actions/setup-node
actions/setup-node
1
0
Fork 0
mirror of https://github.com/actions/setup-node.git synced 2026-03-14 14:35:47 +01:00
Code Issues Projects Releases Packages Wiki Activity

feat: add cache-write input for read-only cache mode

Browse source 
Add a 'cache-write' input (default: true) that controls whether the cache
is saved at the end of the workflow. When set to 'false', the action will
restore cached dependencies but skip saving, providing a read-only cache
mode.

This is useful for preventing cache poisoning attacks from untrusted PR
builds while still benefiting from cached dependencies.
This commit is contained in:
Salman Chishti 2026-03-09 05:35:47 -07:00 committed by GitHub
commit 974c02c884
3 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
action.yml
View file

@ -25,6 +25,9 @@ inputs:
default: true default: true
cache-dependency-path: cache-dependency-path:
description: 'Used to specify the path to a dependency file: package-lock.json, yarn.lock, etc. Supports wildcards or a list of file names for caching multiple dependencies.' description: 'Used to specify the path to a dependency file: package-lock.json, yarn.lock, etc. Supports wildcards or a list of file names for caching multiple dependencies.'
cache-write:
description: 'Whether to save the cache at the end of the workflow. Set to false for cache read-only mode, useful for preventing cache poisoning from untrusted PR builds.'
default: true
mirror: mirror:
description: 'Used to specify an alternative mirror to download Node.js binaries from' description: 'Used to specify an alternative mirror to download Node.js binaries from'
mirror-token: mirror-token:

5
dist/cache-save/index.js vendored
View file

@ -71532,6 +71532,11 @@ process.on('uncaughtException', e => {
// Added early exit to resolve issue with slow post action step: // Added early exit to resolve issue with slow post action step:
async function run(earlyExit) { async function run(earlyExit) {
try { try {
const cacheWriteEnabled = core.getInput('cache-write');
if (cacheWriteEnabled === 'false') {
core.info('Cache write is disabled (read-only mode). Skipping cache save.');
return;
}
const cacheLock = core.getState(constants_1.State.CachePackageManager); const cacheLock = core.getState(constants_1.State.CachePackageManager);
if (cacheLock) { if (cacheLock) {
await cachePackages(cacheLock); await cachePackages(cacheLock);

6
src/cache-save.ts
View file

@ -16,6 +16,12 @@ process.on('uncaughtException', e => {
// Added early exit to resolve issue with slow post action step: // Added early exit to resolve issue with slow post action step:
export async function run(earlyExit?: boolean) { export async function run(earlyExit?: boolean) {
try { try {
const cacheWriteEnabled = core.getInput('cache-write');
if (cacheWriteEnabled === 'false') {
core.info('Cache write is disabled (read-only mode). Skipping cache save.');
return;
}
const cacheLock = core.getState(State.CachePackageManager); const cacheLock = core.getState(State.CachePackageManager);
if (cacheLock) { if (cacheLock) {