Expand current syntax to support aliases for latest version (current/latest/node) (#483)

* Update README.md

* Update README.md

.github/workflows/versions.yml

@@ -139,3 +139,34 @@ jobs:
       - name: Verify node
         run: __tests__/verify-arch.sh "ia32"
         shell: bash
+
+  node-latest-aliases:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+        node-version: [current, latest, node]
+    steps:
+      - name: Get node version
+        run: |
+          latestNodeVersion=$(curl https://nodejs.org/dist/index.json | jq -r '. [0].version')
+          echo "::set-output name=LATEST_NODE_VERSION::$latestNodeVersion"
+        id: version
+        shell: bash
+      - uses: actions/checkout@v3
+      - name: Setup Node
+        uses: ./
+        with:
+          node-version: ${{ matrix.node-version }}
+      - name: Retrieve version after install
+        run: |
+          updatedVersion=$(echo $(node --version))
+          echo "::set-output name=NODE_VERSION_UPDATED::$updatedVersion"
+        id: updatedVersion
+        shell: bash
+      - name: Compare versions
+        if: ${{ steps.version.outputs.LATEST_NODE_VERSION != steps.updatedVersion.outputs.NODE_VERSION_UPDATED}}
+        run: |
+          echo "Latest node version failed to download."
+          exit 1

README.md

@@ -11,7 +11,7 @@ This action provides the following functionality for GitHub Actions users:
 - Registering problem matchers for error output
 - Configuring authentication for GPR or npm
 
-# Usage
+## Usage
 
 See [action.yml](action.yml)
 
@@ -22,8 +22,8 @@ steps:
 - uses: actions/checkout@v3
 - uses: actions/setup-node@v3
   with:
-    node-version: '14'
-- run: npm install
+    node-version: 14
+- run: npm ci
 - run: npm test
 ```
 
@@ -33,21 +33,30 @@ The action will first check the local cache for a semver match. If unable to fin
 
 For information regarding locally cached versions of Node.js on GitHub hosted runners, check out [GitHub Actions Virtual Environments](https://github.com/actions/virtual-environments).
 
-#### Supported version syntax
+### Supported version syntax
 
 The `node-version` input supports the following syntax:
 
 major versions: `12`, `14`, `16`
 more specific versions: `10.15`, `14.2.0`, `16.3.0`
 nvm lts syntax: `lts/erbium`, `lts/fermium`, `lts/*`
+latest release: `latest`/`current`/`node`
 
-## Caching packages dependencies
+**Note:** Since the latest release will not be cached always, there is possibility of hitting rate limit when downloading from dist
 
-The action has a built-in functionality for caching and restoring dependencies. It uses [actions/cache](https://github.com/actions/cache) under the hood for caching dependencies but requires less configuration settings. Supported package managers are `npm`, `yarn`, `pnpm` (v6.10+). The `cache` input is optional, and caching is turned off by default.
+### Checking in lockfiles
+
+It's **always** recommended to commit the lockfile of your package manager for security and performance reasons. For more information consult the "Working with lockfiles" section of the [Advanced usage](docs/advanced-usage.md#working-with-lockfiles) guide.
+
+## Caching global packages data
+
+The action has a built-in functionality for caching and restoring dependencies. It uses [actions/cache](https://github.com/actions/cache) under the hood for caching global packages data but requires less configuration settings. Supported package managers are `npm`, `yarn`, `pnpm` (v6.10+). The `cache` input is optional, and caching is turned off by default.
 
 The action defaults to search for the dependency file (`package-lock.json` or `yarn.lock`) in the repository root, and uses its hash as a part of the cache key. Use `cache-dependency-path` for cases when multiple dependency files are used, or they are located in different subdirectories.
 
-See the examples of using cache for `yarn` / `pnpm` and  `cache-dependency-path` input in the [Advanced usage](docs/advanced-usage.md#caching-packages-dependencies) guide.
+**Note:** The action does not cache `node_modules`
+
+See the examples of using cache for `yarn`/`pnpm` and `cache-dependency-path` input in the [Advanced usage](docs/advanced-usage.md#caching-packages-data) guide.
 
 **Caching npm dependencies:**
 
@@ -56,9 +65,9 @@ steps:
 - uses: actions/checkout@v3
 - uses: actions/setup-node@v3
   with:
-    node-version: '14'
+    node-version: 14
     cache: 'npm'
-- run: npm install
+- run: npm ci
 - run: npm test
 ```
 
@@ -69,14 +78,14 @@ steps:
 - uses: actions/checkout@v3
 - uses: actions/setup-node@v3
   with:
-    node-version: '14'
+    node-version: 14
     cache: 'npm'
     cache-dependency-path: subdir/package-lock.json
-- run: npm install
+- run: npm ci
 - run: npm test
 ```
 
-## Matrix Testing:
+## Matrix Testing
 
 ```yaml
 jobs:
@@ -84,7 +93,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node: [ '12', '14', '16' ]
+        node: [ 12, 14, 16 ]
     name: Node ${{ matrix.node }} sample
     steps:
       - uses: actions/checkout@v3
@@ -92,7 +101,7 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node }}
-      - run: npm install
+      - run: npm ci
       - run: npm test
 ```
 
@@ -101,20 +110,20 @@ jobs:
 1. [Check latest version](docs/advanced-usage.md#check-latest-version)
 2. [Using a node version file](docs/advanced-usage.md#node-version-file)
 3. [Using different architectures](docs/advanced-usage.md#architecture)
-4. [Caching packages dependencies](docs/advanced-usage.md#caching-packages-dependencies)
+4. [Caching packages data](docs/advanced-usage.md#caching-packages-data)
 5. [Using multiple operating systems and architectures](docs/advanced-usage.md#multiple-operating-systems-and-architectures)
 6. [Publishing to npmjs and GPR with npm](docs/advanced-usage.md#publish-to-npmjs-and-gpr-with-npm)
 7. [Publishing to npmjs and GPR with yarn](docs/advanced-usage.md#publish-to-npmjs-and-gpr-with-yarn)
 8. [Using private packages](docs/advanced-usage.md#use-private-packages)
 
-# License
+## License
 
 The scripts and documentation in this project are released under the [MIT License](LICENSE)
 
-# Contributions
+## Contributions
 
-Contributions are welcome!  See [Contributor's Guide](docs/contributors.md)
+Contributions are welcome! See [Contributor's Guide](docs/contributors.md)
 
 ## Code of Conduct
 
-:wave: Be nice.  See [our code of conduct](CODE_OF_CONDUCT.md)
+:wave: Be nice. See [our code of conduct](CODE_OF_CONDUCT.md)

__tests__/installer.test.ts

@@ -909,4 +909,30 @@ describe('setup-node', () => {
       );
     });
   });
+
+  describe('latest alias syntax', () => {
+    it.each(['latest', 'current', 'node'])(
+      'download the %s version if alias is provided',
+      async inputVersion => {
+        // Arrange
+        inputs['node-version'] = inputVersion;
+
+        os.platform = 'darwin';
+        os.arch = 'x64';
+
+        findSpy.mockImplementation(() => '');
+        getManifestSpy.mockImplementation(() => {
+          throw new Error('Unable to download manifest');
+        });
+
+        // Act
+        await main.run();
+
+        // assert
+        expect(logSpy).toHaveBeenCalledWith('Unable to download manifest');
+
+        expect(logSpy).toHaveBeenCalledWith('getting latest node version...');
+      }
+    );
+  });
 });

action.yml

@@ -1,35 +1,35 @@
 name: 'Setup Node.js environment'
-description: 'Setup a Node.js environment by adding problem matchers and optionally downloading and adding it to the PATH'
+description: 'Setup a Node.js environment by adding problem matchers and optionally downloading and adding it to the PATH.'
 author: 'GitHub'
 inputs:
   always-auth:
-    description: 'Set always-auth in npmrc'
+    description: 'Set always-auth in npmrc.'
     default: 'false'
   node-version:
-    description: 'Version Spec of the version to use.  Examples: 12.x, 10.15.1, >=10.15.0'
+    description: 'Version Spec of the version to use. Examples: 12.x, 10.15.1, >=10.15.0.'
   node-version-file:
-    description: 'File containing the version Spec of the version to use.  Examples: .nvmrc, .node-version'
+    description: 'File containing the version Spec of the version to use.  Examples: .nvmrc, .node-version.'
   architecture:
     description: 'Target architecture for Node to use. Examples: x86, x64. Will use system architecture by default.'
   check-latest:
-    description: 'Set this option if you want the action to check for the latest available version that satisfies the version spec'
+    description: 'Set this option if you want the action to check for the latest available version that satisfies the version spec.'
     default: false
   registry-url:
-    description: 'Optional registry to set up for auth. Will set the registry in a project level .npmrc and .yarnrc file, and set up auth to read in from env.NODE_AUTH_TOKEN'
+    description: 'Optional registry to set up for auth. Will set the registry in a project level .npmrc and .yarnrc file, and set up auth to read in from env.NODE_AUTH_TOKEN.'
   scope:
-    description: 'Optional scope for authenticating against scoped registries'
+    description: 'Optional scope for authenticating against scoped registries. Will fall back to the repository owner when using the GitHub Packages registry (https://npm.pkg.github.com/).'
   token:
     description: Used to pull node distributions from node-versions.  Since there's a default, this is typically not supplied by the user.
     default: ${{ github.token }}
   cache:
-    description: 'Used to specify a package manager for caching in the default directory. Supported values: npm, yarn, pnpm'
+    description: 'Used to specify a package manager for caching in the default directory. Supported values: npm, yarn, pnpm.'
   cache-dependency-path:
     description: 'Used to specify the path to a dependency file: package-lock.json, yarn.lock, etc. Supports wildcards or a list of file names for caching multiple dependencies.'
 # TODO: add input to control forcing to pull from cloud or dist. 
 #       escape valve for someone having issues or needing the absolute latest which isn't cached yet
 outputs:
   cache-hit: 
-    description: 'A boolean value to indicate if a cache was hit'
+    description: 'A boolean value to indicate if a cache was hit.'
 runs:
   using: 'node16'
   main: 'dist/setup/index.js'

dist/setup/index.js

@@ -62587,6 +62587,12 @@ function queryDistForMatch(versionSpec, arch = os.arch()) {
         }
         let versions = [];
         let nodeVersions = yield getVersionsFromDist();
+        if (versionSpec === 'current' ||
+            versionSpec === 'latest' ||
+            versionSpec === 'node') {
+            core.info(`getting latest node version...`);
+            return nodeVersions[0].version;
+        }
         nodeVersions.forEach((nodeVersion) => {
             // ensure this version supports your os and platform
             if (nodeVersion.files.indexOf(dataFileName) >= 0) {

docs/advanced-usage.md

@@ -1,4 +1,38 @@
-# Advanced usage
+## Working with lockfiles
+
+All supported package managers recommend that you **always** commit the lockfile, although implementations vary doing so generally provides the following benefits:
+
+- Enables faster installation for CI and production environments, due to being able to skip package resolution.
+- Describes a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies.
+- Provides a facility for users to "time-travel" to previous states of `node_modules` without having to commit the directory itself.
+- Facilitates greater visibility of tree changes through readable source control diffs.
+
+In order to get the most out of using your lockfile on continuous integration follow the conventions outlined below for your respective package manager.
+
+### NPM
+
+Ensure that `package-lock.json` is always committed, use `npm ci` instead of `npm install` when installing packages.
+
+**See also:**
+- [Documentation of `package-lock.json`](https://docs.npmjs.com/cli/v8/configuring-npm/package-lock-json)
+- [Documentation of `npm ci`](https://docs.npmjs.com/cli/v8/commands/npm-ci)
+
+### Yarn
+
+Ensure that `yarn.lock` is always committed, pass `--frozen-lockfile` to `yarn install` when installing packages.
+
+**See also:**
+- [Documentation of `yarn.lock`](https://classic.yarnpkg.com/en/docs/yarn-lock)
+- [Documentation of `--frozen-lockfile` option](https://classic.yarnpkg.com/en/docs/cli/install#toc-yarn-install-frozen-lockfile)
+- [QA - Should lockfiles be committed to the repoistory?](https://yarnpkg.com/getting-started/qa/#should-lockfiles-be-committed-to-the-repository)
+
+### PNPM
+
+Ensure that `pnpm-lock.yaml` is always committed, when on CI pass `--frozen-lockfile` to `pnpm install` when installing packages.
+
+**See also:**
+- [Working with Git - Lockfiles](https://pnpm.io/git#lockfiles)
+- [Documentation of `--frozen-lockfile` option](https://pnpm.io/cli/install#--frozen-lockfile)
 
 ## Check latest version
 
@@ -15,7 +49,7 @@ steps:
   with:
     node-version: '14'
     check-latest: true
-- run: npm install
+- run: npm ci
 - run: npm test
 ```
 
@@ -31,7 +65,7 @@ steps:
 - uses: actions/setup-node@v3
   with:
     node-version-file: '.nvmrc'
-- run: npm install
+- run: npm ci
 - run: npm test
 ```
 
@@ -51,11 +85,11 @@ jobs:
         with:
           node-version: '14'
           architecture: 'x64' # optional, x64 or x86. If not specified, x64 will be used by default
-      - run: npm install
+      - run: npm ci
       - run: npm test
 ```
 
-## Caching packages dependencies
+## Caching packages data
 The action follows [actions/cache](https://github.com/actions/cache/blob/main/examples.md#node---npm) guidelines, and caches global cache on the machine instead of `node_modules`, so cache can be reused between different Node.js versions.
 
 **Caching yarn dependencies:**
@@ -67,7 +101,7 @@ steps:
   with:
     node-version: '14'
     cache: 'yarn'
-- run: yarn install
+- run: yarn install --frozen-lockfile
 - run: yarn test
 ```
 
@@ -82,14 +116,14 @@ steps:
 
 steps:
 - uses: actions/checkout@v3
-- uses: pnpm/action-setup@646cdf48217256a3d0b80361c5a50727664284f2
+- uses: pnpm/action-setup@v2
   with:
-    version: 6.10.0
+    version: 6.32.9
 - uses: actions/setup-node@v3
   with:
     node-version: '14'
     cache: 'pnpm'
-- run: pnpm install
+- run: pnpm install --frozen-lockfile
 - run: pnpm test
 ```
 
@@ -102,7 +136,7 @@ steps:
     node-version: '14'
     cache: 'npm'
     cache-dependency-path: '**/package-lock.json'
-- run: npm install
+- run: npm ci
 - run: npm test
 ```
 
@@ -117,7 +151,7 @@ steps:
     cache-dependency-path: |
       server/app/package-lock.json
       frontend/app/package-lock.json
-- run: npm install
+- run: npm ci
 - run: npm test
 ```
 
@@ -152,7 +186,7 @@ jobs:
         with:
           node-version: ${{ matrix.node_version }}
           architecture: ${{ matrix.architecture }}
-      - run: npm install
+      - run: npm ci
       - run: npm test
 ```
 
@@ -164,7 +198,7 @@ steps:
   with:
     node-version: '14.x'
     registry-url: 'https://registry.npmjs.org'
-- run: npm install
+- run: npm ci
 - run: npm publish
   env:
     NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
@@ -184,7 +218,7 @@ steps:
   with:
     node-version: '14.x'
     registry-url: <registry url>
-- run: yarn install
+- run: yarn install --frozen-lockfile
 - run: yarn publish
   env:
     NODE_AUTH_TOKEN: ${{ secrets.YARN_TOKEN }}
@@ -206,7 +240,7 @@ steps:
     registry-url: 'https://registry.npmjs.org'
 # Skip post-install scripts here, as a malicious
 # script could steal NODE_AUTH_TOKEN.
-- run: npm install --ignore-scripts
+- run: npm ci --ignore-scripts
   env:
     NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 # `npm rebuild` will run all those post-install scripts for us.

src/installer.ts

@@ -373,6 +373,15 @@ async function queryDistForMatch(
   let versions: string[] = [];
   let nodeVersions = await getVersionsFromDist();
 
+  if (
+    versionSpec === 'current' ||
+    versionSpec === 'latest' ||
+    versionSpec === 'node'
+  ) {
+    core.info(`getting latest node version...`);
+    return nodeVersions[0].version;
+  }
+
   nodeVersions.forEach((nodeVersion: INodeVersion) => {
     // ensure this version supports your os and platform
     if (nodeVersion.files.indexOf(dataFileName) >= 0) {