web-team/actions/setup-environment/action.yml at 938a430d3fbece7e04311a17a599a17c780cec30 · nodejs/web-team · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
name: "Setup Environment"
description: "A composite action to setup environment with security hardening, checkout, Node.js, and package manager"
inputs:
  pnpm:
    description: "Whether to use pnpm (true) or npm (false)"
    required: false
    default: "false"
  install-flags:
    description: "Additional installation flags"
    required: false
    default: ""
  ref:
    description: "The ref to checkout"
    required: false
    default: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.ref }}
  fetch-depth:
    description: "The fetch depth"
    required: false
    default: 1
  node-version:
    description: "Node.js version to setup"
    required: false
    default: "lts/*"
  use-version-file:
    description: "Whether to use .nvmrc file for Node.js version"
    required: false
    default: "false"
  registry-url:
    description: "Optional registry URL for Node.js setup"
    required: false
    default: ""
  token:
    description: "The token to use for checkout"
    required: false
    default: ${{ github.token }}

runs:
  using: "composite"
  steps:
    - name: Harden Runner
      uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
      with:
        egress-policy: audit

    - name: Checkout repository
      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      with:
        ref: ${{ inputs.ref }}
        fetch-depth: ${{ inputs.fetch-depth }}
        token: ${{ inputs.token }}

    - name: Setup pnpm
      if: inputs.pnpm == 'true'
      uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0

    - name: Setup Node.js (with version file)
      if: inputs.use-version-file == 'true'
      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
      with:
        node-version-file: ".nvmrc"
        registry-url: ${{ inputs.registry-url }}
        cache: ${{ inputs.pnpm == 'true' && 'pnpm' || 'npm' }}

    - name: Setup Node.js (with specified version)
      if: inputs.use-version-file != 'true'
      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
      with:
        node-version: ${{ inputs.node-version }}
        registry-url: ${{ inputs.registry-url }}
        cache: ${{ inputs.pnpm == 'true' && 'pnpm' || 'npm' }}

    - name: Install dependencies with pnpm
      if: inputs.pnpm == 'true'
      shell: bash
      run: pnpm install --frozen-lockfile ${{ inputs.install-flags }}

    - name: Install dependencies with npm
      if: inputs.pnpm != 'true'
      shell: bash
      run: npm ci ${{ inputs.install-flags }}