-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Limit automatic caching to npm, update workflows and documentation #1374
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Limit automatic caching to npm, update workflows and documentation #1374
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
This PR updates the caching behavior to enable automatic caching only for npm by default, while removing auto-caching support for pnpm and yarn to avoid compatibility issues. The changes also update documentation examples to use Node.js version 24.
- Restricts automatic caching to npm only when detected from package.json's packageManager field
- Updates documentation examples from older Node.js versions (14, 16, 18, 20) to version 24
- Improves error messaging to be more specific about npm auto-caching
Reviewed Changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 1 comment.
Show a summary per file
File | Description |
---|---|
src/main.ts | Restricts auto-caching logic to npm only and updates related comments |
docs/advanced-usage.md | Updates Node.js version examples from legacy versions to v24 |
action.yml | Updates package-manager-cache input description to clarify npm-only behavior |
tests/main.test.ts | Updates test to use npm instead of yarn for package manager detection |
README.md | Updates documentation to reflect npm-only auto-caching and Node.js v24 examples |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
I believe this change needs to be released as v6. I have already removed explicit caching option for a few projects and they work well because |
I would really love if something like my PR can get in as well, been sitting there for 3 years with very little attention: #702 |
In the context of My concern stems from the fact that there are multiple ways to specify a package manager and version, and they all slightly differ in their intended purpose:
|
|
Hello, As part of this PR, we introduce detection support for @scottohara 👋 , thank you for your thoughtful and detailed feedback. Your explanation of the differences between the Based on community feedback, we started support for We recognize that Your feedback and suggestions are always appreciated. Thank you! |
This inconsistency between package managers just seems not worth it to me. 🤷🏻 Together with the concerns raised in #1358 I still suggest to just go back on automatic cache enablement. |
@scottohara While I agree that
That is actually what GitHub Actions workflows almost categorically do when we're talking about projects based on Node.js. A workflow typically checks out a GitHub repository (that's what source code means here) to perform some tasks (e.g. run the project's linters or test suite(s)). To optimize for runner storage and workflow execution time, caching So,
In that documentation, installing your program refers to running |
That is not how I interpret the
This field is primarily used for consuming packages. Ie. I distribute a package called
So if you're gonna look at any property, it should be |
^ Adding some examples to this, in most of my yarn based projects, the engines is either not set or only includes node version ranges. The only one of the 3 properties that is set is I also have an unusual case to consider, in one project I have:
because inexperienced users kept not reading the docs and trying to use npm then ask for help with the confusing output. It wouldnt be terrible if this was misclassified, but it would be nice to not have to fight the action on this |
Please release it as a new major (v6). See #1374 (comment) for details. |
Given the general disagreement above on the purpose and intent of the various different fields and ways a package manager might be specified (by the author) or inferred (by this action), I tend to agree that this seems to be causing more issues than it solves. Unless automatic cache enablement could be made to work flawlessly with any package manager, and without requiring specific fields in the manifest, then a return to manual cache enablement seems like the best path forward here (that is, return to v4 behaviour). |
Perhaps this needs to be a separate issue / proposal? It seems that this PR is going ahead with enabling caching for npm by default, despite the arguments against this. |
In my opinion, since both yarn and pnpm essentially recommend corepack as the recommended way to install them, This is regardless of whether caching behaviour is automatic or manual. The last couple comments in #1357 summarised this issue quite well. Without built in corepack support (or package manager versioning support), workflows with yarn / pnpm basically becomes: setup-node -> corepack / manually install package manager -> setup-node (cache) This is a highly undesirable approach for anyone using yarn or pnpm. As for how to check what package manager is used, the action can simply let corepack decide what is the package manager with If the caching is manual, then package managers is already specified and this action can simply call |
IDK. This has already been raised in a number of issues and now on this PR. Seems to me the maintainers are aware of the suggestion, but have prioritised a different goal (automated caching for npm) as more important than any of the raised concerns. Which is absolutely their prerogative to do. Examples: |
@MikeMcC399, Thank you for your feedback. For this PR, the current approach is based on the implementation of feature request #686 and the feedback received so far. However, we’ll continue to monitor for additional feedback that may arise. If you feel strongly about this or have further suggestions, please consider opening a dedicated issue or proposal so the discussion can be more focused and visible to the community. @futursolo , |
Thanks for picking up the individual suggestions I made for this PR! I've reviewed the usage of I look forward to integrating the |
…ion in checkout-and-setup-node In `actions/setup-node` version 6 `package-manager-cache` is only supported for npm. See: actions/setup-node#1374
…ion in checkout-and-setup-node (#3151) In `actions/setup-node` version 6 `package-manager-cache` is only supported for npm. See: actions/setup-node#1374 PR Close #3151
| datasource | package | from | to | | ----------- | ------------------ | ------ | ------ | | github-tags | actions/setup-node | v4.0.3 | v6.0.0 | ## [vv6.0.0](https://github.com/actions/setup-node/releases/tag/v6.0.0) #### What's Changed **Breaking Changes** - Limit automatic caching to npm, update workflows and documentation by [@priyagupta108](https://github.com/priyagupta108) in [#1374](actions/setup-node#1374) **Dependency Upgrades** - Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by [@dependabot](https://github.com/dependabot)\[bot] in [#1336](actions/setup-node#1336) - Upgrade prettier from 2.8.8 to 3.6.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#1334](actions/setup-node#1334) - Upgrade actions/publish-action from 0.3.0 to 0.4.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#1362](actions/setup-node#1362) **Full Changelog**: <actions/setup-node@v5...v6.0.0> ## [vv5.0.0](https://github.com/actions/setup-node/releases/tag/v5.0.0) ##### What's Changed ##### Breaking Changes - Enhance caching in setup-node with automatic package manager detection by [@priya-kinthali](https://github.com/priya-kinthali) in [#1348](actions/setup-node#1348) This update, introduces automatic caching when a valid `packageManager` field is present in your `package.json`. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set `package-manager-cache: false` ```yaml steps: - uses: actions/checkout@v5 - uses: actions/setup-node@v5 with: package-manager-cache: false ``` - Upgrade action to use node24 by [@salmanmkc](https://github.com/salmanmkc) in [#1325](actions/setup-node#1325) Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. [See Release Notes](https://github.com/actions/runner/releases/tag/v2.327.1) ##### Dependency Upgrades - Upgrade [@octokit/request-error](https://github.com/octokit/request-error) and [@actions/github](https://github.com/actions/github) by [@dependabot](https://github.com/dependabot)\[bot] in [#1227](actions/setup-node#1227) - Upgrade uuid from 9.0.1 to 11.1.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#1273](actions/setup-node#1273) - Upgrade undici from 5.28.5 to 5.29.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#1295](actions/setup-node#1295) - Upgrade form-data to bring in fix for critical vulnerability by [@gowridurgad](https://github.com/gowridurgad) in [#1332](actions/setup-node#1332) - Upgrade actions/checkout from 4 to 5 by [@dependabot](https://github.com/dependabot)\[bot] in [#1345](actions/setup-node#1345) ##### New Contributors - [@priya-kinthali](https://github.com/priya-kinthali) made their first contribution in [#1348](actions/setup-node#1348) - [@salmanmkc](https://github.com/salmanmkc) made their first contribution in [#1325](actions/setup-node#1325) **Full Changelog**: <actions/setup-node@v4...v5.0.0> ## [vv4.4.0](https://github.com/actions/setup-node/releases/tag/v4.4.0) ##### What's Changed ##### Bug fixes: - Make eslint-compact matcher compatible with Stylelint by [@FloEdelmann](https://github.com/FloEdelmann) in [#98](actions/setup-node#98) - Add support for indented eslint output by [@fregante](https://github.com/fregante) in [#1245](actions/setup-node#1245) ##### Enhancement: - Support private mirrors by [@marco-ippolito](https://github.com/marco-ippolito) in [#1240](actions/setup-node#1240) ##### Dependency update: - Upgrade [@action/cache](https://github.com/action/cache) from 4.0.2 to 4.0.3 by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in [#1262](actions/setup-node#1262) ##### New Contributors - [@FloEdelmann](https://github.com/FloEdelmann) made their first contribution in [#98](actions/setup-node#98) - [@fregante](https://github.com/fregante) made their first contribution in [#1245](actions/setup-node#1245) - [@marco-ippolito](https://github.com/marco-ippolito) made their first contribution in [#1240](actions/setup-node#1240) **Full Changelog**: <actions/setup-node@v4...v4.4.0> ## [vv4.3.0](https://github.com/actions/setup-node/releases/tag/v4.3.0) #### What's Changed ##### Dependency updates - Upgrade [@actions/glob](https://github.com/actions/glob) from 0.4.0 to 0.5.0 by [@dependabot](https://github.com/dependabot) in [#1200](actions/setup-node#1200) - Upgrade [@action/cache](https://github.com/action/cache) from 4.0.0 to 4.0.2 by [@gowridurgad](https://github.com/gowridurgad) in [#1251](actions/setup-node#1251) - Upgrade [@vercel/ncc](https://github.com/vercel/ncc) from 0.38.1 to 0.38.3 by [@dependabot](https://github.com/dependabot) in [#1203](actions/setup-node#1203) - Upgrade [@actions/tool-cache](https://github.com/actions/tool-cache) from 2.0.1 to 2.0.2 by [@dependabot](https://github.com/dependabot) in [#1220](actions/setup-node#1220) #### New Contributors - [@gowridurgad](https://github.com/gowridurgad) made their first contribution in [#1251](actions/setup-node#1251) **Full Changelog**: <actions/setup-node@v4...v4.3.0> ## [vv4.2.0](https://github.com/actions/setup-node/releases/tag/v4.2.0) #### What's Changed - Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in [#1174](actions/setup-node#1174) - Add recommended permissions section to readme by [@benwells](https://github.com/benwells) in [#1193](actions/setup-node#1193) - Configure Dependabot settings by [@HarithaVattikuti](https://github.com/HarithaVattikuti) in [#1192](actions/setup-node#1192) - Upgrade `@actions/cache` to `^4.0.0` by [@priyagupta108](https://github.com/priyagupta108) in [#1191](actions/setup-node#1191) - Upgrade pnpm/action-setup from 2 to 4 by [@dependabot](https://github.com/dependabot) in [#1194](actions/setup-node#1194) - Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by [@dependabot](https://github.com/dependabot) in [#1195](actions/setup-node#1195) - Upgrade semver from 7.6.0 to 7.6.3 by [@dependabot](https://github.com/dependabot) in [#1196](actions/setup-node#1196) - Upgrade [@types/jest](https://github.com/types/jest) from 29.5.12 to 29.5.14 by [@dependabot](https://github.com/dependabot) in [#1201](actions/setup-node#1201) - Upgrade undici from 5.28.4 to 5.28.5 by [@dependabot](https://github.com/dependabot) in [#1205](actions/setup-node#1205) #### New Contributors - [@benwells](https://github.com/benwells) made their first contribution in [#1193](actions/setup-node#1193) **Full Changelog**: <actions/setup-node@v4...v4.2.0> ## [vv4.1.0](https://github.com/actions/setup-node/releases/tag/v4.1.0) ##### What's Changed - Resolve High Security Alerts by upgrading Dependencies by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in [#1132](actions/setup-node#1132) - Upgrade IA Publish by [@Jcambass](https://github.com/Jcambass) in [#1134](actions/setup-node#1134) - Revise `isGhes` logic by [@jww3](https://github.com/jww3) in [#1148](actions/setup-node#1148) - Add architecture to cache key by [@pengx17](https://github.com/pengx17) in [#843](actions/setup-node#843) This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format. ##### New Contributors - [@jww3](https://github.com/jww3) made their first contribution in [#1148](actions/setup-node#1148) - [@pengx17](https://github.com/pengx17) made their first contribution in [#843](actions/setup-node#843) **Full Changelog**: <actions/setup-node@v4...v4.1.0> ## [vv4.0.4](https://github.com/actions/setup-node/releases/tag/v4.0.4) #### What's Changed - Add workflow file for publishing releases to immutable action package by [@Jcambass](https://github.com/Jcambass) in [#1125](actions/setup-node#1125) - Enhance Windows ARM64 Setup and Update micromatch Dependency by [@priyagupta108](https://github.com/priyagupta108) in [#1126](actions/setup-node#1126) ##### Documentation changes: - Documentation update in the README file by [@suyashgaonkar](https://github.com/suyashgaonkar) in [#1106](actions/setup-node#1106) - Correct invalid 'lts' version string reference by [@fulldecent](https://github.com/fulldecent) in [#1124](actions/setup-node#1124) #### New Contributors - [@suyashgaonkar](https://github.com/suyashgaonkar) made their first contribution in [#1106](actions/setup-node#1106) - [@priyagupta108](https://github.com/priyagupta108) made their first contribution in [#1126](actions/setup-node#1126) - [@Jcambass](https://github.com/Jcambass) made their first contribution in [#1125](actions/setup-node#1125) - [@fulldecent](https://github.com/fulldecent) made their first contribution in [#1124](actions/setup-node#1124) **Full Changelog**: <actions/setup-node@v4...v4.0.4>
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5.0.0 to 6.0.0. Release notes *Sourced from [actions/setup-node's releases](https://github.com/actions/setup-node/releases).* > v6.0.0 > ------ > > What's Changed > -------------- > > **Breaking Changes** > > * Limit automatic caching to npm, update workflows and documentation by [`@priyagupta108`](https://github.com/priyagupta108) in [actions/setup-node#1374](https://redirect.github.com/actions/setup-node/pull/1374) > > **Dependency Upgrades** > > * Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by [`@dependabot`](https://github.com/dependabot)[bot] in [#1336](https://redirect.github.com/actions/setup-node/pull/1336) > * Upgrade prettier from 2.8.8 to 3.6.2 by [`@dependabot`](https://github.com/dependabot)[bot] in [#1334](https://redirect.github.com/actions/setup-node/pull/1334) > * Upgrade actions/publish-action from 0.3.0 to 0.4.0 by [`@dependabot`](https://github.com/dependabot)[bot] in [#1362](https://redirect.github.com/actions/setup-node/pull/1362) > > **Full Changelog**: <actions/setup-node@v5...v6.0.0> Commits * [`2028fbc`](actions/setup-node@2028fbc) Limit automatic caching to npm, update workflows and documentation ([#1374](https://redirect.github.com/actions/setup-node/issues/1374)) * [`1342781`](actions/setup-node@1342781) Bump actions/publish-action from 0.3.0 to 0.4.0 ([#1362](https://redirect.github.com/actions/setup-node/issues/1362)) * [`89d709d`](actions/setup-node@89d709d) Bump prettier from 2.8.8 to 3.6.2 ([#1334](https://redirect.github.com/actions/setup-node/issues/1334)) * [`cd2651c`](actions/setup-node@cd2651c) Bump ts-jest from 29.1.2 to 29.4.1 ([#1336](https://redirect.github.com/actions/setup-node/issues/1336)) * See full diff in [compare view](actions/setup-node@a0853c2...2028fbc) [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
…ctions#1374) * default to auto-caching only for npm package manager and documentation update * refactor: enhance package manager detection for auto-caching * add devEngines.packageManager detection logic for npm auto-caching * chore: bump version to 6.0.0 and update documentation * docs: update README and action.yml for npm caching logic clarification * chore: update Node.js version in workflows * chore: update Node.js versions in versions.yml * chore: update rc Node.js version in versions.yml * chore: switch macos-13 runner to macos-latest-large in workflow * docs: update README and advanced usage documentation
Description:
This PR updates the caching logic to refine the automatic caching feature added in response to Feature Request #686 and implemented in #1348. In addition, it updates workflow configurations and documentation for improved clarity and compatibility.
Key Changes:
package.json
contains either adevEngines.packageManager
field or a top-levelpackageManager
field set tonpm
, and no explicitcache
input is provided.pnpm
oryarn
can do so manually via thecache
input.macos-13
withmacos-latest-large
in workflows, following actions/runner-images#13046.Related issues:
package-manager-cache
added #1351pnpm
#1357Check list: