fix: drop patchPnpmEnv so standalone+self-update works on Windows

`patchPnpmEnv` prepended `dest/node_modules/.bin` to PATH before spawning `pnpm install` / `pnpm store prune`. On Windows in standalone mode, `.bin/pnpm.cmd` is an npm-created shim that always points at the BOOTSTRAP pnpm (currently 11.0.4) — the binary npm linked when it installed `@pnpm/exe` into `node_modules`. The self-updated pnpm written by `pnpm self-update` lives at `$PNPM_HOME/bin`, which is separately added to PATH via `addPath()` in install-pnpm. When the user requested a pnpm version different from the bootstrap under `standalone: true` on Windows, patchPnpmEnv's `.bin` entry shadowed the self-updated `$PNPM_HOME/bin` and the action's internal `pnpm install` ran on the bootstrap. On a pnpm 11.0.x bootstrap this broke any 11.1+ install flag (e.g. `--no-runtime`), reporting: ERROR Unknown option: 'runtime' POSIX standalone got lucky because `.bin` and `$PNPM_HOME` resolve to the same directory there. Non-standalone never tripped on this since the `.bin/pnpm` symlink for a regular `pnpm` package keeps working across self-updates. Removed `patchPnpmEnv` and the now-empty `src/utils/` module. `spawnSync` now inherits `process.env`, whose PATH is already correctly fronted by `$PNPM_HOME/bin` and `$PNPM_HOME` via the `addPath` calls in install-pnpm. Added `standalone_windows_self_update` to test.yaml as a regression guard: standalone on Windows + target 11.1.0 + `run_install` with `--no-runtime`. With the previous code, the install would have run under the bootstrap (11.0.4) and errored on the unknown flag. Originally found while building pnpm/setup (the new combined pnpm + runtime action).
2026-06-05 14:53:45 +08:00 · 2026-05-11 21:19:59 +02:00
2 changed files with 2 additions and 29 deletions
--- a/README.md
+++ b/README.md
@@ -48,7 +48,7 @@ If `run_install` is a YAML string representation of either an object or an array

 ### `cache_dependency_path`

-**Optional** (_type:_ `string`, _default:_ `pnpm-lock.yaml`) File path to the pnpm lockfile, whose contents hash will be used as a cache key. Accepts multiple paths delimited by newlines.
+**Optional** (_type:_ `string|string[]`, _default:_ `pnpm-lock.yaml`) File path to the pnpm lockfile, which contents hash will be used as a cache key.

 ### `package_json_file`

@@ -158,33 +158,6 @@ jobs:

 **Note:** You don't need to run `pnpm store prune` at the end; post-action has already taken care of that.

-### Cache dependencies from multiple lockfiles
-
-```yaml
-on:
-  - push
-  - pull_request
-
-jobs:
-  cache-and-install-multiple:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-
-      - uses: pnpm/action-setup@v6
-        with:
-          version: 10
-          cache: true
-          cache_dependency_path: |
-            one/pnpm-lock.yaml
-            two/pnpm-lock.yaml
-          run_install: |
-            - cwd: one
-            - cwd: two
-```
-
 ## Notes

 This action does not setup Node.js for you, use [actions/setup-node](https://github.com/actions/setup-node) yourself.
--- a/action.yml
+++ b/action.yml
@@ -20,7 +20,7 @@ inputs:
    required: false
    default: 'false'
  cache_dependency_path:
-    description: File path to the pnpm lockfile, whose contents hash will be used as a cache key. Accepts multiple paths delimited by newlines.
+    description: File path to the pnpm lockfile, which contents hash will be used as a cache key
    required: false
    default: 'pnpm-lock.yaml'
  package_json_file: