The distinction between `secrets.GITHUB_TOKEN` and `secrets.NPM_TOKEN` cost myself and a colleague numerous hours when we were trying to fix a GitHub Actions workflow which needed to install a private package from a different repository from our GitHub organisation. Given the issue dedicated to this point is closed, we should include a warning here to make it more clear why `secrets.GITHUB_TOKEN` will not work when passed to `npm ci`, in the presence of private packages from other GitHub Package repositories.
setup-node
This action provides the following functionality for GitHub Actions users:
- Optionally downloading and caching distribution of the requested Node.js version, and adding it to the PATH
- Optionally caching npm/yarn/pnpm dependencies
- Registering problem matchers for error output
- Configuring authentication for GPR or npm
Usage
See action.yml
Basic:
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
  with:
    node-version: 14
- run: npm ci
- run: npm test
The node-version input is optional. If not supplied, the node version from PATH will be used. However, it is recommended to always specify Node.js version and don't rely on the system one.
The action will first check the local cache for a semver match. If unable to find a specific version in the cache, the action will attempt to download a version of Node.js. It will pull LTS versions from node-versions releases and on miss or failure will fall back to the previous behavior of downloading directly from node dist.
For information regarding locally cached versions of Node.js on GitHub hosted runners, check out GitHub Actions Virtual Environments.
Supported version syntax
The node-version input supports the Semantic Versioning Specification, for more detailed examples please refer to the documentation.
Examples:
- Major versions: 12,14,16
- More specific versions: 10.15,14.2.0,16.3.0
- NVM LTS syntax: lts/erbium,lts/fermium,lts/*,lts/-n
- Latest release: *orlatest/current/node
Note: Like the other values, * will get the latest locally-cached Node.js version, or the latest version from actions/node-versions, depending on the check-latest input.
current/latest/node always resolve to the latest dist version.
That version is then downloaded from actions/node-versions if possible, or directly from Node.js if not.
Since it will not be cached always, there is possibility of hitting rate limit when downloading from dist
Checking in lockfiles
It's always recommended to commit the lockfile of your package manager for security and performance reasons. For more information consult the "Working with lockfiles" section of the Advanced usage guide.
Caching global packages data
The action has a built-in functionality for caching and restoring dependencies. It uses actions/cache under the hood for caching global packages data but requires less configuration settings. Supported package managers are npm, yarn, pnpm (v6.10+). The cache input is optional, and caching is turned off by default.
The action defaults to search for the dependency file (package-lock.json or yarn.lock) in the repository root, and uses its hash as a part of the cache key. Use cache-dependency-path for cases when multiple dependency files are used, or they are located in different subdirectories.
Note: The action does not cache node_modules
See the examples of using cache for yarn/pnpm and cache-dependency-path input in the Advanced usage guide.
Caching npm dependencies:
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
  with:
    node-version: 14
    cache: 'npm'
- run: npm ci
- run: npm test
Caching npm dependencies in monorepos:
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
  with:
    node-version: 14
    cache: 'npm'
    cache-dependency-path: subdir/package-lock.json
- run: npm ci
- run: npm test
Matrix Testing
jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node: [ 12, 14, 16 ]
    name: Node ${{ matrix.node }} sample
    steps:
      - uses: actions/checkout@v3
      - name: Setup node
        uses: actions/setup-node@v3
        with:
          node-version: ${{ matrix.node }}
      - run: npm ci
      - run: npm test
Advanced usage
- Check latest version
- Using a node version file
- Using different architectures
- Caching packages data
- Using multiple operating systems and architectures
- Publishing to npmjs and GPR with npm
- Publishing to npmjs and GPR with yarn
- Using private packages
License
The scripts and documentation in this project are released under the MIT License
Contributions
Contributions are welcome! See Contributor's Guide
Code of Conduct
👋 Be nice. See our code of conduct