Skip to content

chore(deps): update pnpm/action-setup action to v6 #282

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
benjamincanac merged 1 commit into from
May 20, 2026
Merged

chore(deps): update pnpm/action-setup action to v6 #282

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
uses: actions/checkout@v6

- name: Install pnpm
uses: pnpm/action-setup@v5
uses: pnpm/action-setup@v6

@coderabbitai coderabbitai Bot Apr 13, 2026
edited
Loading

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Verify tag exists
curl -sSfL https://api.github.com/repos/pnpm/action-setup/tags?per_page=100 \
  | jq -r '.[].name' | rg '^v6$' || {
    echo "Tag v6 not found for pnpm/action-setup"
    exit 1
  }

# Fetch action metadata for v5 and v6 and compare core fields
curl -sSfL https://raw.githubusercontent.com/pnpm/action-setup/v5/action.yml -o /tmp/pnpm-action-v5.yml
curl -sSfL https://raw.githubusercontent.com/pnpm/action-setup/v6/action.yml -o /tmp/pnpm-action-v6.yml

echo "=== v5: inputs ==="
yq '.inputs' /tmp/pnpm-action-v5.yml
echo "=== v6: inputs ==="
yq '.inputs' /tmp/pnpm-action-v6.yml

echo "=== v5: runs ==="
yq '.runs' /tmp/pnpm-action-v5.yml
echo "=== v6: runs ==="
yq '.runs' /tmp/pnpm-action-v6.yml

Repository: nuxt-ui-templates/dashboard

Length of output: 175

🌐 Web query:

pnpm/action-setup v6 release notes changelog

💡 Result:

pnpm/action-setup v6 was released recently (tags v6 and v6.0.0 exist as of 2026-04-13). No detailed release notes or changelog are available in the releases page snippets, which primarily detail earlier versions like v5.0.0 (updated to use Node.js 24) and v4.x changes (e.g., package.yaml support, caching, .npmrc registry, Node.js 24 updates). However, v6 is actively used, as evidenced by an open GitHub issue #225 from 2026-04-11 reporting a bug: "action-setup@v6 does not take the requested pnpm version into account" — it always installs pnpm v11 (specifically 11.0.0-beta.4-1) regardless of the 'version' input (e.g., version: 10 installs v11 instead). The official releases page is at https://github.com/pnpm/action-setup/releases. Latest listed release in some pages is v5.0.0 (2026-03-17), suggesting v6 may be a recent tag without full release notes yet or a pre-release/development version. Repository README examples use up to v5. For full details, check the GitHub releases page or compare commits between v5.0.0 and v6.0.0 tags directly on GitHub.

Citations:

Do not merge with pnpm/action-setup@v6 — known critical bug.

A critical bug exists in v6 (GitHub issue #225): the version input is ignored and v6 always installs pnpm v11 (11.0.0-beta.4-1), regardless of the requested version. If your workflow requires a specific pnpm version, revert to v5 or wait for v6 to be fixed. If version pinning is not required, ensure the implicit v11 installation is acceptable.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ci.yml at line 19, The workflow currently uses the broken
action reference "pnpm/action-setup@v6" which ignores the version input and
forces pnpm v11; change the action to a safe release (e.g.,
"pnpm/action-setup@v5") or another fixed tag, and explicitly set the "version"
input (for example version: '7' or whichever pinned pnpm you require) in the
step that calls the action to ensure the intended pnpm version is installed
instead of the v6 implicit v11.

@benjamincanac benjamincanac May 20, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@coderabbitai is this still the case?

@coderabbitai coderabbitai Bot May 20, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let me check the current status of that bug.

@benjamincanac, the situation has improved. The original bug (v6 ignoring the version input and always installing pnpm 11.0.0-beta.4-1) was present in the initial v6.0.0 release. However, the official pnpm CI documentation now recommends pnpm/action-setup@v6.0.5, indicating the issues have been addressed in patch releases.

Since the v6 floating tag resolves to the latest v6 patch (currently v6.0.5), the critical bug from the initial release should no longer affect you.

One note specific to your workflow: The ci.yml here does not specify a version input for the action. The v6 action supports omitting the version input if there is a packageManager field in package.json. If your package.json has "packageManager": "pnpm@..." set, this is fine. Otherwise, you may want to pin an explicit version, e.g.:

- name: Install pnpm
  uses: pnpm/action-setup@v6
  with:
    version: 10

The PR looks safe to merge as long as your project has a packageManager field in package.json, or you're okay with the pnpm version being resolved automatically.


- name: Install node
uses: actions/setup-node@v6
Expand Down