cache` is set to `true`, which enables caching when a valid package manager field is detected in the `package.json` file. To disable this automatic caching, set the `package-manager-cache` input to `false`.
```yaml
steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
with:
package-manager-cache: false
- run: npm ci
```
> If no valid `packageManager` field is detected in the `package.json` file, caching will remain disabled unless explicitly configured. For workflows with elevated privileges or access to sensitive information, we recommend disabling automatic caching by setting `package-manager-cache: false` when caching is not needed for secure operation.
The action defaults to search for the dependency file (`package-lock.json`, `npm-shrinkwrap.json` or `yarn.lock`) in the repository root, and uses its hash as a part of the cache key. Use `cache-dependency-path` for cases when multiple dependency files are used, or they are located in different subdirectories.
The action defaults to search for the dependency file (`package-lock.json`, `npm-shrinkwrap.json` or `yarn.lock`) in the repository root, and uses its hash as a part of the cache key. Use `cache-dependency-path` for cases when multiple dependency files are used, or they are located in different subdirectories.
**Note:** The action does not cache `node_modules`
**Note:** The action does not cache `node_modules`
@ -174,9 +167,9 @@ See the examples of using cache for `yarn`/`pnpm` and `cache-dependency-path` in
```yaml
```yaml
steps:
steps:
- uses: actions/checkout@v5
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
- uses: actions/setup-node@v6
with:
with:
node-version: 20
node-version: 24
cache: 'npm'
cache: 'npm'
- run: npm ci
- run: npm ci
- run: npm test
- run: npm test
@ -187,15 +180,29 @@ steps:
```yaml
```yaml
steps:
steps:
- uses: actions/checkout@v5
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
- uses: actions/setup-node@v6
with:
with:
node-version: 20
node-version: 24
cache: 'npm'
cache: 'npm'
cache-dependency-path: subdir/package-lock.json
cache-dependency-path: subdir/package-lock.json
- run: npm ci
- run: npm ci
- run: npm test
- run: npm test
```
```
Caching for npm dependencies is automatically enabled when your `package.json` contains either `devEngines.packageManager` field or top-level `packageManager` field set to `npm`, and no explicit cache input is provided.
This behavior is controlled by the `package-manager-cache` input, which defaults to `true`. To turn off automatic caching, set `package-manager-cache` to `false`.
```yaml
steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v6
with:
package-manager-cache: false
- run: npm ci
```
> If your `package.json` file does not include a `packageManager` field set to `npm`, caching will be disabled unless you explicitly enable it. For workflows with elevated privileges or access to sensitive information, we recommend disabling automatic caching for npm by setting `package-manager-cache: false` when caching is not required for secure operation.
## Matrix Testing
## Matrix Testing
```yaml
```yaml
@ -204,12 +211,12 @@ jobs:
runs-on: ubuntu-latest
runs-on: ubuntu-latest
strategy:
strategy:
matrix:
matrix:
node: [ 14, 16, 18 ]
node: [ 20, 22, 24 ]
name: Node ${{ matrix.node }} sample
name: Node ${{ matrix.node }} sample
steps:
steps:
- uses: actions/checkout@v5
- uses: actions/checkout@v5
- name: Setup node
- name: Setup node
uses: actions/setup-node@v5
uses: actions/setup-node@v6
with:
with:
node-version: ${{ matrix.node }}
node-version: ${{ matrix.node }}
- run: npm ci
- run: npm ci
@ -223,10 +230,10 @@ jobs:
To get a higher rate limit, you can [generate a personal access token on github.com](https://github.com/settings/tokens/new) and pass it as the `token` input for the action:
To get a higher rate limit, you can [generate a personal access token on github.com](https://github.com/settings/tokens/new) and pass it as the `token` input for the action:
```yaml
```yaml
uses: actions/setup-node@v5
uses: actions/setup-node@v6
with:
with:
token: ${{ secrets.GH_DOTCOM_TOKEN }}
token: ${{ secrets.GH_DOTCOM_TOKEN }}
node-version: 20
node-version: 24
```
```
If the runner is not able to access github.com, any Nodejs versions requested during a workflow run must come from the runner's tool cache. See "[Setting up the tool cache on self-hosted runners without internet access](https://docs.github.com/en/enterprise-server@3.2/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access)" for more information.
If the runner is not able to access github.com, any Nodejs versions requested during a workflow run must come from the runner's tool cache. See "[Setting up the tool cache on self-hosted runners without internet access](https://docs.github.com/en/enterprise-server@3.2/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access)" for more information.
description: 'Used to specify a package manager for caching in the default directory. Supported values:npm, yarn, pnpm.'
description: 'Used to specify a package manager for caching in the default directory. Supported values:npm, yarn, pnpm.'
package-manager-cache:
package-manager-cache:
description:'Set to false to disable automatic caching based on the package manager field in package.json. By default, caching is enabled if the package manager field is present.'
description:'Set to false to disable automatic caching. By default, caching is enabled when either devEngines.packageManager or the top-level packageManager field in package.json specifies npm as the package manager.'
default:true
default:true
cache-dependency-path:
cache-dependency-path:
description: 'Used to specify the path to a dependency file:package-lock.json, yarn.lock, etc. Supports wildcards or a list of file names for caching multiple dependencies.'
description: 'Used to specify the path to a dependency file:package-lock.json, yarn.lock, etc. Supports wildcards or a list of file names for caching multiple dependencies.'
node-version: '16-nightly' # it will install the latest nightly release for node 16
node-version: '24-nightly' # it will install the latest nightly release for node 24
- run: npm ci
- run: npm ci
- run: npm test
- run: npm test
```
```
@ -186,9 +186,9 @@ jobs:
name: Node sample
name: Node sample
steps:
steps:
- uses: actions/checkout@v5
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
- uses: actions/setup-node@v6
with:
with:
node-version: '16.0.0-nightly' # it will install the latest nightly release for node 16.0.0
node-version: '24.0.0-nightly' # it will install the latest nightly release for node 24.0.0
- run: npm ci
- run: npm ci
- run: npm test
- run: npm test
```
```
@ -202,9 +202,9 @@ jobs:
name: Node sample
name: Node sample
steps:
steps:
- uses: actions/checkout@v5
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
- uses: actions/setup-node@v6
with:
with:
node-version: '16.0.0-nightly20210420a0261d231c'
node-version: '24.0.0-nightly202505066102159fa1'
- run: npm ci
- run: npm ci
- run: npm test
- run: npm test
```
```
@ -220,26 +220,27 @@ jobs:
name: Node sample
name: Node sample
steps:
steps:
- uses: actions/checkout@v5
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
- uses: actions/setup-node@v6
with:
with:
node-version: '16.0.0-rc.1'
node-version: '24.0.0-rc.4'
- run: npm ci
- run: npm ci
- run: npm test
- run: npm test
```
```
**Note:** Unlike nightly versions, which support version range specifiers, you must specify the exact version for a release candidate: `16.0.0-rc.1`.
**Note:** Unlike nightly versions, which support version range specifiers, you must specify the exact version for a release candidate: `24.0.0-rc.4`.
## Caching packages data
## Caching packages data
The action follows [actions/cache](https://github.com/actions/cache/blob/main/examples.md#node---npm) guidelines, and caches global cache on the machine instead of `node_modules`, so cache can be reused between different Node.js versions.
The action follows [actions/cache](https://github.com/actions/cache/blob/main/examples.md#node---npm) guidelines, and caches global cache on the machine instead of `node_modules`, so cache can be reused between different Node.js versions.
**Caching yarn dependencies:**
**Caching yarn dependencies:**
Yarn caching handles both yarn versions: 1 or 2.
Yarn caching handles both Yarn Classic (v1) and Yarn Berry (v2, v3, v4+).
Priya Gupta
4 months ago
committed by
GitHub