Set registry to install pnpm from

[KnisterPeter]

Hi there,

is there a way to set the registry to install pnpm from? We do receive a lot of 429 errors from the public npm registry now. This happens while we try to install pnpm on github workflow runs.

[matanper]

same here I started caching the pnpm dest dir

    - name: Restore pnpm installation
      id: pnpm-cache
      uses: actions/cache@v4
      with:
        path: ~/.cache/setup-pnpm
        key: pnpm-bin-${{ runner.os }}-${{ runner.arch }}-v${{ inputs.pnpm-version }}

    - name: Add cached pnpm to PATH
      if: steps.pnpm-cache.outputs.cache-hit == 'true'
      shell: bash
      run: |
        # Match what pnpm action-setup does: binaries are in dest/node_modules/.bin
        PNPM_HOME=~/.cache/setup-pnpm/node_modules/.bin
        echo "$PNPM_HOME" >> "$GITHUB_PATH"
        echo "PNPM_HOME=$PNPM_HOME" >> "$GITHUB_ENV"

    - name: Setup pnpm (cache miss)
      if: steps.pnpm-cache.outputs.cache-hit != 'true'
      uses: pnpm/action-setup@v4
      with:
        dest: ~/.cache/setup-pnpm
        run_install: false

[MikevPeeren]

We are also receiving allot of 429 errors as of late

[BartJanvanAssen]

also receiving a lot of 429 recently.

[remihuigen]

We are not just seeing 429 but also an increase in 403

[MikevPeeren]

The issue stems from NPM, see the status page here:

https://status.npmjs.org/

And a thread at pnpm here:

https://github.com/pnpm/pnpm/issues/8953

[KnisterPeter]

@MikevPeeren thanks for pointing that out. Still it would make sense to allow this action to install e.g. via a proxy with a cached version to mitigate this kind of issues.

[benquarmby]

Does this action respect the local .npmrc file and its registry setting when installing PNPM? If so, that would be a viable workflow for our purposes since we use a private registry for everything.

In the age of supply chain attacks like the recent NPM breach, the ability to install package managers from a controlled internal registry is critical.

Edit: The answer is no, it does not observe a local .npmrc file and its registry setting when installing PNPM 😞

[Eynorey]

I raised a PR to add support for custom registry configuration via .npmrc.

Would that cover your needs or does anyone have a scenario where you need to differentiate between the registry used to install PNPM vs other packages?

[hllshiro]

I raised a PR to add support for custom registry configuration via .npmrc.我提出了一个通过 .npmrc 添加对自定义注册表配置的支持。

Would that cover your needs or does anyone have a scenario where you need to differentiate between the registry used to install PNPM vs other packages?这是否满足了您的需求，或者是否有人需要区分用于安装 PNPM 的注册表与其他包？

We have a completely offline development environment and deployed our own mirror, runners... previously using @actions/setup-nodejs and installing pnpm with npm, now we planning to switch to pnpm/action-setup, but it always downloads packages from a fixed address https//registry.npmjs.org/pnpm, which is seriously not what we expected.

I'm glad to see that there are relevant PRs to fix this, but it's a shame that it hasn't been merged so far.

[zkochan]

:ship: https://github.com/pnpm/action-setup/releases/tag/v4.2.0

[adam187]

It would be nice to be able to opt out from this behaviour with some option maybe, for us it cased the issue with installing pnpm since we have private registry but for a normal CI we're not authorising the registry since we just restore node_modules from cache and now we can't install pnpm form npm registry as it was before without adding additional authorisation.

So we would like to still be able to use private registry for application packages but still be able to install pnpm from npm registry.