fix: use a lockfile with the runtime dependency install step

[dbjorge]

Details

This PR updates our runtime dependency install step to use yarn install --frozen-lockfile with the same lockfile we use for builds.

Using --ignore-engines isn't really ideal, but it's consistent with the old behavior and we probably don't want to force an old node version as long as we're using a composite action and doing so would pollute the calling environment.

--ignore-optional is required to avoid double-installing puppeteer (apify has an optionalDependency on Puppeteer 5.3.0; yarn's default behavior is to install that in addition to our explicit 5.5.0 dependency)

Performance seems to be similar between the old strategy and the new:

• Check against old npm install shows 25.357s
• Check against new yarn install shows 24.24s

Motivation

addresses #632

Context

This is a draft while we validate the perf impact; locally, this is much slower than npm install

Pull request checklist

• Addresses an existing issue: addresses Action does not pin the versions of dependencies installed at runtime #632
• [n/a] Added relevant unit test for your changes. (yarn test)
• [n/a] Verified code coverage for the changes made. Check coverage report at: <rootDir>/test-results/unit/coverage
• Ran precheckin (yarn precheckin)
• (after PR created) The Accessibility Checks (pull_request) check should fail. All other checks should pass.

[codecov-commenter]

Codecov Report

Merging #633 (ae6ce75) into main (4f43a9a) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #633   +/-   ##
=======================================
  Coverage   94.81%   94.81%           
=======================================
  Files          25       25           
  Lines         559      559           
  Branches       54       54           
=======================================
  Hits          530      530           
  Misses         29       29           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4f43a9a...ae6ce75. Read the comment docs.

[github-actions]

Accessibility Insights Action

• URLs: 1 URL(s) failed, 3 URL(s) passed, and 0 were not scannable
• Rules: 5 check(s) failed, 11 check(s) passed, and 39 were not applicable
• Download the Accessibility Insights artifact to view the detailed results of these checks

Failed instances

• 3 × label: Ensures every form element has a label
• 1 × html-has-lang: Ensures every HTML document has a lang attribute
• 1 × image-alt: Ensures elements have alternate text or a role of none or presentation

---

This scan used axe-core 4.2.1 with Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36.