Add Example for Yarn v2 Zero-Installs to README

[Kurt-von-Laven]

It would be ideal to add Yarn v2 Zero-Installs to the README beneath Yarn v2, because the presently recommended approach does not apply when Zero-Installs is used. Yarn allows you to transparently check zipped versions of your dependencies into your repository directly. The --check-cache flag to yarn install is often omitted for performance reasons (or simply because it is not the default), but is an important security consideration. Fortunately, the cache action empowers you to cache an empty file signifying that you have checked the cache against the canonical registry, which can dramatically improve job performance. Here is an example of the GitHub Actions steps required in the Zero-Installs case:

      - name: Cache the fact that we have checked the yarn cache.
        id: yarn-cache
        uses: actions/[email protected]
        with:
          path: .cacheChecked
          key: yarn-${{ runner.os }}-${{ hashFiles('yarn.lock') }}
      - name: Install dependencies without refetching on cache hit.
        if: ${{ steps.yarn-cache.outputs.cache-hit == 'true' }}
        run: yarn install --immutable --immutable-cache
      - name: Install dependencies, refetching on cache miss for added security.
        if: ${{ steps.yarn-cache.outputs.cache-hit != 'true' }}
        run: |
          # See https://yarnpkg.com/features/zero-installs#does-it-have-security-implications
          yarn install --immutable --immutable-cache --check-cache
          touch .cacheChecked

[vsvipul]

@Kurt-von-Laven Would you like to open a PR for this change?

[bishal-pdMSFT]

Closing stale issue. Please create a PR and reactivate this issue if you would like to contribute to this.