Merge fc2e41dd00 into 65d868f8d4

Update Documentation for Lockfile (#1454 )
* update documentation for lockfile * Update adavance usage in README.md * Documentation update * Update lockfile documenation * fix coplilot suggestion
2026-03-07 06:51:46 +08:00 · 2025-12-19 20:24:57 -03:00 · 2025-12-18 10:49:55 -06:00 · 2025-10-30 15:10:30 +02:00
6 changed files with 30 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -148,7 +148,7 @@ Since it will not be cached always, there is possibility of hitting rate limit w

 ### Checking in lockfiles

-It's **always** recommended to commit the lockfile of your package manager for security and performance reasons. For more information consult the "Working with lockfiles" section of the [Advanced usage](docs/advanced-usage.md#working-with-lockfiles) guide.
+It's **strongly recommended** to commit the lockfile of your package manager for security and performance reasons. For more information consult the "Working with lockfiles" section of the [Advanced usage](docs/advanced-usage.md#working-with-lockfiles) guide.

 ## Caching global packages data

@ -249,6 +249,7 @@ If the runner is not able to access github.com, any Nodejs versions requested du
 - [Publishing to npmjs and GPR with npm](docs/advanced-usage.md#publish-to-npmjs-and-gpr-with-npm)
 - [Publishing to npmjs and GPR with yarn](docs/advanced-usage.md#publish-to-npmjs-and-gpr-with-yarn)
 - [Using private packages](docs/advanced-usage.md#use-private-packages)
+ - [Using private mirror](docs/advanced-usage.md#use-private-mirror)

 ## Recommended permissions

--- a/tests/main.test.ts
+++ b/tests/main.test.ts
@ -133,10 +133,11 @@ describe('main tests', () => {

  describe('printEnvDetailsAndSetOutput', () => {
    it.each([
-      [{node: '12.0.2', npm: '6.3.3', yarn: '1.22.11'}],
-      [{node: '16.0.2', npm: '7.3.3', yarn: '2.22.11'}],
-      [{node: '14.0.1', npm: '8.1.0', yarn: '3.2.1'}],
-      [{node: '17.0.2', npm: '6.3.3', yarn: ''}]
+      [{node: '12.0.2', npm: '6.3.3', yarn: '1.22.11', pnpm: ''}],
+      [{node: '16.0.2', npm: '7.3.3', yarn: '2.22.11', pnpm: ''}],
+      [{node: '14.0.1', npm: '8.1.0', yarn: '3.2.1', pnpm: ''}],
+      [{node: '17.0.2', npm: '6.3.3', yarn: '', pnpm: ''}],
+      [{node: '24.10.0', npm: '11.6.1', yarn: '', pnpm: '10.18.3'}]
    ])('Tools versions %p', async obj => {
      getExecOutputSpy.mockImplementation(async command => {
        if (Reflect.has(obj, command) && !obj[command]) {
--- a/dist/cache-save/index.js
+++ b/dist/cache-save/index.js
@ -89521,7 +89521,7 @@ exports.getNodeVersionFromFile = getNodeVersionFromFile;
 function printEnvDetailsAndSetOutput() {
    return __awaiter(this, void 0, void 0, function* () {
        core.startGroup('Environment details');
-        const promises = ['node', 'npm', 'yarn'].map((tool) => __awaiter(this, void 0, void 0, function* () {
+        const promises = ['node', 'npm', 'yarn', 'pnpm'].map((tool) => __awaiter(this, void 0, void 0, function* () {
            const pathTool = yield io.which(tool, false);
            const output = pathTool ? yield getToolVersion(tool, ['--version']) : '';
            return { tool, output };
--- a/dist/setup/index.js
+++ b/dist/setup/index.js
@ -100034,7 +100034,7 @@ exports.getNodeVersionFromFile = getNodeVersionFromFile;
 function printEnvDetailsAndSetOutput() {
    return __awaiter(this, void 0, void 0, function* () {
        core.startGroup('Environment details');
-        const promises = ['node', 'npm', 'yarn'].map((tool) => __awaiter(this, void 0, void 0, function* () {
+        const promises = ['node', 'npm', 'yarn', 'pnpm'].map((tool) => __awaiter(this, void 0, void 0, function* () {
            const pathTool = yield io.which(tool, false);
            const output = pathTool ? yield getToolVersion(tool, ['--version']) : '';
            return { tool, output };
--- a/docs/advanced-usage.md
+++ b/docs/advanced-usage.md
@ -1,6 +1,6 @@
 ## Working with lockfiles

-All supported package managers recommend that you **always** commit the lockfile, although implementations vary doing so generally provides the following benefits:
+Most supported package managers recommend that you **always** commit the lockfile, although implementations vary doing so generally provides the following benefits:

 - Enables faster installation for CI and production environments, due to being able to skip package resolution.
 - Describes a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies.
@ -35,6 +35,25 @@ Ensure that `pnpm-lock.yaml` is always committed, when on CI pass `--frozen-lock
 - [Working with Git - Lockfiles](https://pnpm.io/git#lockfiles)
 - [Documentation of `--frozen-lockfile` option](https://pnpm.io/cli/install#--frozen-lockfile)

+### Running without a lockfile
+
+If you choose not to use a lockfile, you must ensure that **caching is disabled**. The `cache` feature relies on the lockfile to generate a unique key for the cache entry.
+
+To run without a lockfile:
+1. Do not set the `cache` input.
+2. If your `package.json` contains a `packageManager` field set to npm (or devEngines.packageManager), automatic caching is enabled by default. Override this by setting `package-manager-cache: false`.
+
+```yaml
+steps:
+- uses: actions/checkout@v6
+- uses: actions/setup-node@v6
+  with:
+    node-version: '24'
+    package-manager-cache: false # Explicitly disable caching if you don't have a lockfile
+- run: npm install
+- run: npm test
+```
+
 ## Check latest version

 The `check-latest` flag defaults to `false`. When set to `false`, the action will first check the local cache for a semver match. If unable to find a specific version in the cache, the action will attempt to download a version of Node.js. It will pull LTS versions from [node-versions releases](https://github.com/actions/node-versions/releases) and on miss or failure will fall back to the previous behavior of downloading directly from [node dist](https://nodejs.org/dist/). Use the default or set `check-latest` to `false` if you prefer stability and if you want to ensure a specific version of Node.js is always used.
--- a/src/util.ts
+++ b/src/util.ts
@ -62,7 +62,7 @@ export function getNodeVersionFromFile(versionFilePath: string): string | null {

 export async function printEnvDetailsAndSetOutput() {
  core.startGroup('Environment details');
-  const promises = ['node', 'npm', 'yarn'].map(async tool => {
+  const promises = ['node', 'npm', 'yarn', 'pnpm'].map(async tool => {
    const pathTool = await io.which(tool, false);
    const output = pathTool ? await getToolVersion(tool, ['--version']) : '';
Author	SHA1	Message	Date
Marina Skripnik	4f12341d24	Merge `fc2e41dd00` into `65d868f8d4`	2025-12-19 20:24:57 -03:00
mahabaleshwars	65d868f8d4	Update Documentation for Lockfile (#1454 ) * update documentation for lockfile * Update adavance usage in README.md * Documentation update * Update lockfile documenation * fix coplilot suggestion	2025-12-18 10:49:55 -06:00
Maryna S	fc2e41dd00	Print pnpm in env details output	2025-10-30 15:10:30 +02:00