Support installation from custom NPM registry via .npmrc#179
Merged
zkochan merged 1 commit intopnpm:masterfrom Oct 8, 2025
Merged
Support installation from custom NPM registry via .npmrc#179zkochan merged 1 commit intopnpm:masterfrom
.npmrc#179zkochan merged 1 commit intopnpm:masterfrom
Conversation
benquarmby
reviewed
Sep 22, 2025
benquarmby
left a comment
There was a problem hiding this comment.
❤️ Love this.
My opinion doesn't matter a great deal, but I'm going to give it anyway 😜
3ea717c to
eee93a8
Compare
Contributor
Author
|
@zkochan @KSXGitHub would you mind taking a look when you get a chance, thanks! |
|
I have an environment where using the public registry is not an option due to security constraints, so being able to configure this installation to use our private registry is essential so thanks for doing this! |
KSXGitHub
reviewed
Oct 7, 2025
Collaborator
KSXGitHub
left a comment
There was a problem hiding this comment.
Alternatively, pnpm itself uses the package ini (with @types/ini for typing) to parse INI. That could be used instead of trying to reinvent the parser.
Member
|
Just copy the |
copy .npmrc from GitHub workspace if it exists so that PNPM respects custom registry configurations when self-installing
eee93a8 to
0ca63ec
Compare
Contributor
Author
|
Thank you everyone for taking a look, and thank you for the feedback!
That's so much more elegant, thank you for the suggestion! |
zkochan
approved these changes
Oct 7, 2025
KSXGitHub
approved these changes
Oct 7, 2025
1 task
LinnJS
added a commit
to suncoast-innovation-guild/action-setup
that referenced
this pull request
Feb 15, 2026
* Fix multiline run_install example in README.md (pnpm#167) * Remove --frozen-lockfile from examples (pnpm#171) * feat: support installation from custom NPM registry (pnpm#179) copy .npmrc from GitHub workspace if it exists so that PNPM respects custom registry configurations when self-installing * Update README.md (pnpm#175) fix the string run_install example * Remove unused `@types/node-fetch` dependency (pnpm#186) * Clarify that package_json_file is relative to GITHUB_WORKSPACE (pnpm#184) * Clarify that package_json_file is relative to GITHUB_WORKSPACE Clarify the description for package_json_file parameter to specify that the path must be relative to the repository root. * Apply suggestion from @zkochan --------- Co-authored-by: Zoltan Kochan <z@kochan.io> * feat: store caching (pnpm#188) * add pnpm store caching * style: format * no semicolons * no star imports * import order * style: no star imports --------- Co-authored-by: khai96_ <hvksmr1996@gmail.com> * refactor: remove star imports (pnpm#196) * fix(ci): exclude macos (pnpm#197) * ci: pin github actions (pnpm#199) * fix: regenerate lockfile to match package.json overrides * fix(security): override fast-xml-parser to >=5.3.4 Resolves GHSA-37qj-frw5-hhjh (RangeError DoS via numeric entities) in transitive dependency @actions/cache > @azure/storage-blob > @azure/core-xml > fast-xml-parser. * fix: resolve lint, build, and security audit failures - Fix prefer-const lint error in cache-restore/run.ts - Override undici to >=6.23.0 (GHSA-g9mf-h72j-4rw9) - Rebuild dist to match source changes * fix(ci): exclude dist from CodeQL analysis dist/index.js is generated by ncc bundling — CodeQL flags dependency code as security issues. Ignore the dist directory since it's not source code. --------- Co-authored-by: Matthias <matthias.dailey@gmail.com> Co-authored-by: Adrian Riedel <Eynorey@users.noreply.github.com> Co-authored-by: Roman Usherenko <roman.usherenko@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Chris Martin <ch.martin@gmail.com> Co-authored-by: Zoltan Kochan <z@kochan.io> Co-authored-by: Jeremiasz Major <jrh.mjr@gmail.com> Co-authored-by: khai96_ <hvksmr1996@gmail.com> Co-authored-by: Boosted-Bonobo <boostedbonobo1@outlook.com>
LinnJS
added a commit
to suncoast-innovation-guild/action-setup
that referenced
this pull request
Feb 15, 2026
* Fix multiline run_install example in README.md (pnpm#167) * Remove --frozen-lockfile from examples (pnpm#171) * feat: support installation from custom NPM registry (pnpm#179) copy .npmrc from GitHub workspace if it exists so that PNPM respects custom registry configurations when self-installing * Update README.md (pnpm#175) fix the string run_install example * Remove unused `@types/node-fetch` dependency (pnpm#186) * Clarify that package_json_file is relative to GITHUB_WORKSPACE (pnpm#184) * Clarify that package_json_file is relative to GITHUB_WORKSPACE Clarify the description for package_json_file parameter to specify that the path must be relative to the repository root. * Apply suggestion from @zkochan --------- Co-authored-by: Zoltan Kochan <z@kochan.io> * feat: store caching (pnpm#188) * add pnpm store caching * style: format * no semicolons * no star imports * import order * style: no star imports --------- Co-authored-by: khai96_ <hvksmr1996@gmail.com> * refactor: remove star imports (pnpm#196) * fix(ci): exclude macos (pnpm#197) * ci: pin github actions (pnpm#199) * fix: regenerate lockfile to match package.json overrides * fix(security): override fast-xml-parser to >=5.3.4 Resolves GHSA-37qj-frw5-hhjh (RangeError DoS via numeric entities) in transitive dependency @actions/cache > @azure/storage-blob > @azure/core-xml > fast-xml-parser. * fix: resolve lint, build, and security audit failures - Fix prefer-const lint error in cache-restore/run.ts - Override undici to >=6.23.0 (GHSA-g9mf-h72j-4rw9) - Rebuild dist to match source changes * fix(ci): exclude dist from CodeQL analysis dist/index.js is generated by ncc bundling — CodeQL flags dependency code as security issues. Ignore the dist directory since it's not source code. --------- Co-authored-by: Matthias <matthias.dailey@gmail.com> Co-authored-by: Adrian Riedel <Eynorey@users.noreply.github.com> Co-authored-by: Roman Usherenko <roman.usherenko@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Chris Martin <ch.martin@gmail.com> Co-authored-by: Zoltan Kochan <z@kochan.io> Co-authored-by: Jeremiasz Major <jrh.mjr@gmail.com> Co-authored-by: khai96_ <hvksmr1996@gmail.com> Co-authored-by: Boosted-Bonobo <boostedbonobo1@outlook.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related to #177.
This PR adds support for custom NPM registry configurations, allowing the action to install PNPM from there.
With this, the action copies a potential
.npmrcinto the destination directory from where PNPM runs self-install, respecting potential custom registry configurations.Note
I was also considering an action parameter, but this feels more natural - if you are already using a custom registry via
.npmrc, then you'll likely want your package manager to be fetched form there as well.But I could also see a parameter being helpful for some setups, perhaps even acting as an override to the
.npmrcregistry configuration. Maybe as a follow-up?Any feedback is greatly appreciated!