fix(ci): use pnpm/action-setup to read packageManager from package.json

jdalton · jdalton · commit 939a6d973b6f · 2026-03-10T14:50:07.000-04:00
Replace socket-registry reusable workflow with inline setup that uses
pnpm/action-setup without specifying a version. This allows pnpm to
read the version from packageManager in package.json (10.32.0) instead
of using the hardcoded 10.21.0 from the reusable workflow.

This matches the pattern used in socket-btm.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,8 +1,5 @@
 name: 🚀 CI
 
-# Dependencies:
-#   - SocketDev/socket-registry/.github/workflows/ci.yml
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
@@ -59,29 +56,67 @@ jobs:
           echo "node=[\"$NODE_VERSION\"]" >> $GITHUB_OUTPUT
           echo "Loaded Node.js: $NODE_VERSION"
 
-  ci:
-    name: Run CI Pipeline
+  # Lint and type check jobs (run in parallel).
+  lint:
+    name: 🧹 Lint Check
     needs: versions
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
     permissions:
-      contents: read # Read repository contents for CI checks and build operations.
-    uses: SocketDev/socket-registry/.github/workflows/ci.yml@67a3db92603c23c58031586611c7cc852244c87c # main
-    with:
-      test-setup-script: 'pnpm --filter @socketsecurity/cli run build'
-      lint-script: 'pnpm --filter @socketsecurity/cli run check'
-      type-check-script: 'pnpm --filter @socketsecurity/cli run type'
-      run-test: false  # Tests run in separate sharded job below.
-      node-versions: ${{ inputs.node-versions || needs.versions.outputs.node }}
-      os-versions: '["ubuntu-latest"]'
-      fail-fast: false
-      max-parallel: 4
-      test-timeout-minutes: 15
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Setup Node.js
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        with:
+          node-version-file: .node-version
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Run lint
+        run: pnpm --filter @socketsecurity/cli run check
+
+  type-check:
+    name: 🔍 Type Check
+    needs: versions
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Setup Node.js
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        with:
+          node-version-file: .node-version
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Run type check
+        run: pnpm --filter @socketsecurity/cli run type
 
   # Sharded unit tests for faster CI.
   # Splits 2,819 tests across 3 shards (~16s per shard vs 48s monolithic).
   # Runs on Linux only to optimize CI runtime and build requirements.
   test-sharded:
     name: Unit Tests (Shard ${{ matrix.shard }}/3)
-    needs: [ci, versions]
+    needs: [lint, type-check, versions]
     runs-on: ubuntu-latest
     timeout-minutes: 10
     permissions:
@@ -93,10 +128,22 @@ jobs:
         node-version: ${{ fromJSON(inputs.node-versions || needs.versions.outputs.node) }}
         shard: [1, 2, 3]
     steps:
-      - uses: SocketDev/socket-registry/.github/actions/setup-and-install@67a3db92603c23c58031586611c7cc852244c87c # main
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Setup Node.js
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version: ${{ matrix.node-version }}
 
+      - name: Setup pnpm
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
       - name: Generate CLI build cache key
         id: cli-cache-key
         shell: bash
@@ -148,7 +195,7 @@ jobs:
   # Tests the JS distribution and optionally SEA/smol if cached binaries are available.
   integration:
     name: Integration Tests
-    needs: [ci, versions]
+    needs: [lint, type-check, versions]
     runs-on: ubuntu-latest
     timeout-minutes: 15
     permissions:
@@ -158,10 +205,22 @@ jobs:
       matrix:
         node-version: ${{ fromJSON(inputs.node-versions || needs.versions.outputs.node) }}
     steps:
-      - uses: SocketDev/socket-registry/.github/actions/setup-and-install@67a3db92603c23c58031586611c7cc852244c87c # main
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Setup Node.js
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version: ${{ matrix.node-version }}
 
+      - name: Setup pnpm
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
       - name: Generate CLI build cache key
         id: cli-cache-key
         shell: bash
@@ -347,7 +406,7 @@ jobs:
 
   e2e:
     name: E2E Tests (Shard ${{ matrix.shard }}/2)
-    needs: [ci, versions]
+    needs: [lint, type-check, versions]
     runs-on: ${{ matrix.os }}
     timeout-minutes: 15
     permissions:
@@ -360,10 +419,22 @@ jobs:
         os: [ubuntu-latest]
         shard: [1, 2]
     steps:
-      - uses: SocketDev/socket-registry/.github/actions/setup-and-install@67a3db92603c23c58031586611c7cc852244c87c # main
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Setup Node.js
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version: ${{ matrix.node-version }}
 
+      - name: Setup pnpm
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
       - name: Generate CLI build cache key
         id: cli-cache-key
         shell: bash
