Update README to include yarn

A user indicated that it was not clear that the `setup-node` action took care of yarn, and tried using an incompatible third-party action.  Better specify that yarn is included above the fold.

.gitignore

@@ -1,2 +1,92 @@
+# Explicitly not ignoring node_modules so that they are included in package downloaded by runner
 !node_modules/
 __tests__/runner/*
+
+# Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+jspm_packages/
+
+# TypeScript v1 declaration files
+typings/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+.env.test
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+
+# next.js build output
+.next
+
+# nuxt.js build output
+.nuxt
+
+# vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/

README.md

@@ -4,10 +4,11 @@
   <a href="https://github.com/actions/setup-node"><img alt="GitHub Actions status" src="https://github.com/actions/setup-node/workflows/Main%20workflow/badge.svg"></a>
 </p>
 
-This action sets by node environment for use in actions by:
+This action sets up a node environment for use in actions, including npm and yarn.  It:
 
-- optionally downloading and caching a version of node - npm by version spec and add to PATH
-- registering problem matchers for error output 
+- sets up the specified version of node (downloading it if it's not already available)
+- adds node, npm and yarn to the PATH
+- registers problem matchers for error output 
 
 # Usage
 
@@ -16,7 +17,7 @@ See [action.yml](action.yml)
 Basic:
 ```yaml
 steps:
-- uses: actions/checkout@master
+- uses: actions/checkout@v1
 - uses: actions/setup-node@v1
   with:
     node-version: '10.x'
@@ -34,7 +35,7 @@ jobs:
         node: [ '10', '8' ]
     name: Node ${{ matrix.node }} sample
     steps:
-      - uses: actions/checkout@master
+      - uses: actions/checkout@v1
       - name: Setup node
         uses: actions/setup-node@v1
         with:
@@ -46,7 +47,7 @@ jobs:
 Publish to npmjs and GPR with npm:
 ```yaml
 steps:
-- uses: actions/checkout@master
+- uses: actions/checkout@v1
 - uses: actions/setup-node@v1
   with:
     node-version: '10.x'
@@ -66,12 +67,11 @@ steps:
 Publish to npmjs and GPR with yarn:
 ```yaml
 steps:
-- uses: actions/checkout@master
+- uses: actions/checkout@v1
 - uses: actions/setup-node@v1
   with:
     node-version: '10.x'
     registry-url: <registry url>
-- run: npm install -g yarn
 - run: yarn install
 - run: yarn publish
   env:
@@ -84,6 +84,24 @@ steps:
     NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 ```
 
+Use private packages:
+```yaml
+steps:
+- uses: actions/checkout@v1
+- uses: actions/setup-node@v1
+  with:
+    node-version: '10.x'
+    registry-url: 'https://registry.npmjs.org'
+# Skip post-install scripts here, as a malicious
+# script could steal NODE_AUTH_TOKEN.
+- run: npm install --ignore-scripts
+  env:
+    NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+# `npm rebuild` will run all those post-install scritps for us.
+- run: npm rebuild && npm run prepare --if-present
+```
+
+
 # License
 
 The scripts and documentation in this project are released under the [MIT License](LICENSE)

__tests__/__snapshots__/authutil.test.ts.snap

@@ -2,20 +2,30 @@
 
 exports[`installer tests Appends trailing slash to registry 1`] = `
 "//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}
-registry=https://registry.npmjs.org/"
+registry=https://registry.npmjs.org/
+always-auth=false"
 `;
 
 exports[`installer tests Automatically configures GPR scope 1`] = `
 "npm.pkg.github.com/:_authToken=\${NODE_AUTH_TOKEN}
-@ownername:registry=npm.pkg.github.com/"
+@ownername:registry=npm.pkg.github.com/
+always-auth=false"
 `;
 
 exports[`installer tests Configures scoped npm registries 1`] = `
 "//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}
-@myscope:registry=https://registry.npmjs.org/"
+@myscope:registry=https://registry.npmjs.org/
+always-auth=false"
+`;
+
+exports[`installer tests Sets up npmrc for always-auth true 1`] = `
+"//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}
+registry=https://registry.npmjs.org/
+always-auth=true"
 `;
 
 exports[`installer tests Sets up npmrc for npmjs 1`] = `
 "//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}
-registry=https://registry.npmjs.org/"
+registry=https://registry.npmjs.org/
+always-auth=false"
 `;

__tests__/authutil.test.ts

@@ -33,13 +33,13 @@ describe('installer tests', () => {
   });
 
   it('Sets up npmrc for npmjs', async () => {
-    await auth.configAuthentication('https://registry.npmjs.org/');
+    await auth.configAuthentication('https://registry.npmjs.org/', 'false');
     expect(fs.existsSync(rcFile)).toBe(true);
     expect(fs.readFileSync(rcFile, {encoding: 'utf8'})).toMatchSnapshot();
   });
 
   it('Appends trailing slash to registry', async () => {
-    await auth.configAuthentication('https://registry.npmjs.org');
+    await auth.configAuthentication('https://registry.npmjs.org', 'false');
 
     expect(fs.existsSync(rcFile)).toBe(true);
     expect(fs.readFileSync(rcFile, {encoding: 'utf8'})).toMatchSnapshot();
@@ -47,16 +47,22 @@ describe('installer tests', () => {
 
   it('Configures scoped npm registries', async () => {
     process.env['INPUT_SCOPE'] = 'myScope';
-    await auth.configAuthentication('https://registry.npmjs.org');
+    await auth.configAuthentication('https://registry.npmjs.org', 'false');
 
     expect(fs.existsSync(rcFile)).toBe(true);
     expect(fs.readFileSync(rcFile, {encoding: 'utf8'})).toMatchSnapshot();
   });
 
   it('Automatically configures GPR scope', async () => {
-    await auth.configAuthentication('npm.pkg.github.com');
+    await auth.configAuthentication('npm.pkg.github.com', 'false');
 
     expect(fs.existsSync(rcFile)).toBe(true);
     expect(fs.readFileSync(rcFile, {encoding: 'utf8'})).toMatchSnapshot();
   });
+
+  it('Sets up npmrc for always-auth true', async () => {
+    await auth.configAuthentication('https://registry.npmjs.org/', 'true');
+    expect(fs.existsSync(rcFile)).toBe(true);
+    expect(fs.readFileSync(rcFile, {encoding: 'utf8'})).toMatchSnapshot();
+  });
 });

action.yml

@@ -2,6 +2,9 @@ name: 'Setup Node.js environment'
 description: 'Setup a Node.js environment and add it to the PATH, additionally providing proxy support'
 author: 'GitHub'
 inputs:
+  always-auth:
+    description: 'Set always-auth in npmrc'
+    default: 'false'
   node-version:
     description: 'Version Spec of the version to use.  Examples: 10.x, 10.15.1, >=10.15.0'
     default: '10.x'
@@ -12,6 +15,7 @@ inputs:
 # Deprecated option, do not use. Will not be supported after October 1, 2019
   version:
     description: 'Deprecated. Use node-version instead. Will not be supported after October 1, 2019'
+    deprecationMessage: 'The version property will not be supported after October 1, 2019. Use node-version instead'
 runs:
   using: 'node12'
   main: 'lib/setup-node.js'

lib/authutil.js

@@ -12,15 +12,15 @@ const os = __importStar(require("os"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
 const github = __importStar(require("@actions/github"));
-function configAuthentication(registryUrl) {
+function configAuthentication(registryUrl, alwaysAuth) {
     const npmrc = path.resolve(process.env['RUNNER_TEMP'] || process.cwd(), '.npmrc');
     if (!registryUrl.endsWith('/')) {
         registryUrl += '/';
     }
-    writeRegistryToFile(registryUrl, npmrc);
+    writeRegistryToFile(registryUrl, npmrc, alwaysAuth);
 }
 exports.configAuthentication = configAuthentication;
-function writeRegistryToFile(registryUrl, fileLocation) {
+function writeRegistryToFile(registryUrl, fileLocation, alwaysAuth) {
     let scope = core.getInput('scope');
     if (!scope && registryUrl.indexOf('npm.pkg.github.com') > -1) {
         scope = github.context.repo.owner;
@@ -47,7 +47,8 @@ function writeRegistryToFile(registryUrl, fileLocation) {
     const registryString = scope
         ? `${scope}:registry=${registryUrl}`
         : `registry=${registryUrl}`;
-    newContents += `${authString}${os.EOL}${registryString}`;
+    const alwaysAuthString = `always-auth=${alwaysAuth}`;
+    newContents += `${authString}${os.EOL}${registryString}${os.EOL}${alwaysAuthString}`;
     fs.writeFileSync(fileLocation, newContents);
     core.exportVariable('NPM_CONFIG_USERCONFIG', fileLocation);
     // Export empty node_auth_token so npm doesn't complain about not being able to find it

lib/installer.js

@@ -25,7 +25,7 @@ const os = __importStar(require("os"));
 const path = __importStar(require("path"));
 const semver = __importStar(require("semver"));
 let osPlat = os.platform();
-let osArch = translateArchToDistUrl(os.arch());
+let osArch = os.arch();
 if (!tempDirectory) {
     let baseLocation;
     if (process.platform === 'win32') {
@@ -90,13 +90,13 @@ function queryLatestMatch(versionSpec) {
         let dataFileName;
         switch (osPlat) {
             case 'linux':
-                dataFileName = `linux-${osArch}`;
+                dataFileName = 'linux-' + osArch;
                 break;
             case 'darwin':
-                dataFileName = `osx-${osArch}-tar`;
+                dataFileName = 'osx-' + osArch + '-tar';
                 break;
             case 'win32':
-                dataFileName = `win-${osArch}-exe`;
+                dataFileName = 'win-' + osArch + '-exe';
                 break;
             default:
                 throw new Error(`Unexpected OS '${osPlat}'`);
@@ -149,10 +149,10 @@ function acquireNode(version) {
         //
         version = semver.clean(version) || '';
         let fileName = osPlat == 'win32'
-            ? `node-v${version}-win-${osArch}`
-            : `node-v${version}-${osPlat}-${osArch}`;
-        let urlFileName = osPlat == 'win32' ? `${fileName}.7z` : `${fileName}.tar.gz`;
-        let downloadUrl = `https://nodejs.org/dist/v${version}/${urlFileName}`;
+            ? 'node-v' + version + '-win-' + os.arch()
+            : 'node-v' + version + '-' + osPlat + '-' + os.arch();
+        let urlFileName = osPlat == 'win32' ? fileName + '.7z' : fileName + '.tar.gz';
+        let downloadUrl = 'https://nodejs.org/dist/v' + version + '/' + urlFileName;
         let downloadPath;
         try {
             downloadPath = yield tc.downloadTool(downloadUrl);
@@ -202,8 +202,8 @@ function acquireNodeFromFallbackLocation(version) {
         let exeUrl;
         let libUrl;
         try {
-            exeUrl = `https://nodejs.org/dist/v${version}/win-${osArch}/node.exe`;
-            libUrl = `https://nodejs.org/dist/v${version}/win-${osArch}/node.lib`;
+            exeUrl = `https://nodejs.org/dist/v${version}/win-${os.arch()}/node.exe`;
+            libUrl = `https://nodejs.org/dist/v${version}/win-${os.arch()}/node.lib`;
             const exePath = yield tc.downloadTool(exeUrl);
             yield io.cp(exePath, path.join(tempDir, 'node.exe'));
             const libPath = yield tc.downloadTool(libUrl);
@@ -225,13 +225,3 @@ function acquireNodeFromFallbackLocation(version) {
         return yield tc.cacheDir(tempDir, 'node', version);
     });
 }
-// os.arch does not always match the relative download url, e.g.
-// os.arch == 'arm' != node-v12.13.1-linux-armv7l.tar.gz
-function translateArchToDistUrl(arch) {
-    switch (arch) {
-        case 'arm':
-            return 'armv7l';
-        default:
-            return arch;
-    }
-}

lib/setup-node.js

@@ -35,8 +35,9 @@ function run() {
                 yield installer.getNode(version);
             }
             const registryUrl = core.getInput('registry-url');
+            const alwaysAuth = core.getInput('always-auth');
             if (registryUrl) {
-                auth.configAuthentication(registryUrl);
+                auth.configAuthentication(registryUrl, alwaysAuth);
             }
             // TODO: setup proxy from runner proxy config
             const matchersPath = path.join(__dirname, '..', '.github');

package-lock.json

@@ -3628,9 +3628,9 @@
       }
     },
     "lodash": {
-      "version": "4.17.11",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz",
-      "integrity": "sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==",
+      "version": "4.17.15",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
+      "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
       "dev": true
     },
     "lodash.get": {

src/authutil.ts

@@ -4,7 +4,7 @@ import * as path from 'path';
 import * as core from '@actions/core';
 import * as github from '@actions/github';
 
-export function configAuthentication(registryUrl: string) {
+export function configAuthentication(registryUrl: string, alwaysAuth: string) {
   const npmrc: string = path.resolve(
     process.env['RUNNER_TEMP'] || process.cwd(),
     '.npmrc'
@@ -13,10 +13,14 @@ export function configAuthentication(registryUrl: string) {
     registryUrl += '/';
   }
 
-  writeRegistryToFile(registryUrl, npmrc);
+  writeRegistryToFile(registryUrl, npmrc, alwaysAuth);
 }
 
-function writeRegistryToFile(registryUrl: string, fileLocation: string) {
+function writeRegistryToFile(
+  registryUrl: string,
+  fileLocation: string,
+  alwaysAuth: string
+) {
   let scope: string = core.getInput('scope');
   if (!scope && registryUrl.indexOf('npm.pkg.github.com') > -1) {
     scope = github.context.repo.owner;
@@ -45,7 +49,8 @@ function writeRegistryToFile(registryUrl: string, fileLocation: string) {
   const registryString: string = scope
     ? `${scope}:registry=${registryUrl}`
     : `registry=${registryUrl}`;
-  newContents += `${authString}${os.EOL}${registryString}`;
+  const alwaysAuthString: string = `always-auth=${alwaysAuth}`;
+  newContents += `${authString}${os.EOL}${registryString}${os.EOL}${alwaysAuthString}`;
   fs.writeFileSync(fileLocation, newContents);
   core.exportVariable('NPM_CONFIG_USERCONFIG', fileLocation);
   // Export empty node_auth_token so npm doesn't complain about not being able to find it

src/installer.ts

@@ -9,7 +9,7 @@ import * as path from 'path';
 import * as semver from 'semver';
 
 let osPlat: string = os.platform();
-let osArch: string = translateArchToDistUrl(os.arch());
+let osArch: string = os.arch();
 
 if (!tempDirectory) {
   let baseLocation;
@@ -86,13 +86,13 @@ async function queryLatestMatch(versionSpec: string): Promise<string> {
   let dataFileName: string;
   switch (osPlat) {
     case 'linux':
-      dataFileName = `linux-${osArch}`;
+      dataFileName = 'linux-' + osArch;
       break;
     case 'darwin':
-      dataFileName = `osx-${osArch}-tar`;
+      dataFileName = 'osx-' + osArch + '-tar';
       break;
     case 'win32':
-      dataFileName = `win-${osArch}-exe`;
+      dataFileName = 'win-' + osArch + '-exe';
       break;
     default:
       throw new Error(`Unexpected OS '${osPlat}'`);
@@ -150,11 +150,12 @@ async function acquireNode(version: string): Promise<string> {
   version = semver.clean(version) || '';
   let fileName: string =
     osPlat == 'win32'
-      ? `node-v${version}-win-${osArch}`
-      : `node-v${version}-${osPlat}-${osArch}`;
+      ? 'node-v' + version + '-win-' + os.arch()
+      : 'node-v' + version + '-' + osPlat + '-' + os.arch();
   let urlFileName: string =
-    osPlat == 'win32' ? `${fileName}.7z` : `${fileName}.tar.gz`;
-  let downloadUrl = `https://nodejs.org/dist/v${version}/${urlFileName}`;
+    osPlat == 'win32' ? fileName + '.7z' : fileName + '.tar.gz';
+
+  let downloadUrl = 'https://nodejs.org/dist/v' + version + '/' + urlFileName;
 
   let downloadPath: string;
 
@@ -209,8 +210,8 @@ async function acquireNodeFromFallbackLocation(
   let exeUrl: string;
   let libUrl: string;
   try {
-    exeUrl = `https://nodejs.org/dist/v${version}/win-${osArch}/node.exe`;
-    libUrl = `https://nodejs.org/dist/v${version}/win-${osArch}/node.lib`;
+    exeUrl = `https://nodejs.org/dist/v${version}/win-${os.arch()}/node.exe`;
+    libUrl = `https://nodejs.org/dist/v${version}/win-${os.arch()}/node.lib`;
 
     const exePath = await tc.downloadTool(exeUrl);
     await io.cp(exePath, path.join(tempDir, 'node.exe'));
@@ -231,17 +232,3 @@ async function acquireNodeFromFallbackLocation(
   }
   return await tc.cacheDir(tempDir, 'node', version);
 }
-
-// os.arch does not always match the relative download url, e.g.
-// os.arch == 'arm' != node-v12.13.1-linux-armv7l.tar.gz
-// All other currently supported architectures match, e.g.:
-//   os.arch = arm64 => https://nodejs.org/dist/v{VERSION}/node-v{VERSION}-{OS}-arm64.tar.gz
-//   os.arch = x64 => https://nodejs.org/dist/v{VERSION}/node-v{VERSION}-{OS}-x64.tar.gz
-function translateArchToDistUrl(arch: string): string {
-  switch (arch) {
-    case 'arm':
-      return 'armv7l';
-    default:
-      return arch;
-  }
-}

src/setup-node.ts

@@ -19,8 +19,9 @@ async function run() {
     }
 
     const registryUrl: string = core.getInput('registry-url');
+    const alwaysAuth: string = core.getInput('always-auth');
     if (registryUrl) {
-      auth.configAuthentication(registryUrl);
+      auth.configAuthentication(registryUrl, alwaysAuth);
     }
 
     // TODO: setup proxy from runner proxy config