47313c388d
Updates yarn to the latest version 4.9.2 (from 4.4.0). Also removes the explicit `enableHardenedMode` from yarnrc as it significantly slows down installation. This is already enabled automatically for pull requests on Github, thus preventing lockfile poisoning where it's relevant. See <https://yarnpkg.com/features/security#hardened-mode>: > in most cases you won't even have to think about it - the hardened mode is enabled by default when Yarn detects it runs in a pull request from a public GitHub repository. It can additionally be enabled explicitly for specific CI jobs by using an environment variable, if desired: > The hardened mode can be set (or disabled) [...] by defining `YARN_ENABLE_HARDENED_MODE=1|0` in your environment variables If this is the case, yarn still recommends **not** enabling it everywhere: > **DANGER** > > The hardened mode makes installs significantly slower as Yarn has to query the registry to make sure the information contained in the lockfile are accurate. If your CI pipeline runs multiple jobs, we recommend disabling the hardened mode in all but one of them so as to limit the performance impact. --------- Co-authored-by: prastoin <paul@twenty.com>
43 lines
1.7 KiB
YAML
43 lines
1.7 KiB
YAML
name: Yarn Install
|
|
inputs:
|
|
node-version:
|
|
required: false
|
|
default: '22'
|
|
|
|
runs:
|
|
using: 'composite'
|
|
steps:
|
|
- name: Cache primary key builder
|
|
id: globals
|
|
shell: bash
|
|
run: |
|
|
echo "ACTION_SHELL=bash" >> "${GITHUB_OUTPUT}"
|
|
echo "CACHE_KEY_PREFIX=node_modules-cache-node-${{ inputs.node-version }}-${{ hashFiles('yarn.lock') }}" >> "${GITHUB_OUTPUT}"
|
|
echo 'PATH_TO_CACHE<<EOF' >> $GITHUB_OUTPUT
|
|
echo "node_modules" >> $GITHUB_OUTPUT
|
|
echo "packages/*/node_modules" >> $GITHUB_OUTPUT
|
|
echo 'EOF' >> $GITHUB_OUTPUT
|
|
- name: Setup Node.js and get yarn cache
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: ${{ inputs.node-version }}
|
|
- name: Restore node_modules
|
|
id: cache-node-modules
|
|
uses: actions/cache/restore@v4
|
|
with:
|
|
key: v4-${{ steps.globals.outputs.CACHE_KEY_PREFIX }}-${{github.sha}}
|
|
restore-keys: v4-${{ steps.globals.outputs.CACHE_KEY_PREFIX }}-
|
|
path: ${{ steps.globals.outputs.PATH_TO_CACHE }}
|
|
- name: Install Dependencies
|
|
if: ${{ steps.cache-node-modules.outputs.cache-hit != 'true' && steps.cache-node-modules.outputs.cache-matched-key == '' }}
|
|
shell: ${{ steps.globals.outputs.ACTION_SHELL }}
|
|
run: |
|
|
yarn config set enableHardenedMode true
|
|
yarn --immutable --check-cache
|
|
- name: Save cache
|
|
if: ${{ steps.cache-node-modules.outputs.cache-hit != 'true' && steps.cache-node-modules.outputs.cache-matched-key == '' }}
|
|
uses: actions/cache/save@v4
|
|
with:
|
|
key: ${{ steps.cache-node-modules.outputs.cache-primary-key }}
|
|
path: ${{ steps.globals.outputs.PATH_TO_CACHE }}
|