Merge 35353b8037 into 41ff726559

The original message made it sound like it checked the store and decided there was nothing to prune, in reality pruning just did not run if run_install was not set.

.github/CODEOWNERS

@@ -1 +0,0 @@
-* @zkochan

.github/workflows/pr-check.yaml

@@ -1,28 +0,0 @@
-name: pr-check
-
-on: [ pull_request ]
-
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
-  cancel-in-progress: true
-
-jobs:
-  check-dist:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
-
-      - name: Setup pnpm
-        uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
-        with:
-          run_install: true
-          version: 9
-
-      - name: Update dist/index.js
-        run: pnpm run build
-
-      - name: Check for uncommitted changes in dist
-        run: git diff --exit-code dist/index.js

.github/workflows/test.yaml

@@ -1,306 +1,147 @@
 name: Test Action
 
 on:
-  pull_request:
-  push:
-    branches:
-      - master
-  workflow_dispatch:
+  - push
+  - pull_request
+  - workflow_dispatch
 
 jobs:
-  smoke:
-    # Cross-OS coverage. Exercises the bootstrap install + PATH on each platform,
-    # the version-respects-request regression (#225 / #230 — Windows PATH shadow),
-    # and the bin_dest output regression (#247). Multi-version coverage on Linux
-    # so we don't pay 3x for major-version differences.
-    name: 'Smoke (${{ matrix.name }})'
+  test_default_inputs:
+    name: Test with default inputs
 
     runs-on: ${{ matrix.os }}
 
     strategy:
       fail-fast: false
       matrix:
-        include:
-          - name: 'ubuntu / v9.15.5'
-            os: ubuntu-latest
-            version: '9.15.5'
-          - name: 'ubuntu / v10.33.0'
-            os: ubuntu-latest
-            version: '10.33.0'
-          - name: 'ubuntu / v9.15.5 / custom-dest'
-            os: ubuntu-latest
-            version: '9.15.5'
-            dest: '~/test/pnpm'
-          - name: 'macos / v9.15.5'
-            os: macos-latest
-            version: '9.15.5'
-          - name: 'windows / v9.15.5'
-            os: windows-latest
-            version: '9.15.5'
+        pnpm:
+          - 9.15.5
+        os:
+          - ubuntu-latest
+          - macos-latest
+          - windows-latest
 
     steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
-
-      - id: pnpm
-        name: Run the action
-        uses: ./
-        with:
-          version: ${{ matrix.version }}
-          dest: ${{ matrix.dest || '~/setup-pnpm' }}
-
-      - name: 'Test: pnpm/pnpx on PATH report the requested version (incl. via bin_dest)'
-        # Pass paths via env, not template interpolation, so Windows
-        # backslashes in `bin_dest` aren't eaten by bash's escape handling.
-        env:
-          BIN_DEST: ${{ steps.pnpm.outputs.bin_dest }}
-          REQUIRED: ${{ matrix.version }}
-        run: |
-          set -e
-          which pnpm
-          which pnpx
-          actual="$(pnpm --version)"
-          echo "pnpm --version: ${actual}"
-          if [ "${actual}" != "${REQUIRED}" ]; then
-            echo "Expected pnpm version ${REQUIRED}, but got ${actual}"
-            exit 1
-          fi
-          bin_dest_version="$("$BIN_DEST/pnpm" --version)"
-          echo "bin_dest pnpm --version: ${bin_dest_version}"
-          if [ "${bin_dest_version}" != "${REQUIRED}" ]; then
-            echo "Expected ${REQUIRED} via bin_dest, but got ${bin_dest_version}"
-            exit 1
-          fi
-        shell: bash
-
-      - name: 'Test: install in a fresh project'
-        run: |
-          mkdir /tmp/test-project
-          cd /tmp/test-project
-          pnpm init
-          pnpm add is-odd
-        shell: bash
-
-  manifest_pin:
-    # Folds the old test_package_manager_field, test_dev_engines, and
-    # test_dev_engines_on_fail_error jobs. The action's manifest handling is
-    # OS-independent, so ubuntu-only is sufficient.
-    name: 'Manifest pin: ${{ matrix.label }}'
-
-    runs-on: ubuntu-latest
-
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - label: 'packageManager pnpm@9.15.5 (#227)'
-            manifest: '{"packageManager":"pnpm@9.15.5"}'
-            version: '9.15.5'
-          - label: 'packageManager pnpm@10.33.0'
-            manifest: '{"packageManager":"pnpm@10.33.0"}'
-            version: '10.33.0'
-          - label: 'devEngines onFail=download, exact'
-            manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":"9.15.5","onFail":"download"}}}'
-            version: '9.15.5'
-          - label: 'devEngines onFail=download, range'
-            manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":">=9.15.0","onFail":"download"}}}'
-            version: '>=9.15.0'
-          - label: 'devEngines onFail=error, exact (#252)'
-            manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":"9.15.5","onFail":"error"}}}'
-            version: '9.15.5'
-          - label: 'devEngines onFail=error, range (#252)'
-            manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":">=9.15.0","onFail":"error"}}}'
-            version: '>=9.15.0'
-          - label: 'explicit version: pnpm_config_pm_on_fail not exported'
-            # Regression guard for the af8e203 scope fix: when the user passes an
-            # explicit `version:` input, the action must NOT export
-            # pnpm_config_pm_on_fail=download, so the user's strict onFail policy
-            # is preserved. Asserted directly on the env var rather than pnpm
-            # runtime behavior — different pnpm majors read devEngines
-            # differently (v10 ignores it, v11+ honors it).
-            manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":"9.15.5","onFail":"error"}}}'
-            explicit_version: '10.33.0'
-            expect_pm_on_fail_unset: true
-
-    steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
-
-      - name: Set up package.json
-        run: echo '${{ matrix.manifest }}' > package.json
-        shell: bash
+      - uses: actions/checkout@v4
 
       - name: Run the action
         uses: ./
         with:
-          version: ${{ matrix.explicit_version }}
+          version: 9.15.5
 
-      - name: 'Test: pnpm reports the pinned version'
-        if: ${{ !matrix.expect_pm_on_fail_unset }}
-        env:
-          REQUIRED: ${{ matrix.version }}
-        run: |
-          set -e
-          actual="$(pnpm --version)"
-          echo "pnpm version: ${actual}"
-          if [ "${REQUIRED}" = ">=9.15.0" ]; then
-            min="9.15.0"
-            if [ "$(printf '%s\n' "${min}" "${actual}" | sort -V | head -n1)" != "${min}" ]; then
-              echo "Expected pnpm version >= ${min}, but got ${actual}"
-              exit 1
-            fi
-          else
-            if [ "${actual}" != "${REQUIRED}" ]; then
-              echo "Expected pnpm version ${REQUIRED}, but got ${actual}"
-              exit 1
-            fi
-          fi
-        shell: bash
+      - name: 'Test: which'
+        run: which pnpm; which pnpx
 
-      - name: 'Test: pnpm_config_pm_on_fail not exported (explicit version preserves strict policy)'
-        if: ${{ matrix.expect_pm_on_fail_unset }}
-        run: |
-          if [ -n "${pnpm_config_pm_on_fail:-}" ]; then
-            echo "Expected pnpm_config_pm_on_fail to be unset, but got: '${pnpm_config_pm_on_fail}'"
-            exit 1
-          fi
-          echo "pnpm_config_pm_on_fail is unset, as expected"
-        shell: bash
+      - name: 'Test: install'
+        run: pnpm install
 
-  standalone:
-    name: Standalone mode
+  test_dest:
+    name: Test with dest
 
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        pnpm:
+          - 9.15.5
+        os:
+          - ubuntu-latest
+          - macos-latest
+          - windows-latest
 
     steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - uses: actions/checkout@v4
+
+      - name: Run the action
+        uses: ./
+        with:
+          version: 9.15.5
+          dest: ~/test/pnpm
+
+      - name: 'Test: which'
+        run: which pnpm && which pnpx
+
+      - name: 'Test: install'
+        run: pnpm install
+
+  test_standalone:
+    name: Test with standalone
+
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-latest
+          - macos-latest
+          - windows-latest
+
+        standalone:
+          - true
+          - false
+
+    steps:
+      - uses: actions/checkout@v4
 
       - name: Run the action
         uses: ./
         with:
           version: 9.15.0
-          standalone: true
+          standalone: ${{ matrix.standalone }}
 
-      - name: 'Test: pnpm works'
-        run: |
-          set -e
-          which pnpm
-          actual="$(pnpm --version)"
-          if [ "${actual}" != "9.15.0" ]; then
-            echo "Expected 9.15.0, got ${actual}"
-            exit 1
-          fi
-          mkdir /tmp/test-standalone
-          cd /tmp/test-standalone
-          pnpm init
-          pnpm add is-odd
-        shell: bash
-
-  standalone_windows_self_update:
-    # Regression guard for the patchPnpmEnv PATH-shadow bug. When
-    # standalone: true on Windows AND the requested pnpm differs from the
-    # bootstrap, the previous patchPnpmEnv prepended node_modules/.bin to
-    # PATH; that directory contains an npm-created pnpm.cmd shim pointing
-    # at the BOOTSTRAP pnpm, which shadowed the self-updated pnpm at
-    # $PNPM_HOME/bin and caused `pnpm install` inside the action to run
-    # under the bootstrap version. Exercising a newer-pnpm-only flag
-    # (`--no-runtime`, added in 11.1.0) makes the regression assertable:
-    # if the bootstrap (11.0.4) handles the install, it errors with
-    # "Unknown option: 'runtime'".
-    name: 'Standalone Windows self-update (PATH regression)'
-    runs-on: windows-latest
-    steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
-
-      - name: Set up package.json with a minimal manifest
-        # run_install needs a manifest to install against. Removing the
-        # repo's existing pnpm-lock.yaml avoids frozen-lockfile mismatch.
-        run: |
-          rm -f pnpm-lock.yaml
-          echo '{"name":"sw","private":true,"packageManager":"pnpm@11.1.0"}' > package.json
-        shell: bash
-
-      - name: Run the action
-        uses: ./
+      - name: install Node.js
+        uses: actions/setup-node@v4
         with:
-          version: 11.1.0
-          standalone: true
-          run_install: |
-            args: ['--no-runtime']
+          # pnpm@7.0.0 is not compatible with Node.js 12
+          node-version: 12.22.12
 
-      - name: 'Test: pnpm install completed under the self-updated pnpm'
-        # If the bug recurs, the previous step's run_install will have failed
-        # the job with "Unknown option: 'runtime'", so reaching this step
-        # implies success. Still verify the version on PATH matches request.
-        env:
-          REQUIRED: '11.1.0'
-        run: |
-          set -e
-          actual="$(pnpm --version)"
-          echo "pnpm --version: ${actual}"
-          if [ "${actual}" != "${REQUIRED}" ]; then
-            echo "Expected pnpm ${REQUIRED}, got ${actual}"
-            exit 1
-          fi
+      - name: 'Test: which (pnpm)'
+        run: which pnpm
+
+      - name: 'Test: which (pnpx)'
+        if: matrix.standalone == false
+        run: which pnpx
+
+      - name: 'Test: install when standalone is true'
+        if: matrix.standalone
+        run: pnpm install
+
+      - name: 'Test: install when standalone is false'
+        if: matrix.standalone == false
+        # Since the default shell on windows runner is pwsh, we specify bash explicitly
         shell: bash
+        run: |
+          if pnpm install; then
+            echo "pnpm install should fail"
+            exit 1
+          else
+            echo "pnpm install failed as expected"
+          fi
 
-  cache_store_path:
-    # Regression guard for #233. When package.json pins a pnpm major that
-    # differs from the bootstrap pnpm's major, the bootstrap reports its
-    # own STORE_VERSION from `pnpm store path` (the `store` command skips
-    # pnpm's auto-switch). The user's actual `pnpm install` runs under the
-    # pinned version and writes to a different STORE_VERSION, so the post
-    # step's saveCache then fails with "Path Validation Error". The fix is
-    # to self-update the bootstrap to the pinned version up front.
-    name: 'Cache store path matches install (#233): ${{ matrix.label }}'
+  test_run_install:
+    name: 'Test with run_install (${{ matrix.run_install.name }}, prune=${{matrix.store_prune}}, ${{ matrix.os }})'
 
-    runs-on: ubuntu-latest
-
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - label: 'packageManager pnpm@10.33.0'
-            manifest: '{"packageManager":"pnpm@10.33.0","dependencies":{"is-odd":"3.0.1"}}'
-          - label: 'devEngines exact pnpm@10.33.0'
-            manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":"10.33.0"}},"dependencies":{"is-odd":"3.0.1"}}'
-          - label: 'devEngines range >=10 <11'
-            manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":">=10 <11"}},"dependencies":{"is-odd":"3.0.1"}}'
-
-    steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
-
-      - name: Set up package.json
-        run: echo '${{ matrix.manifest }}' > package.json
-        shell: bash
-
-      - id: pnpm
-        uses: ./
-        with:
-          cache: true
-          run_install: |
-            - args: [--no-frozen-lockfile]
-
-      - name: 'Test: store path computed by the action exists on disk'
-        run: |
-          set -e
-          actual="$(pnpm store path --silent)"
-          echo "pnpm store path: ${actual}"
-          if [ ! -d "${actual}" ]; then
-            echo "Expected store path to exist on disk; cache save would fail"
-            exit 1
-          fi
-        shell: bash
-
-  run_install:
-    name: 'run_install (${{ matrix.run_install.name }})'
-
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.os }}
 
     strategy:
       fail-fast: false
       matrix:
+        pnpm:
+          - 9.15.5
+        os:
+          - ubuntu-latest
+          - macos-latest
+          - windows-latest
         run_install:
           - name: 'null'
             value: 'null'
+          - name: 'empty object'
+            value: '{}'
+          - name: 'recursive'
+            value: |
+              recursive: true
           - name: 'global'
             value: |
               args:
@@ -308,24 +149,31 @@ jobs:
                 - --global-dir=./pnpm-global
                 - npm
                 - yarn
+          - name: 'array'
+            value: |
+              - {}
+              - recursive: true
+              - args:
+                - --global
+                - --global-dir=./pnpm-global
+                - npm
+                - yarn
+        store_prune:
+          - 'true'
+          - 'false'
 
     steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - uses: actions/checkout@v4
 
       - name: Run the action
         uses: ./
         with:
           version: 9.15.5
           run_install: ${{ matrix.run_install.value }}
+          store_prune: ${{ matrix.store_prune }}
 
-      - name: 'Test: pnpm works'
-        run: |
-          set -e
-          which pnpm
-          which pnpx
-          actual="$(pnpm --version)"
-          if [ "${actual}" != "9.15.5" ]; then
-            echo "Expected 9.15.5, got ${actual}"
-            exit 1
-          fi
-        shell: bash
+      - name: 'Test: which'
+        run: which pnpm; which pnpx
+
+      - name: 'Test: install'
+        run: pnpm install

.gitignore

@@ -2,6 +2,8 @@ node_modules
 *.log
 /dist/*
 !/dist/index.js
+!/dist/pnpm.cjs
+!/dist/worker.js
 tmp
 temp
 *.tmp
@@ -9,4 +11,3 @@ temp
 tmp.*
 temp.*
 .pnpm-store
-.claude

README.md

@@ -14,7 +14,7 @@ Version of pnpm to install.
 
 **Optional** when there is a [`packageManager` field in the `package.json`](https://nodejs.org/api/corepack.html).
 
-otherwise, this field is **required** It supports npm versioning scheme, it could be an exact version (such as `10.9.8`), or a version range (such as `10`, `10.x.x`, `10.9.x`, `^10.9.8`, `*`, etc.), or `latest`.
+otherwise, this field is **required** It supports npm versioning scheme, it could be an exact version (such as `6.24.1`), or a version range (such as `6`, `6.x.x`, `6.24.x`, `^6.24.1`, `*`, etc.), or `latest`.
 
 ### `dest`
 
@@ -30,6 +30,8 @@ If `run_install` is `true`, pnpm will install dependencies recursively.
 
 If `run_install` is a YAML string representation of either an object or an array, pnpm will execute every install commands.
 
+If any `run_install` is not falsy, and `store_prune` is not set to `false`, `pnpm store prune` will be executed after all install commands have been executed. This is to ensure the pnpm store is pruned before caching.
+
 #### `run_install.recursive`
 
 **Optional** (_type:_ `boolean`, _default:_ `false`) Whether to use `pnpm recursive install`.
@@ -42,13 +44,9 @@ If `run_install` is a YAML string representation of either an object or an array
 
 **Optional** (_type:_ `string[]`) Additional arguments after `pnpm [recursive] install`, e.g. `[--ignore-scripts, --strict-peer-dependencies]`.
 
-### `cache`
+#### `store_prune`
 
-**Optional** (_type:_ `boolean`, _default:_ `false`) Whether to cache the pnpm store directory.
-
-### `cache_dependency_path`
-
-**Optional** (_type:_ `string|string[]`, _default:_ `pnpm-lock.yaml`) File path to the pnpm lockfile, which contents hash will be used as a cache key.
+**Optional** (_type:_ `boolean`, _default:_ `true`) Whether to run `pnpm store prune` after installation. If `run_install` is falsy, this option will be ignored. If you run `pnpm install` on your own, and intend to cache the pnpm store, it's recommended to run `pnpm store prune` yourself to make sure the store that will be cached is pruned.
 
 ### `package_json_file`
 
@@ -86,7 +84,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: pnpm/action-setup@v6
+      - uses: pnpm/action-setup@v4
         with:
           version: 10
 ```
@@ -105,7 +103,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: pnpm/action-setup@v6
+      - uses: pnpm/action-setup@v4
 ```
 
 ### Install pnpm and a few npm packages
@@ -120,12 +118,12 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4
 
-      - uses: pnpm/action-setup@v6
+      - uses: pnpm/action-setup@v4
         with:
           version: 10
-          run_install: |
+          run_install:
             - recursive: true
               args: [--strict-peer-dependencies]
             - args: [--global, gulp, prettier, typescript]
@@ -144,19 +142,28 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
 
-      - uses: pnpm/action-setup@v6
+      - uses: pnpm/action-setup@v4
         name: Install pnpm
         with:
           version: 10
-          cache: true
+          run_install: false
+
+      - name: Install Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'pnpm'
 
       - name: Install dependencies
         run: pnpm install
+
+      - name: Prune pnpm store
+        run: pnpm store prune
 ```
 
-**Note:** You don't need to run `pnpm store prune` at the end; post-action has already taken care of that.
+**Note:** If you you opt to run install on your own (`run_install: false`), it's recommended to run [`pnpm store prune`](https://pnpm.io/cli/store#prune) after installation to make sure the store that will be cached is pruned.
 
 ## Notes
 

action.yml

@@ -15,16 +15,12 @@ inputs:
     description: If specified, run `pnpm install`
     required: false
     default: 'null'
-  cache:
-    description: Whether to cache the pnpm store directory
+  store_prune:
+    description: Enable store pruning after installation. Set to false to disable.
     required: false
-    default: 'false'
-  cache_dependency_path:
-    description: File path to the pnpm lockfile, which contents hash will be used as a cache key
-    required: false
-    default: 'pnpm-lock.yaml'
+    default: 'true'
   package_json_file:
-    description: File path to the package.json to read "packageManager" configuration. This path must be relative to the repository root (GITHUB_WORKSPACE).
+    description: File path to the package.json to read "packageManager" configuration
     required: false
     default: 'package.json'
   standalone:
@@ -37,6 +33,5 @@ outputs:
   bin_dest:
     description: Location of `pnpm` and `pnpx` command
 runs:
-  using: node24
+  using: node20
   main: dist/index.js
-  post: dist/index.js

package.json

@@ -1,24 +1,23 @@
 {
   "private": true,
   "scripts": {
-    "build:bundle": "esbuild src/index.ts --bundle --platform=node --target=node24 --format=cjs --minify --outfile=dist/index.js --loader:.json=json",
-    "build": "pnpm run build:bundle",
+    "build:ncc": "ncc build --minify --no-source-map-register --no-cache dist/tsc/index.js --out dist/",
+    "build": "tsc && pnpm run build:ncc",
     "start": "pnpm run build && sh ./run.sh",
-    "update-bootstrap": "node scripts/update-bootstrap.mjs"
+    "update-pnpm-dist": "pnpm install && cp ./node_modules/pnpm/dist/pnpm.cjs ./dist/pnpm.cjs && cp ./node_modules/pnpm/dist/worker.js ./dist/worker.js"
   },
   "dependencies": {
-    "@actions/cache": "^4.1.0",
     "@actions/core": "^1.10.1",
-    "@actions/exec": "^1.1.1",
-    "@actions/glob": "^0.5.0",
     "@types/expand-tilde": "^2.0.2",
-    "@types/node": "^22.0.0",
+    "@types/node": "^20.11.5",
+    "@types/node-fetch": "^2.6.11",
     "expand-tilde": "^2.0.2",
     "yaml": "^2.3.4",
     "zod": "^3.22.4"
   },
   "devDependencies": {
-    "esbuild": "^0.27.4",
+    "@vercel/ncc": "^0.38.1",
+    "pnpm": "^8.14.3",
     "typescript": "^5.3.3"
   }
 }

pnpm-workspace.yaml

@@ -1,4 +0,0 @@
-packages:
-  - '.'
-allowBuilds:
-  esbuild: true

scripts/update-bootstrap.mjs

@@ -1,47 +0,0 @@
-#!/usr/bin/env node
-
-// Usage: node scripts/update-bootstrap.mjs [version]
-// If version is omitted, fetches the latest next-11 tag from npm.
-// Regenerates the bootstrap lockfiles used by action-setup to install pnpm via npm.
-
-import { execSync } from 'child_process'
-import { mkdtempSync, rmSync, readFileSync, writeFileSync } from 'fs'
-import { join } from 'path'
-import { tmpdir } from 'os'
-
-const BOOTSTRAP_DIR = new URL('../src/install-pnpm/bootstrap/', import.meta.url).pathname
-
-const version = process.argv[2] || resolveLatestVersion()
-
-console.log(`Updating bootstrap lockfiles to pnpm@${version} ...`)
-
-generateLock('pnpm-lock.json', { pnpm: version }, 'bootstrap-pnpm')
-generateLock('exe-lock.json', { '@pnpm/exe': version }, 'bootstrap-exe')
-
-console.log('Done!')
-
-function resolveLatestVersion() {
-  const json = execSync('npm view @pnpm/exe dist-tags --json', { encoding: 'utf8' })
-  const tags = JSON.parse(json)
-  const version = tags['next-11'] || tags['latest']
-  if (!version) {
-    console.error('Could not determine latest pnpm version from npm dist-tags')
-    process.exit(1)
-  }
-  return version
-}
-
-function generateLock(filename, dependencies, name) {
-  const tmp = mkdtempSync(join(tmpdir(), 'pnpm-bootstrap-'))
-  try {
-    writeFileSync(join(tmp, 'package.json'), JSON.stringify({ private: true, dependencies }))
-    execSync('npm install --package-lock-only --ignore-scripts', { cwd: tmp, stdio: 'pipe' })
-    const lock = readFileSync(join(tmp, 'package-lock.json'), 'utf8')
-    const parsed = JSON.parse(lock)
-    parsed.name = name
-    writeFileSync(join(BOOTSTRAP_DIR, filename), JSON.stringify(parsed, null, 2) + '\n')
-    console.log(`  ${filename} -> ${Object.values(dependencies)[0]}@${version}`)
-  } finally {
-    rmSync(tmp, { recursive: true, force: true })
-  }
-}

src/cache-restore/index.ts

@@ -1,19 +0,0 @@
-import { isFeatureAvailable } from '@actions/cache'
-import { endGroup, startGroup, warning } from '@actions/core'
-import { Inputs } from '../inputs'
-import { runRestoreCache } from './run'
-
-export async function restoreCache(inputs: Inputs) {
-  if (!inputs.cache) return
-
-  if (!isFeatureAvailable()) {
-    warning('Cache is not available, skipping cache restoration')
-    return
-  }
-
-  startGroup('Restoring cache...')
-  await runRestoreCache(inputs)
-  endGroup()
-}
-
-export default restoreCache

src/cache-restore/run.ts

@@ -1,39 +0,0 @@
-import { restoreCache } from '@actions/cache'
-import { debug, info, saveState, setOutput } from '@actions/core'
-import { getExecOutput } from '@actions/exec'
-import { hashFiles } from '@actions/glob'
-import os from 'os'
-import { Inputs } from '../inputs'
-
-export async function runRestoreCache(inputs: Inputs) {
-  const cachePath = await getCacheDirectory()
-  saveState('cache_path', cachePath)
-
-  const fileHash = await hashFiles(inputs.cacheDependencyPath)
-  if (!fileHash) {
-    throw new Error('Some specified paths were not resolved, unable to cache dependencies.')
-  }
-
-  const primaryKey = `pnpm-cache-${process.env.RUNNER_OS}-${os.arch()}-${fileHash}`
-  debug(`Primary key is ${primaryKey}`)
-  saveState('cache_primary_key', primaryKey)
-
-  let cacheKey = await restoreCache([cachePath], primaryKey)
-
-  setOutput('cache-hit', Boolean(cacheKey))
-
-  if (!cacheKey) {
-    info(`Cache is not found`)
-    return
-  }
-
-  saveState('cache_restored_key', cacheKey)
-  info(`Cache restored from key: ${cacheKey}`)
-}
-
-async function getCacheDirectory() {
-  const { stdout } = await getExecOutput('pnpm store path --silent')
-  const cacheFolderPath = stdout.trim()
-  debug(`Cache folder is set to "${cacheFolderPath}"`)
-  return cacheFolderPath
-}

src/cache-save/index.ts

@@ -1,15 +0,0 @@
-import { setFailed } from '@actions/core'
-import { Inputs } from '../inputs'
-import { runSaveCache } from './run'
-
-export async function saveCache(inputs: Inputs) {
-  if (!inputs.cache) return
-
-  try {
-    await runSaveCache()
-  } catch (error) {
-    setFailed((error as Error).message)
-  }
-}
-
-export default saveCache

src/cache-save/run.ts

@@ -1,18 +0,0 @@
-import { saveCache } from '@actions/cache'
-import { getState, info } from '@actions/core'
-
-export async function runSaveCache() {
-  const state = getState('cache_restored_key')
-  const primaryKey = getState('cache_primary_key')
-  const cachePath = getState('cache_path')
-
-  if (primaryKey === state) {
-    info(`Cache hit occurred on the primary key ${primaryKey}, not saving cache.`)
-    return
-  }
-
-  const cacheId = await saveCache([cachePath], primaryKey)
-  if (cacheId == -1) return
-
-  info(`Cache saved with the key: ${primaryKey}`)
-}

src/index.ts

@@ -1,39 +1,17 @@
-import { setFailed, saveState, getState } from '@actions/core'
-import restoreCache from './cache-restore'
-import saveCache from './cache-save'
-import getInputs, { Inputs } from './inputs'
+import { setFailed } from '@actions/core'
+import getInputs from './inputs'
 import installPnpm from './install-pnpm'
 import setOutputs from './outputs'
 import pnpmInstall from './pnpm-install'
 import pruneStore from './pnpm-store-prune'
 
 async function main() {
-  if (getState('is_post') === 'true') {
-    await runPost()
-  } else {
-    await runMain()
-  }
-}
-
-async function runMain() {
   const inputs = getInputs()
-  saveState('inputs', inputs)
-  saveState('is_post', 'true')
-
-  const binDest = await installPnpm(inputs)
-  if (binDest === undefined) return
+  await installPnpm(inputs)
   console.log('Installation Completed!')
-  setOutputs(inputs, binDest)
-
-  await restoreCache(inputs)
-
+  setOutputs(inputs)
   pnpmInstall(inputs)
-}
-
-async function runPost() {
-  const inputs = JSON.parse(getState('inputs')) as Inputs
   pruneStore(inputs)
-  await saveCache(inputs)
 }
 
 main().catch(error => {

src/inputs/index.ts

@@ -5,9 +5,8 @@ import { RunInstall, parseRunInstall } from './run-install'
 export interface Inputs {
   readonly version?: string
   readonly dest: string
-  readonly cache: boolean
-  readonly cacheDependencyPath: string
   readonly runInstall: RunInstall[]
+  readonly storePrune: boolean
   readonly packageJsonFile: string
   readonly standalone: boolean
 }
@@ -21,9 +20,8 @@ const parseInputPath = (name: string) => expandTilde(getInput(name, options))
 export const getInputs = (): Inputs => ({
   version: getInput('version'),
   dest: parseInputPath('dest'),
-  cache: getBooleanInput('cache'),
-  cacheDependencyPath: parseInputPath('cache_dependency_path'),
   runInstall: parseRunInstall('run_install'),
+  storePrune: getBooleanInput('store_prune'),
   packageJsonFile: parseInputPath('package_json_file'),
   standalone: getBooleanInput('standalone'),
 })

src/inputs/run-install.ts

@@ -1,5 +1,5 @@
 import { getInput, error } from '@actions/core'
-import { parse as parseYaml } from 'yaml'
+import * as yaml from 'yaml'
 import { z, ZodError } from 'zod'
 
 const RunInstallSchema = z.object({
@@ -20,7 +20,7 @@ export type RunInstall = z.infer<typeof RunInstallSchema>
 
 export function parseRunInstall(inputName: string): RunInstall[] {
   const input = getInput(inputName, { required: true })
-  const parsedInput: unknown = parseYaml(input)
+  const parsedInput: unknown = yaml.parse(input)
 
   try {
     const result: RunInstallInput = RunInstallInputSchema.parse(parsedInput)

src/install-pnpm/bootstrap/exe-lock.json

@@ -1,344 +0,0 @@
-{
-  "name": "bootstrap-exe",
-  "lockfileVersion": 3,
-  "requires": true,
-  "packages": {
-    "": {
-      "dependencies": {
-        "@pnpm/exe": "11.0.4"
-      }
-    },
-    "node_modules/@pnpm/exe": {
-      "version": "11.0.4",
-      "resolved": "https://registry.npmjs.org/@pnpm/exe/-/exe-11.0.4.tgz",
-      "integrity": "sha512-3OwYqbbj1KtuUqoMo5OEkY8nU/WutZ7L5ADFl0bbW9oyqU55U37aDqA3NJNSk28CyszNARfrjerAF2DW2TsV7w==",
-      "hasInstallScript": true,
-      "license": "MIT",
-      "dependencies": {
-        "@reflink/reflink": "0.1.19",
-        "detect-libc": "^2.0.3"
-      },
-      "bin": {
-        "pn": "pn",
-        "pnpm": "pnpm",
-        "pnpx": "pnpx",
-        "pnx": "pnx"
-      },
-      "funding": {
-        "url": "https://opencollective.com/pnpm"
-      },
-      "optionalDependencies": {
-        "@pnpm/linux-arm64": "11.0.4",
-        "@pnpm/linux-x64": "11.0.4",
-        "@pnpm/linuxstatic-arm64": "11.0.4",
-        "@pnpm/linuxstatic-x64": "11.0.4",
-        "@pnpm/macos-arm64": "11.0.4",
-        "@pnpm/macos-x64": "11.0.4",
-        "@pnpm/win-arm64": "11.0.4",
-        "@pnpm/win-x64": "11.0.4"
-      }
-    },
-    "node_modules/@pnpm/linux-arm64": {
-      "version": "11.0.4",
-      "resolved": "https://registry.npmjs.org/@pnpm/linux-arm64/-/linux-arm64-11.0.4.tgz",
-      "integrity": "sha512-Bz7V2sFypoGHX/t5w/w7jnCw5DCK3C8s5q8whHJJ3iS5kRznX3Q1F4LwSjjy+lsi777fHyNIvD7qtNmdt9IKoA==",
-      "cpu": [
-        "arm64"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "funding": {
-        "url": "https://opencollective.com/pnpm"
-      }
-    },
-    "node_modules/@pnpm/linux-x64": {
-      "version": "11.0.4",
-      "resolved": "https://registry.npmjs.org/@pnpm/linux-x64/-/linux-x64-11.0.4.tgz",
-      "integrity": "sha512-u0Yn1gytR1vKdPk6fYF500H8ZWQlj0cTuIQPp+5GYVPkMmA5bSw41RNIDPBfjDlE8ERmQWaQcrgmTcmTZ+n22A==",
-      "cpu": [
-        "x64"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "funding": {
-        "url": "https://opencollective.com/pnpm"
-      }
-    },
-    "node_modules/@pnpm/linuxstatic-arm64": {
-      "version": "11.0.4",
-      "resolved": "https://registry.npmjs.org/@pnpm/linuxstatic-arm64/-/linuxstatic-arm64-11.0.4.tgz",
-      "integrity": "sha512-0aitEcfhWNXNZhfJGt/kJaRvfcdtJzXZpV+toJN94kfawSJnhuawfnUSXMi/3m0G97HkJc7BH8rOz3sojUKt0g==",
-      "cpu": [
-        "arm64"
-      ],
-      "libc": [
-        "musl"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "funding": {
-        "url": "https://opencollective.com/pnpm"
-      }
-    },
-    "node_modules/@pnpm/linuxstatic-x64": {
-      "version": "11.0.4",
-      "resolved": "https://registry.npmjs.org/@pnpm/linuxstatic-x64/-/linuxstatic-x64-11.0.4.tgz",
-      "integrity": "sha512-xDJdeJ7D2YvDBy2/IH9lEqMKiSuZiV8190XKWOgQgxUGGeuW4z3j6Ewpl0S5bXsWuNjAgC+uCKp7Qp3P7cXAvw==",
-      "cpu": [
-        "x64"
-      ],
-      "libc": [
-        "musl"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "funding": {
-        "url": "https://opencollective.com/pnpm"
-      }
-    },
-    "node_modules/@pnpm/macos-arm64": {
-      "version": "11.0.4",
-      "resolved": "https://registry.npmjs.org/@pnpm/macos-arm64/-/macos-arm64-11.0.4.tgz",
-      "integrity": "sha512-dNR69jUARtGFuyyLE9VuyxhRUKC8MO/7/xIyAdeIMZAD5ej0Y/Ct0DYCa/FLbgFL1nXaXmp4+gRMfJBkkrKfQQ==",
-      "cpu": [
-        "arm64"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
-      "funding": {
-        "url": "https://opencollective.com/pnpm"
-      }
-    },
-    "node_modules/@pnpm/macos-x64": {
-      "version": "11.0.4",
-      "resolved": "https://registry.npmjs.org/@pnpm/macos-x64/-/macos-x64-11.0.4.tgz",
-      "integrity": "sha512-RfyrxSBajeEU16dZsgFjbdagDV9F4HNCJfbBgm8IbGjL0+J95naM/VmCDLd6S3+1tISeI2MxtcyCxqjKJsD/BA==",
-      "cpu": [
-        "x64"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
-      "funding": {
-        "url": "https://opencollective.com/pnpm"
-      }
-    },
-    "node_modules/@pnpm/win-arm64": {
-      "version": "11.0.4",
-      "resolved": "https://registry.npmjs.org/@pnpm/win-arm64/-/win-arm64-11.0.4.tgz",
-      "integrity": "sha512-fOQEv8b9KxZlUAxPPXSQQUUIrt2nY24Qwd4RzCPpatacBnsE4JIadlr/B4V5z2zFxmV7FdHr7nYUhv2RqTlY/w==",
-      "cpu": [
-        "arm64"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ],
-      "funding": {
-        "url": "https://opencollective.com/pnpm"
-      }
-    },
-    "node_modules/@pnpm/win-x64": {
-      "version": "11.0.4",
-      "resolved": "https://registry.npmjs.org/@pnpm/win-x64/-/win-x64-11.0.4.tgz",
-      "integrity": "sha512-pErHAV8m3NZuPSeCmH3senTSHX0nwkH5lLzQSpiFuyt08hq8sqL3jDymT4ri9N7ixPN9RFZghZIiT3h+Croaew==",
-      "cpu": [
-        "x64"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ],
-      "funding": {
-        "url": "https://opencollective.com/pnpm"
-      }
-    },
-    "node_modules/@reflink/reflink": {
-      "version": "0.1.19",
-      "resolved": "https://registry.npmjs.org/@reflink/reflink/-/reflink-0.1.19.tgz",
-      "integrity": "sha512-DmCG8GzysnCZ15bres3N5AHCmwBwYgp0As6xjhQ47rAUTUXxJiK+lLUxaGsX3hd/30qUpVElh05PbGuxRPgJwA==",
-      "license": "MIT",
-      "engines": {
-        "node": ">= 10"
-      },
-      "optionalDependencies": {
-        "@reflink/reflink-darwin-arm64": "0.1.19",
-        "@reflink/reflink-darwin-x64": "0.1.19",
-        "@reflink/reflink-linux-arm64-gnu": "0.1.19",
-        "@reflink/reflink-linux-arm64-musl": "0.1.19",
-        "@reflink/reflink-linux-x64-gnu": "0.1.19",
-        "@reflink/reflink-linux-x64-musl": "0.1.19",
-        "@reflink/reflink-win32-arm64-msvc": "0.1.19",
-        "@reflink/reflink-win32-x64-msvc": "0.1.19"
-      }
-    },
-    "node_modules/@reflink/reflink-darwin-arm64": {
-      "version": "0.1.19",
-      "resolved": "https://registry.npmjs.org/@reflink/reflink-darwin-arm64/-/reflink-darwin-arm64-0.1.19.tgz",
-      "integrity": "sha512-ruy44Lpepdk1FqDz38vExBY/PVUsjxZA+chd9wozjUH9JjuDT/HEaQYA6wYN9mf041l0yLVar6BCZuWABJvHSA==",
-      "cpu": [
-        "arm64"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@reflink/reflink-darwin-x64": {
-      "version": "0.1.19",
-      "resolved": "https://registry.npmjs.org/@reflink/reflink-darwin-x64/-/reflink-darwin-x64-0.1.19.tgz",
-      "integrity": "sha512-By85MSWrMZa+c26TcnAy8SDk0sTUkYlNnwknSchkhHpGXOtjNDUOxJE9oByBnGbeuIE1PiQsxDG3Ud+IVV9yuA==",
-      "cpu": [
-        "x64"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@reflink/reflink-linux-arm64-gnu": {
-      "version": "0.1.19",
-      "resolved": "https://registry.npmjs.org/@reflink/reflink-linux-arm64-gnu/-/reflink-linux-arm64-gnu-0.1.19.tgz",
-      "integrity": "sha512-7P+er8+rP9iNeN+bfmccM4hTAaLP6PQJPKWSA4iSk2bNvo6KU6RyPgYeHxXmzNKzPVRcypZQTpFgstHam6maVg==",
-      "cpu": [
-        "arm64"
-      ],
-      "libc": [
-        "glibc"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@reflink/reflink-linux-arm64-musl": {
-      "version": "0.1.19",
-      "resolved": "https://registry.npmjs.org/@reflink/reflink-linux-arm64-musl/-/reflink-linux-arm64-musl-0.1.19.tgz",
-      "integrity": "sha512-37iO/Dp6m5DDaC2sf3zPtx/hl9FV3Xze4xoYidrxxS9bgP3S8ALroxRK6xBG/1TtfXKTvolvp+IjrUU6ujIGmA==",
-      "cpu": [
-        "arm64"
-      ],
-      "libc": [
-        "musl"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@reflink/reflink-linux-x64-gnu": {
-      "version": "0.1.19",
-      "resolved": "https://registry.npmjs.org/@reflink/reflink-linux-x64-gnu/-/reflink-linux-x64-gnu-0.1.19.tgz",
-      "integrity": "sha512-jbI8jvuYCaA3MVUdu8vLoLAFqC+iNMpiSuLbxlAgg7x3K5bsS8nOpTRnkLF7vISJ+rVR8W+7ThXlXlUQ93ulkw==",
-      "cpu": [
-        "x64"
-      ],
-      "libc": [
-        "glibc"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@reflink/reflink-linux-x64-musl": {
-      "version": "0.1.19",
-      "resolved": "https://registry.npmjs.org/@reflink/reflink-linux-x64-musl/-/reflink-linux-x64-musl-0.1.19.tgz",
-      "integrity": "sha512-e9FBWDe+lv7QKAwtKOt6A2W/fyy/aEEfr0g6j/hWzvQcrzHCsz07BNQYlNOjTfeytrtLU7k449H1PI95jA4OjQ==",
-      "cpu": [
-        "x64"
-      ],
-      "libc": [
-        "musl"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@reflink/reflink-win32-arm64-msvc": {
-      "version": "0.1.19",
-      "resolved": "https://registry.npmjs.org/@reflink/reflink-win32-arm64-msvc/-/reflink-win32-arm64-msvc-0.1.19.tgz",
-      "integrity": "sha512-09PxnVIQcd+UOn4WAW73WU6PXL7DwGS6wPlkMhMg2zlHHG65F3vHepOw06HFCq+N42qkaNAc8AKIabWvtk6cIQ==",
-      "cpu": [
-        "arm64"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@reflink/reflink-win32-x64-msvc": {
-      "version": "0.1.19",
-      "resolved": "https://registry.npmjs.org/@reflink/reflink-win32-x64-msvc/-/reflink-win32-x64-msvc-0.1.19.tgz",
-      "integrity": "sha512-E//yT4ni2SyhwP8JRjVGWr3cbnhWDiPLgnQ66qqaanjjnMiu3O/2tjCPQXlcGc/DEYofpDc9fvhv6tALQsMV9w==",
-      "cpu": [
-        "x64"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/detect-libc": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz",
-      "integrity": "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==",
-      "license": "Apache-2.0",
-      "engines": {
-        "node": ">=8"
-      }
-    }
-  }
-}

src/install-pnpm/bootstrap/pnpm-lock.json

@@ -1,30 +0,0 @@
-{
-  "name": "bootstrap-pnpm",
-  "lockfileVersion": 3,
-  "requires": true,
-  "packages": {
-    "": {
-      "dependencies": {
-        "pnpm": "11.0.4"
-      }
-    },
-    "node_modules/pnpm": {
-      "version": "11.0.4",
-      "resolved": "https://registry.npmjs.org/pnpm/-/pnpm-11.0.4.tgz",
-      "integrity": "sha512-CjlxZQB6AU7VKRmmHl9GxIubyohATDA+yuzGP2Le9WOJjTxril1epYEes5jP4DqwXaGlzpY/Em1erUwC+TuDww==",
-      "license": "MIT",
-      "bin": {
-        "pn": "bin/pnpm.mjs",
-        "pnpm": "bin/pnpm.mjs",
-        "pnpx": "bin/pnpx.mjs",
-        "pnx": "bin/pnpx.mjs"
-      },
-      "engines": {
-        "node": ">=22.13"
-      },
-      "funding": {
-        "url": "https://opencollective.com/pnpm"
-      }
-    }
-  }
-}

src/install-pnpm/index.ts

@@ -4,15 +4,13 @@ import runSelfInstaller from './run'
 
 export { runSelfInstaller }
 
-export async function install(inputs: Inputs): Promise<string | undefined> {
+export async function install(inputs: Inputs) {
   startGroup('Running self-installer...')
-  const { exitCode, binDest } = await runSelfInstaller(inputs)
+  const status = await runSelfInstaller(inputs)
   endGroup()
-  if (exitCode) {
-    setFailed(`Something went wrong, self-installer exits with code ${exitCode}`)
-    return undefined
+  if (status) {
+    return setFailed(`Something went wrong, self-installer exits with code ${status}`)
   }
-  return binDest
 }
 
 export default install

src/install-pnpm/run.ts

@@ -1,168 +1,90 @@
 import { addPath, exportVariable } from '@actions/core'
 import { spawn } from 'child_process'
-import { rm, writeFile, mkdir, symlink } from 'fs/promises'
-import { readFileSync, existsSync } from 'fs'
+import { rm, writeFile, mkdir, copyFile } from 'fs/promises'
+import { readFileSync } from 'fs'
 import path from 'path'
+import { execPath } from 'process'
 import util from 'util'
 import { Inputs } from '../inputs'
-import { parse as parseYaml } from 'yaml'
-import pnpmLock from './bootstrap/pnpm-lock.json'
-import exeLock from './bootstrap/exe-lock.json'
+import YAML from 'yaml'
 
-const BOOTSTRAP_PNPM_PACKAGE_JSON = JSON.stringify({ private: true, dependencies: { pnpm: pnpmLock.packages['node_modules/pnpm'].version } })
-const BOOTSTRAP_EXE_PACKAGE_JSON = JSON.stringify({ private: true, dependencies: { '@pnpm/exe': exeLock.packages['node_modules/@pnpm/exe'].version } })
+export async function runSelfInstaller(inputs: Inputs): Promise<number> {
+  const { version, dest, packageJsonFile, standalone } = inputs
+  const { GITHUB_WORKSPACE } = process.env
 
-export interface SelfInstallerResult {
-  exitCode: number
-  binDest: string
-}
-
-export async function runSelfInstaller(inputs: Inputs): Promise<SelfInstallerResult> {
-  const { version, dest, packageJsonFile } = inputs
-
-  // pnpm v11 requires Node >= 22.13; use standalone (exe) bootstrap which
-  // bundles its own Node.js when the system Node is too old
-  const systemNode = await getSystemNodeVersion()
-  const standalone = inputs.standalone || systemNode.major < 22 || (systemNode.major === 22 && systemNode.minor < 13)
-
-  // Install bootstrap pnpm via npm (integrity verified by committed lockfile)
+  // prepare self install
   await rm(dest, { recursive: true, force: true })
+  // create dest directory after removal
   await mkdir(dest, { recursive: true })
+  const pkgJson = path.join(dest, 'package.json')
+  // we have ensured the dest directory exists, we can write the file directly
+  await writeFile(pkgJson, JSON.stringify({ private: true }))
 
-  const lockfile = standalone ? exeLock : pnpmLock
-  const packageJson = standalone ? BOOTSTRAP_EXE_PACKAGE_JSON : BOOTSTRAP_PNPM_PACKAGE_JSON
-  await writeFile(path.join(dest, 'package.json'), packageJson)
-  await writeFile(path.join(dest, 'package-lock.json'), JSON.stringify(lockfile))
-
-  // Append the action's node directory to PATH so npm's
-  // `#!/usr/bin/env node` shebang resolves on runners (e.g. GHE
-  // self-hosted) where node isn't already on PATH. Append (not
-  // prepend) so a user-installed toolchain on PATH — e.g. from a
-  // prior `setup-node` step — keeps precedence; otherwise the
-  // runner-bundled node would shadow it and pair the user's npm
-  // with a mismatched node version. npm itself is resolved via
-  // PATH — on the GitHub Actions runner it is not co-located with
-  // `process.execPath`.
-  const nodeDir = path.dirname(process.execPath)
-  // On Windows, the PATH key casing varies; search case-insensitively.
-  const pathKey = Object.keys(process.env).find(k => k.toUpperCase() === 'PATH') ?? 'PATH'
-  const currentPath = process.env[pathKey]
-  const npmEnv = { ...process.env, [pathKey]: currentPath ? currentPath + path.delimiter + nodeDir : nodeDir }
-  const npmExitCode = await runCommand('npm', ['ci'], { cwd: dest, env: npmEnv })
-  if (npmExitCode !== 0) {
-    return { exitCode: npmExitCode, binDest: path.join(dest, 'node_modules', '.bin') }
-  }
-
-  // On Windows with standalone mode, npm's .bin shims can't properly
-  // execute the extensionless @pnpm/exe native binaries. Add the
-  // @pnpm/exe directory directly to PATH so pnpm.exe is found natively.
-  const pnpmHome = standalone && process.platform === 'win32'
-    ? path.join(dest, 'node_modules', '@pnpm', 'exe')
-    : path.join(dest, 'node_modules', '.bin')
-  // PNPM_HOME/bin is where `pnpm self-update` places the target version
-  // binary. It must have higher PATH precedence than pnpmHome (which
-  // contains the bootstrap binary) so the self-updated version is found
-  // first. The bootstrap pnpm is invoked via absolute path, not PATH,
-  // so this ordering does not affect the bootstrap step.
-  addPath(pnpmHome)
-  addPath(path.join(pnpmHome, 'bin'))
-  exportVariable('PNPM_HOME', pnpmHome)
-
-  // Ensure pnpm bin link exists — npm ci sometimes doesn't create it
-  if (process.platform !== 'win32') {
-    const pnpmBinLink = path.join(dest, 'node_modules', '.bin', 'pnpm')
-    if (!existsSync(pnpmBinLink)) {
-      await mkdir(path.join(dest, 'node_modules', '.bin'), { recursive: true })
-      const target = standalone
-        ? path.join('..', '@pnpm', 'exe', 'pnpm')
-        : path.join('..', 'pnpm', 'bin', 'pnpm.mjs')
-      await symlink(target, pnpmBinLink)
+  // copy .npmrc if it exists to install from custom registry
+  if (GITHUB_WORKSPACE) {
+    try {
+      await copyFile(path.join(GITHUB_WORKSPACE, '.npmrc'), path.join(dest, '.npmrc'))
+    } catch (error) {
+      // Swallow error if .npmrc doesn't exist
+      if (!util.types.isNativeError(error) || !('code' in error) || error.code !== 'ENOENT') throw error
     }
   }
 
-  const bootstrapPnpm = standalone
-    ? path.join(dest, 'node_modules', '@pnpm', 'exe', process.platform === 'win32' ? 'pnpm.exe' : 'pnpm')
-    : path.join(dest, 'node_modules', 'pnpm', 'bin', 'pnpm.mjs')
+  // prepare target pnpm
+  const target = await readTarget({ version, packageJsonFile, standalone })
+  const cp = spawn(execPath, [path.join(__dirname, 'pnpm.cjs'), 'install', target, '--no-lockfile'], {
+    cwd: dest,
+    stdio: ['pipe', 'inherit', 'inherit'],
+  })
 
-  // Self-update the bootstrap to the requested pnpm version. readTargetVersion
-  // either returns a value or throws, so this always runs.
-  const targetVersion = readTargetVersion({ version, packageJsonFile })
-  const cmd = standalone ? bootstrapPnpm : process.execPath
-  const args = standalone ? ['self-update', targetVersion] : [bootstrapPnpm, 'self-update', targetVersion]
-  const exitCode = await runCommand(cmd, args, { cwd: dest })
-  if (exitCode !== 0) {
-    return { exitCode, binDest: pnpmHome }
+  const exitCode = await new Promise<number>((resolve, reject) => {
+    cp.on('error', reject)
+    cp.on('close', resolve)
+  })
+  if (exitCode === 0) {
+    const pnpmHome = path.join(dest, 'node_modules/.bin')
+    addPath(pnpmHome)
+    exportVariable('PNPM_HOME', pnpmHome)
   }
-  // self-update writes the target pnpm/pnpx into PNPM_HOME/bin, leaving
-  // the bootstrap symlinks in pnpmHome pointing at the old version. Use
-  // PNPM_HOME/bin so consumers of the bin_dest output (e.g.
-  // `${steps.pnpm.outputs.bin_dest}/pnpm`) invoke the requested version.
-  //
-  // When the requested version resolves to the bootstrap version, self-update
-  // is a no-op and PNPM_HOME/bin is not created — fall back to pnpmHome,
-  // whose symlinks already point at the right version.
-  const updatedBinDir = path.join(pnpmHome, 'bin')
-  return { exitCode: 0, binDest: existsSync(updatedBinDir) ? updatedBinDir : pnpmHome }
+  return exitCode
 }
 
-function readTargetVersion(opts: {
+async function readTarget(opts: {
   readonly version?: string | undefined
   readonly packageJsonFile: string
-}): string {
-  const { version, packageJsonFile } = opts
+  readonly standalone: boolean
+}) {
+  const { version, packageJsonFile, standalone } = opts
   const { GITHUB_WORKSPACE } = process.env
 
-  let packageManager: string | undefined
-  let devEngines: { packageManager?: { name?: string; version?: string } } | undefined
+  let packageManager
 
   if (GITHUB_WORKSPACE) {
     try {
       const content = readFileSync(path.join(GITHUB_WORKSPACE, packageJsonFile), 'utf8');
-      const manifest = packageJsonFile.endsWith(".yaml")
-        ? parseYaml(content, { merge: true })
+      ({ packageManager } = packageJsonFile.endsWith(".yaml")
+        ? YAML.parse(content, { merge: true })
         : JSON.parse(content)
-      packageManager = manifest.packageManager
-      devEngines = manifest.devEngines
+      )
     } catch (error: unknown) {
       // Swallow error if package.json doesn't exist in root
       if (!util.types.isNativeError(error) || !('code' in error) || error.code !== 'ENOENT') throw error
     }
   }
 
-  // packageManager is always exact `pnpm@<version>[+<integrity>]` per spec.
-  // Strip the integrity hash for self-update.
-  const packageManagerVersion =
-    typeof packageManager === 'string' && packageManager.startsWith('pnpm@')
-      ? packageManager.slice('pnpm@'.length).split('+')[0]
-      : undefined
-
   if (version) {
-    if (packageManagerVersion && packageManagerVersion !== version) {
+    if (
+      typeof packageManager === 'string' &&
+      packageManager.startsWith('pnpm@') &&
+      packageManager.replace('pnpm@', '') !== version
+    ) {
       throw new Error(`Multiple versions of pnpm specified:
   - version ${version} in the GitHub Action config with the key "version"
   - version ${packageManager} in the package.json with the key "packageManager"
 Remove one of these versions to avoid version mismatch errors like ERR_PNPM_BAD_PM_VERSION`)
     }
 
-    return version
-  }
-
-  // Self-update the bootstrap pnpm to the version pinned in package.json so
-  // PATH-resolved `pnpm` (and the bin_dest output) reflect the target
-  // version. Without this, `pnpm store path` runs as the bootstrap and
-  // reports a different STORE_VERSION than the one the user's actual
-  // install writes to — breaking cache: true and actions/setup-node's
-  // `cache: pnpm` on cold caches (issue #233).
-  //
-  // devEngines.packageManager takes priority over packageManager, matching
-  // pnpm's getWantedPackageManager logic. `pnpm self-update` accepts both
-  // exact versions and semver ranges, so we pass either through directly.
-  if (devEngines?.packageManager?.name === 'pnpm' && devEngines.packageManager.version) {
-    return devEngines.packageManager.version
-  }
-
-  if (packageManagerVersion) {
-    return packageManagerVersion
+    return `${ standalone ? '@pnpm/exe' : 'pnpm' }@${version}`
   }
 
   if (!GITHUB_WORKSPACE) {
@@ -172,37 +94,22 @@ please run the actions/checkout before pnpm/action-setup.
 Otherwise, please specify the pnpm version in the action configuration.`)
   }
 
-  throw new Error(`No pnpm version is specified.
+  if (typeof packageManager !== 'string') {
+    throw new Error(`No pnpm version is specified.
 Please specify it by one of the following ways:
   - in the GitHub Action config with the key "version"
-  - in the package.json with the key "packageManager"
-  - in the package.json with the key "devEngines.packageManager"`)
-}
+  - in the package.json with the key "packageManager"`)
+  }
 
-function getSystemNodeVersion(): Promise<{ major: number; minor: number }> {
-  return new Promise((resolve) => {
-    const cp = spawn('node', ['--version'], { stdio: ['pipe', 'pipe', 'pipe'], shell: process.platform === 'win32' })
-    let output = ''
-    cp.stdout.on('data', (data: Buffer) => { output += data.toString() })
-    cp.on('close', () => {
-      const match = output.match(/^v(\d+)\.(\d+)/)
-      resolve(match ? { major: parseInt(match[1], 10), minor: parseInt(match[2], 10) } : { major: 0, minor: 0 })
-    })
-    cp.on('error', () => resolve({ major: 0, minor: 0 }))
-  })
-}
+  if (!packageManager.startsWith('pnpm@')) {
+    throw new Error('Invalid packageManager field in package.json')
+  }
 
-function runCommand(cmd: string, args: string[], opts: { cwd: string; env?: Record<string, string | undefined> }): Promise<number> {
-  return new Promise<number>((resolve, reject) => {
-    const cp = spawn(cmd, args, {
-      cwd: opts.cwd,
-      env: opts.env,
-      stdio: ['pipe', 'inherit', 'inherit'],
-      shell: process.platform === 'win32',
-    })
-    cp.on('error', reject)
-    cp.on('close', resolve)
-  })
+  if (standalone) {
+    return packageManager.replace('pnpm@', '@pnpm/exe@')
+  }
+
+  return packageManager
 }
 
 export default runSelfInstaller

src/outputs/index.ts

@@ -1,9 +1,10 @@
-import { setOutput } from '@actions/core'
+import { setOutput, addPath } from '@actions/core'
 import { Inputs } from '../inputs'
+import { getBinDest } from '../utils'
 
-export function setOutputs(inputs: Inputs, binDest: string) {
-  // NOTE: addPath is already called in installPnpm — do not call it again
-  // here, as a second addPath would shadow the correct entry on Windows.
+export function setOutputs(inputs: Inputs) {
+  const binDest = getBinDest(inputs)
+  addPath(binDest)
   setOutput('dest', inputs.dest)
   setOutput('bin_dest', binDest)
 }

src/pnpm-install/index.ts

@@ -1,8 +1,11 @@
 import { setFailed, startGroup, endGroup } from '@actions/core'
 import { spawnSync } from 'child_process'
 import { Inputs } from '../inputs'
+import { patchPnpmEnv } from '../utils'
 
 export function runPnpmInstall(inputs: Inputs) {
+  const env = patchPnpmEnv(inputs)
+
   for (const options of inputs.runInstall) {
     const args = ['install']
     if (options.recursive) args.unshift('recursive')
@@ -11,16 +14,11 @@ export function runPnpmInstall(inputs: Inputs) {
     const cmdStr = ['pnpm', ...args].join(' ')
     startGroup(`Running ${cmdStr}...`)
 
-    // spawnSync inherits process.env, which already has $PNPM_HOME/bin and
-    // $PNPM_HOME prepended via addPath() in install-pnpm. Do NOT pass a
-    // hand-patched env that adds node_modules/.bin to the front — on
-    // Windows standalone, .bin/pnpm.cmd is an npm shim pointing at the
-    // BOOTSTRAP pnpm, which would shadow the self-updated one and break
-    // newer-pnpm-only behavior.
     const { error, status } = spawnSync('pnpm', args, {
       stdio: 'inherit',
       cwd: options.cwd,
       shell: true,
+      env,
     })
 
     endGroup()

src/pnpm-store-prune/index.ts

@@ -1,19 +1,24 @@
 import { warning, startGroup, endGroup } from '@actions/core'
 import { spawnSync } from 'child_process'
 import { Inputs } from '../inputs'
+import { patchPnpmEnv } from '../utils'
 
 export function pruneStore(inputs: Inputs) {
   if (inputs.runInstall.length === 0) {
-    console.log('Pruning is unnecessary.')
+    console.log('No install commands were run, skipping pnpm store prune, remember to run it after pnpm install if caching the store.')
+    return
+  }
+
+  if (!inputs.storePrune) {
+    console.log('Store pruning is disabled, skipping pnpm store prune.')
     return
   }
 
   startGroup('Running pnpm store prune...')
-  // spawnSync inherits process.env (which has the right PATH from addPath
-  // in install-pnpm). See pnpm-install/index.ts for the rationale.
   const { error, status } = spawnSync('pnpm', ['store', 'prune'], {
     stdio: 'inherit',
     shell: true,
+    env: patchPnpmEnv(inputs),
   })
   endGroup()
 

src/utils/index.ts

@@ -0,0 +1,10 @@
+import path from 'path'
+import process from 'process'
+import { Inputs } from '../inputs'
+
+export const getBinDest = (inputs: Inputs): string => path.join(inputs.dest, 'node_modules', '.bin')
+
+export const patchPnpmEnv = (inputs: Inputs): NodeJS.ProcessEnv => ({
+  ...process.env,
+  PATH: getBinDest(inputs) + path.delimiter + process.env.PATH,
+})

tsconfig.json

@@ -1,19 +1,26 @@
+
 {
   "compilerOptions": {
     "target": "ES2022",
-    "module": "ESNext",
-    "moduleResolution": "bundler",
+    "module": "Node16",
     "resolveJsonModule": true,
     "lib": [
       "ES2023"
     ],
-    "noEmit": true,
+    "outDir": "./dist/tsc",
+    "preserveConstEnums": true,
+    "incremental": false,
+    "declaration": true,
+    "sourceMap": true,
+    "importHelpers": false,
     "strict": true,
     "pretty": true,
     "noUnusedLocals": true,
     "noUnusedParameters": true,
     "noImplicitReturns": true,
     "noFallthroughCasesInSwitch": true,
-    "esModuleInterop": true
+    "esModuleInterop": true,
+    "experimentalDecorators": true,
+    "emitDecoratorMetadata": true
   }
 }