Action is not verified in Github Marketplace

[vincentwschau]

My company has recently tightened up the security settings for Github actions and only allowing verified Github actions to be run as part of our Github workflows. Are there any plans to verify the pnpm/action-setup@v2 action on Github Marketplace?

[shinebayar-g]

Came here to ask for this. Have you considered becoming a verified creator on Github Marketplace? Due to corporate policy we're not allowed to use 3rd party Actions.

[meadowsys]

hmm... https://docs.github.com/en/apps/publishing-apps-to-github-marketplace/github-marketplace-overview/about-marketplace-badges#for-github-actions

I suppose there is always the workaround of npm i -g pnpm

[toto6038]

I encountered the same problem due to policy on GitHub Action. Here's my workaround.

Workaround

Use actions/setup-node or other actions allowed in your repository and then run corepack commands to enable pnpm as the documentation states:

1. corepack enable
2. corepack prepare pnpm@latest --activate

Notice

One Should note that corepack prepare doesn't support npm semver, so you can't specify version constraint and expect it to select the appropriate one. You can only specify version number or use tags such as latest-8.

[moander]

The cache: pnpm option on actions/setup-node require pnpm to be present before setup, so in this case corepack cannot be used. I solved it using the following steps:

    - name: Install pnpm
      run: |
        eval export $(echo PNPM_HOME=$HOME/.pnpm | tee -a $GITHUB_ENV);
        echo "$PNPM_HOME" >> $GITHUB_PATH
        curl -fsSL https://get.pnpm.io/install.sh | bash -

    - name: Install node
      uses: actions/setup-node@v3
      with:
        node-version: '18'
        cache: 'pnpm'

    - run: pnpm i --frozen-lockfile

[KrohnicDev]

Any updates on this?