shared-actions/cache/README.md

# cache

Composite wrapper around actions/cache pinned to a specific commit SHA to prevent supply chain attacks via tag or branch hijacking.

## Inputs

| Input | Required | Default | Description |
|-------|----------|---------|-------------|
| `path` | Yes | — | List of files, directories, and wildcard patterns to cache and restore |
| `key` | Yes | — | An explicit key for saving and restoring the cache |
| `restore-keys` | No | `''` | Ordered multiline string of prefix-matched keys used for restoring stale cache |
| `upload-chunk-size` | No | `''` | Chunk size in bytes used to split large files during upload |
| `enableCrossOsArchive` | No | `false` | Allow caches saved on one OS to be restored on another |
| `fail-on-cache-miss` | No | `false` | Fail the workflow if no cache entry is found |
| `lookup-only` | No | `false` | Check if a cache entry exists without downloading it |

## Outputs

| Output | Description |
|--------|-------------|
| `cache-hit` | `true` if an exact match was found for the primary key |

## Usage

```yaml
- name: Cache pnpm store
  uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/cache@cache-v1
  with:
    path: ~/.local/share/pnpm/store
    key: ${{ runner.os }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }}
    restore-keys: |
      ${{ runner.os }}-pnpm-
```

```yaml
- name: Cache node_modules
  id: node-modules-cache
  uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/cache@cache-v1
  with:
    path: node_modules
    key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}

- name: Install dependencies
  if: steps.node-modules-cache.outputs.cache-hit != 'true'
  run: npm ci
```

## Notes

- Pinned to `actions/cache` commit SHA `0057852b` (v4.3.0) to prevent supply chain attacks via tag or branch hijacking.
- Upstream action: [code.forgejo.org/actions/cache](https://code.forgejo.org/actions/cache).