name: PNPM Build description: > Build and validate frontend using PNPM. inputs: working-directory: description: Directory containing package.json required: false default: "." node-version: description: Node.js version required: false default: "24" pnpm-version: description: pnpm version required: false default: "10.33" jfrog-token: description: JFrog npm auth token required: false default: "" nexus-token: description: Nexus npm auth token required: false default: "" run-scripts: description: Comma-separated list of pnpm run scripts required: false default: "ci,typecheck,build" frozen-lockfile: description: Pass --frozen-lockfile to pnpm install required: false default: "true" check-dedupe: description: Run pnpm dedupe --check required: false default: "true" runs: using: composite steps: # Pinned to commit SHA instead of a tag to prevent supply chain attacks. # actions/setup-node v4.4.0 — https://code.forgejo.org/actions/setup-node/commits/tag/v4.4.0 - name: Setup Node uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 with: node-version: ${{ inputs.node-version }} # Pinned to commit SHA instead of a tag to prevent supply chain attacks. # pnpm/action-setup v4.3.0 — https://code.forgejo.org/pnpm/action-setup/commits/tag/v4.3.0 - name: Install pnpm uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 env: # Override any registry configured in .npmrc (e.g. JFrog or Nexus). # pnpm/action-setup bootstraps itself via npm before pnpm is available, # so it must reach the public npm registry. Auth for private registries # is configured in a later step, after pnpm is installed. NPM_CONFIG_REGISTRY: https://registry.npmjs.org with: version: ${{ inputs.pnpm-version }} - name: Get pnpm store directory id: pnpm-store shell: bash run: echo "path=$(pnpm store path --silent)" >> "$GITHUB_OUTPUT" - name: Cache pnpm store uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/cache@cache-v1 with: path: ${{ steps.pnpm-store.outputs.path }} key: ${{ runner.os }}-pnpm-${{ inputs.pnpm-version }}-${{ hashFiles(format('{0}/pnpm-lock.yaml', inputs.working-directory)) }} restore-keys: ${{ runner.os }}-pnpm-${{ inputs.pnpm-version }}- - name: Configure JFrog registry authentication if: ${{ inputs.jfrog-token != '' }} shell: bash env: JFROG_TOKEN: ${{ inputs.jfrog-token }} run: | pnpm set registry https://schmalz.jfrog.io/artifactory/api/npm/default-npm/ pnpm set //schmalz.jfrog.io/artifactory/api/npm/default-npm/:_authToken "$JFROG_TOKEN" - name: Configure Nexus registry authentication if: ${{ inputs.nexus-token != '' }} shell: bash env: NEXUS_TOKEN: ${{ inputs.nexus-token }} run: | pnpm set registry https://nexus.schmalzgroup.com/repository/npm-all/ pnpm set //nexus.schmalzgroup.com/repository/npm-all/:_authToken "$NEXUS_TOKEN" - name: Build shell: bash env: PNPM_VERSION: ${{ inputs.pnpm-version }} WORKING_DIR: ${{ inputs.working-directory }} RUN_SCRIPTS: ${{ inputs.run-scripts }} FROZEN_LOCKFILE: ${{ inputs.frozen-lockfile }} CHECK_DEDUPE: ${{ inputs.check-dedupe }} run: | if [ "${CHECK_DEDUPE}" = "true" ]; then pnpm --prefix="${WORKING_DIR}" dedupe --check fi INSTALL_ARGS="" if [ "${FROZEN_LOCKFILE}" = "true" ]; then INSTALL_ARGS="--frozen-lockfile" fi pnpm --prefix="${WORKING_DIR}" install $INSTALL_ARGS IFS=',' read -ra SCRIPTS <<< "${RUN_SCRIPTS}" for script in "${SCRIPTS[@]}"; do pnpm --prefix="${WORKING_DIR}" run "${script}" done