-
Notifications
You must be signed in to change notification settings - Fork 137
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support corepack's packageManager field #1973
Conversation
For users that have [corepack](https://nodejs.org/api/corepack.html) enabled, this will auto-install the version of pnpm that we expect. The Github action will respect this field as well, so we have a single source of truth.
@@ -1,8 +1,5 @@ | |||
name: CI | |||
|
|||
env: | |||
VOLTA_FEATURE_PNPM: 1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think that was used (anymore)!?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
correct, this was hanging around from before 👍
}, | ||
"packageManager": "pnpm@8.15.8+sha256.691fe176eea9a8a80df20e4976f3dfb44a04841ceb885638fe2a26174f81e65e" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does this need to have the +sha... suffix? 🤔
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also the action.yaml removed version 8 restriction is that correct when this 'pins' it to 8?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does this need to have the +sha... suffix?
I think so, this is what corepack has added automatically when running corepack use pnpm@8.x
also the action.yaml removed version 8 restriction is that correct when this 'pins' it to 8?
This is what my comment was referring to:
The Github action will respect this field as well, so we have a single source of truth.
the GH action will read that field, so you don't need to specify it twice. See https://github.com/pnpm/action-setup?tab=readme-ov-file#version
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It works without the sha -- it's an integrity check to prevent installing of a MITM-injected version of the package manager (like, DNS hijacking etc etc)
For users that have corepack enabled, this will auto-install the version of pnpm that we expect. The Github action will respect this field as well, so we have a single source of truth.