 aparnajyothi-y
		
	
	49933ea528
	
	
	Bump @action/cache from 4.0.2 to 4.0.3 (#1262)
			aparnajyothi-y
		
	
	49933ea528
	
	
	Bump @action/cache from 4.0.2 to 4.0.3 (#1262)
		
			
			* Update versions.yml * Update versions.yml * actions/cache upgrade to 4.0.3 * events update * npm audit fix revert * npm adit fix revert
setup-node
This action provides the following functionality for GitHub Actions users:
- Optionally downloading and caching distribution of the requested Node.js version, and adding it to the PATH
- Optionally caching npm/yarn/pnpm dependencies
- Registering problem matchers for error output
- Configuring authentication for GPR or npm
Usage
See action.yml
- uses: actions/setup-node@v4
  with:
    # Version Spec of the version to use in SemVer notation.
    # It also admits such aliases as lts/*, latest, nightly and canary builds
    # Examples: 12.x, 10.15.1, >=10.15.0, lts/Hydrogen, 16-nightly, latest, node
    node-version: ''
    # File containing the version Spec of the version to use.  Examples: package.json, .nvmrc, .node-version, .tool-versions.
    # If node-version and node-version-file are both provided the action will use version from node-version. 
    node-version-file: ''
    # Set this option if you want the action to check for the latest available version 
    # that satisfies the version spec.
    # It will only get affect for lts Nodejs versions (12.x, >=10.15.0, lts/Hydrogen). 
    # Default: false
    check-latest: false
    # Target architecture for Node to use. Examples: x86, x64. Will use system architecture by default.
    # Default: ''. The action use system architecture by default 
    architecture: ''
    # Used to pull node distributions from https://github.com/actions/node-versions. 
    # Since there's a default, this is typically not supplied by the user. 
    # When running this action on github.com, the default value is sufficient. 
    # When running on GHES, you can pass a personal access token for github.com if you are experiencing rate limiting.
    #
    # We recommend using a service account with the least permissions necessary. Also
    # when generating a new PAT, select the least scopes necessary.
    #
    # [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
    #
    # Default: ${{ github.server_url == 'https://github.com' && github.token || '' }}
    token: ''
    # Used to specify a package manager for caching in the default directory. Supported values: npm, yarn, pnpm.
    # Package manager should be pre-installed
    # Default: ''
    cache: ''
    # Used to specify the path to a dependency file: package-lock.json, yarn.lock, etc. 
    # It will generate hash from the target file for primary key. It works only If cache is specified.  
    # Supports wildcards or a list of file names for caching multiple dependencies.
    # Default: ''
    cache-dependency-path: ''
    # Optional registry to set up for auth. Will set the registry in a project level .npmrc and .yarnrc file, 
    # and set up auth to read in from env.NODE_AUTH_TOKEN.
    # Default: ''
    registry-url: ''
    # Optional scope for authenticating against scoped registries. 
    # Will fall back to the repository owner when using the GitHub Packages registry (https://npm.pkg.github.com/).
    # Default: ''
    scope: ''
    # Set always-auth option in npmrc file.
    # Default: ''
    always-auth: ''
    # Optional mirror to download binaries from.
    # Artifacts need to match the official Node.js
    # Example:
    # V8 Canaray Build: <mirror_url>/download/v8-canary
    # RC Build: <mirror_url>/download/rc
    # Official: Build <mirror_url>/dist
    # Nightly build: <mirror_url>/download/nightly
    # Default: ''
    mirror: ''
    # Optional mirror token.
    # The token will be used as a bearer token in the Authorization header
    # Default: ''
    mirror-token: ''
Basic:
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
  with:
    node-version: 18
- run: npm ci
- run: npm test
The node-version input is optional. If not supplied, the node version from PATH will be used. However, it is recommended to always specify Node.js version and don't rely on the system one.
The action will first check the local cache for a semver match. If unable to find a specific version in the cache, the action will attempt to download a version of Node.js. It will pull LTS versions from node-versions releases and on miss or failure will fall back to the previous behavior of downloading directly from node dist.
For information regarding locally cached versions of Node.js on GitHub hosted runners, check out GitHub Actions Runner Images.
Supported version syntax
The node-version input supports the Semantic Versioning Specification, for more detailed examples please refer to the semver package documentation.
Examples:
- Major versions: 18,20
- More specific versions: 10.15,16.15.1,18.4.0
- NVM LTS syntax: lts/erbium,lts/fermium,lts/*,lts/-n
- Latest release: *orlatest/current/node
Note: Like the other values, * will get the latest locally-cached Node.js version, or the latest version from actions/node-versions, depending on the check-latest input.
current/latest/node always resolve to the latest dist version.
That version is then downloaded from actions/node-versions if possible, or directly from Node.js if not.
Since it will not be cached always, there is possibility of hitting rate limit when downloading from dist
Checking in lockfiles
It's always recommended to commit the lockfile of your package manager for security and performance reasons. For more information consult the "Working with lockfiles" section of the Advanced usage guide.
Caching global packages data
The action has a built-in functionality for caching and restoring dependencies. It uses actions/cache under the hood for caching global packages data but requires less configuration settings. Supported package managers are npm, yarn, pnpm (v6.10+). The cache input is optional, and caching is turned off by default.
The action defaults to search for the dependency file (package-lock.json, npm-shrinkwrap.json or yarn.lock) in the repository root, and uses its hash as a part of the cache key. Use cache-dependency-path for cases when multiple dependency files are used, or they are located in different subdirectories.
Note: The action does not cache node_modules
See the examples of using cache for yarn/pnpm and cache-dependency-path input in the Advanced usage guide.
Caching npm dependencies:
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
  with:
    node-version: 20
    cache: 'npm'
- run: npm ci
- run: npm test
Caching npm dependencies in monorepos:
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
  with:
    node-version: 20
    cache: 'npm'
    cache-dependency-path: subdir/package-lock.json
- run: npm ci
- run: npm test
Matrix Testing
jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node: [ 14, 16, 18 ]
    name: Node ${{ matrix.node }} sample
    steps:
      - uses: actions/checkout@v4
      - name: Setup node
        uses: actions/setup-node@v4
        with:
          node-version: ${{ matrix.node }}
      - run: npm ci
      - run: npm test
Using setup-node on GHES
setup-node comes pre-installed on the appliance with GHES if Actions is enabled. When dynamically downloading Nodejs distributions, setup-node downloads distributions from actions/node-versions on github.com (outside of the appliance). These calls to actions/node-versions are made via unauthenticated requests, which are limited to 60 requests per hour per IP. If more requests are made within the time frame, then you will start to see rate-limit errors during downloading that looks like: ##[error]API rate limit exceeded for.... After that error the action will try to download versions directly from the official site, but it also can have rate limit so it's better to put token.
To get a higher rate limit, you can generate a personal access token on github.com and pass it as the token input for the action:
uses: actions/setup-node@v4
with:
  token: ${{ secrets.GH_DOTCOM_TOKEN }}
  node-version: 20
If the runner is not able to access github.com, any Nodejs versions requested during a workflow run must come from the runner's tool cache. See "Setting up the tool cache on self-hosted runners without internet access" for more information.
Advanced usage
- Check latest version
- Using a node version file
- Using different architectures
- Using v8 canary versions
- Using nightly versions
- Using rc versions
- Caching packages data
- Using multiple operating systems and architectures
- Publishing to npmjs and GPR with npm
- Publishing to npmjs and GPR with yarn
- Using private packages
Recommended permissions
When using the setup-node action in your GitHub Actions workflow, it is recommended to set the following permissions to ensure proper functionality:
permissions:
  contents: read # access to check out code and install dependencies
License
The scripts and documentation in this project are released under the MIT License
Contributions
Contributions are welcome! See Contributor's Guide
Code of Conduct
👋 Be nice. See our code of conduct