Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support corepack's packageManager field #1973

Merged
merged 2 commits into from
Jun 11, 2024
Merged

Support corepack's packageManager field #1973

merged 2 commits into from
Jun 11, 2024

Conversation

simonihmig
Copy link
Collaborator

For users that have corepack enabled, this will auto-install the version of pnpm that we expect. The Github action will respect this field as well, so we have a single source of truth.

For users that have [corepack](https://nodejs.org/api/corepack.html) enabled, this will auto-install the version of pnpm that we expect. The Github action will respect this field as well, so we have a single source of truth.
@simonihmig simonihmig marked this pull request as ready for review June 11, 2024 12:06
@@ -1,8 +1,5 @@
name: CI

env:
VOLTA_FEATURE_PNPM: 1
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think that was used (anymore)!?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

correct, this was hanging around from before 👍

},
"packageManager": "pnpm@8.15.8+sha256.691fe176eea9a8a80df20e4976f3dfb44a04841ceb885638fe2a26174f81e65e"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this need to have the +sha... suffix? 🤔

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also the action.yaml removed version 8 restriction is that correct when this 'pins' it to 8?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this need to have the +sha... suffix?

I think so, this is what corepack has added automatically when running corepack use pnpm@8.x

also the action.yaml removed version 8 restriction is that correct when this 'pins' it to 8?

This is what my comment was referring to:

The Github action will respect this field as well, so we have a single source of truth.

the GH action will read that field, so you don't need to specify it twice. See https://github.com/pnpm/action-setup?tab=readme-ov-file#version

Copy link
Collaborator

@NullVoxPopuli NullVoxPopuli Jun 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It works without the sha -- it's an integrity check to prevent installing of a MITM-injected version of the package manager (like, DNS hijacking etc etc)

@ef4 ef4 merged commit e5ef9b9 into main Jun 11, 2024
174 checks passed
@ef4 ef4 deleted the support-corepack branch June 11, 2024 14:16
@ef4 ef4 added the internal label Jun 11, 2024
@github-actions github-actions bot mentioned this pull request Jun 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

5 participants