Awesome
npm-install
GitHub Action for install npm dependencies with caching without any configuration
CI
<!-- prettier-ignore-start -->Example | Status |
---|---|
main | |
basic | |
shrinkwrap | |
Yarn | |
without lock file | |
subfolders | |
Node version |
Examples
Basic
This example should cover 95% of use cases.
If you use npm ci
or yarn --frozen-lockfile
on CI to install NPM dependencies - this Action is for you. Simply use it, and your NPM modules will be installed and the folder ~/.npm
or ~/.cache/yarn
will be cached. Typical use:
name: main
on: [push]
jobs:
build-and-test:
runs-on: ubuntu-latest
name: Build and test
steps:
- uses: actions/checkout@v4
- uses: bahmutov/npm-install@v1
- run: npm t
See bahmutov/npm-install-action-example .
Subfolders
If your repository contains packages in separate folders, install each one separately
repo/
app1/
package-lock.json
app2/
yarn.json
name: main
on: [push]
jobs:
build-and-test:
runs-on: ubuntu-latest
name: Build and test
steps:
- uses: actions/checkout@v4
- uses: bahmutov/npm-install@v1
with:
working-directory: app1
- uses: bahmutov/npm-install@v1
with:
working-directory: app2
- name: App1 tests
run: npm t
working-directory: app1
- name: Run app2
run: node .
working-directory: app2
See npm-install-monorepo-example .
You can also specify multiple subfolders in a single action; one subfolder per line.
name: main
on: [push]
jobs:
build-and-test:
runs-on: ubuntu-latest
name: Build and test
steps:
- uses: actions/checkout@v4
- uses: bahmutov/npm-install@v1
with:
working-directory: |
app1
app2
Use lock file
By default, this action will use a lock file like package-lock.json
, npm-shrinkwrap.json
or yarn.lock
. You can set useLockFile: false
to use just package.json
which might be better for building libraries.
- uses: bahmutov/npm-install@v1
with:
useLockFile: false
Use time-based rolling cache
By default, yarn and npm dependencies will be cached according to the exact hash of the lockfile (if enabled) or the package.json
. This will cause cache misses when the dependencies change, which can be slower than re-installing for big projects. To re-use the cache across runs with different lockfiles/dependencies, you can enable the useRollingCache
option, which will restore the cache from more keys. It will expire the cache once a month to keep it from growing too large, see the Cache Snowballing & Rolling Cache expiry below.
- uses: bahmutov/npm-install@v1
with:
useRollingCache: true
useRollingCache
is defaulted to false.
Production dependencies
You can install just the production dependencies (without installing dev dependencies) by setting an environment variable NODE_ENV
variable
- uses: bahmutov/npm-install@v1
env:
NODE_ENV: production
Custom install command
You can use your own install command
- uses: bahmutov/npm-install@v1
with:
install-command: yarn --frozen-lockfile --silent
See example-install-command.yml
Add cache prefix
If you are installing different individual tools, you might want to have different caches. You can insert custom cache prefix strings into the cache keys. For example, let's install two different tools, each cache will be separate.
- name: Install tool A
uses: bahmutov/npm-install@v1
with:
# use just package.json checksum
useLockFile: false
install-command: 'npm install tool-a'
cache-key-prefix: tool-a
- name: Install tool B
uses: bahmutov/npm-install@v1
with:
# use just package.json checksum
useLockFile: false
install-command: 'npm install tool-b'
cache-key-prefix: tool-b
The first cache will have key npm-tool-a-...
and the second cache will have key npm-tool-b-...
Node version
If you need to use a specific Node version, use the actions/setup-node before installing the dependencies.
- uses: actions/checkout@v4
# pick the Node version to use and install it
# https://github.com/actions/setup-node
- uses: actions/setup-node@v3
with:
node-version: 18
- uses: bahmutov/npm-install@v1
External examples
<!-- prettier-ignore-start -->Name | Description |
---|---|
npm-install-example | Shows how to use this action |
NPM
If you are writing your own GitHub Action and would like to use this action as a utility function, import it and run it.
const { npmInstallAction } = require('npm-install')
await npmInstallAction()
Debugging
You can see verbose messages from GitHub Actions by setting the following secrets (from Debugging Actions Guide)
ACTIONS_RUNNER_DEBUG: true
ACTIONS_STEP_DEBUG: true
Tip: environment variable ACTIONS_STEP_DEBUG
enables debug messages from this action itself, try it first.
Testing
Using Mocha and Sinon.js following the guide How to set up Mocha with Sinon.js. You can find the tests in test folder. In general:
- all environment inputs are done inside the action, so they can be stubbed and controlled during tests
- there are separate workflows in .github/workflows that match examples. Each workflow uses this action to install dependencies
Cache Snowballing & Rolling Cache expiry
By default, this action will cache dependencies using an exacty hashs of the lock file (like package-lock.json
, npm-shrinkwrap.json
or yarn.lock
). If you change any dependencies, there will be a cache miss. This is the default cache key strategy to avoid unbounded growth of the cache, as if you don't expire the cache, it will continue being added to. See this post for more details on this issue.
To get better cache hit rates without the cache size snowballing, you can turn on this action's useRollingCache
option, which will allow old caches to be re-used when your dependencies change, at the expense of some snowballing. Instead of letting the cache grow forever, this action resets it every month by including the current month in the cache key.
The rule of thumb is this: if re-installing your dependencies doesn't take very long, you can avoid superfluous cache restores by keeping useRollingCache
off. This is the recommended setup for small projects. For big projects where installing the dependencies takes a long time, and cache restores are faster, useRollingCache
will provide a performance improvement.
Links
- Do Not Let NPM Cache Snowball on CI blog post
- Trying GitHub Actions blog post
- GitHub Actions in Action slides
Small print
Author: Gleb Bahmutov <gleb.bahmutov@gmail.com> © 2019
License: MIT - do anything with the code, but don't blame me if it does not work.
Support: if you find any problems with this module, email / tweet / open issue on Github
MIT License
Copyright (c) 2019 Gleb Bahmutov <gleb.bahmutov@gmail.com>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.