ci: fix setup altering package-lock

[gergosimonyi]

This change was made as a "temporary fix" in #17407 for end-to-end tests. Let's see if we can remove it.

npm i here results in changes to web/package-lock.json in many workflows, for example when tagging a new release. In 2026.2.0-rc3 it caused a change that broke the lockfile so badly it couldn't be npm cid after in the release workflow.

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	3ab3c56
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/69945418738fa00008d6cd5f
😎 Deploy Preview	https://deploy-preview-20348--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.27%. Comparing base (e056dbd) to head (3ab3c56).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #20348      +/-   ##
==========================================
- Coverage   93.32%   93.27%   -0.05%     
==========================================
  Files         981      981              
  Lines       55134    55134              
==========================================
- Hits        51454    51428      -26     
- Misses       3680     3706      +26     

Flag	Coverage Δ
conformance	37.46% <ø> (+<0.01%)	⬆️
e2e	43.27% <ø> (-0.01%)	⬇️
integration	22.39% <ø> (-0.05%)	⬇️
unit	91.52% <ø> (+<0.01%)	⬆️
unit-migrate	91.56% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-3ab3c56751d710f59a69dd65ce6a178a6463a1ee
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-3ab3c56751d710f59a69dd65ce6a178a6463a1ee

Afterwards, run the upgrade commands from the latest release notes.

[authentik-automation]

⚠️ Cherry-pick to version-2025.8 has conflicts: #20350

[authentik-automation]

⚠️ Cherry-pick to version-2025.10 has conflicts: #20351

[authentik-automation]

⚠️ Cherry-pick to version-2025.12 has conflicts: #20352

[authentik-automation]

🍒 Cherry-pick to version-2026.2 created: #20353