fix: Selected version in package.json not being used by action

[djmurphy32]

This fixes an regression that was introduced in this change. In my testing pnpm was not using the version specified in the package.json from either the packageVersion or devEngines as expected, and was instead always using the version that was bootstrapped or the version specified in the action's options if defined.

This changes the logic to update the installed pnpm version to match the specified version by any of the action's version option, packageVersion, or devEngines and will error if there is conflicting versions between any of the 3.

This should resolve #225 and resolve #231

Summary by CodeRabbit

• Bug Fixes

  • Consistent handling when multiple pnpm versions are specified with clearer, consolidated conflict error messaging.
  • Returns undefined when no pnpm version can be determined, preventing ambiguous failures.

• Refactor

  • Consolidated detection and validation of pnpm version declarations across configuration sources for more predictable behavior.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: b0b74c20-5d5a-4d66-8272-77fc417b4dfd

📥 Commits

Reviewing files that changed from the base of the PR and between da754f8 and a36768e.

⛔ Files ignored due to path filters (1)

• dist/index.js is excluded by !**/dist/**

📒 Files selected for processing (1)

• src/install-pnpm/run.ts

✅ Files skipped from review due to trivial changes (1)

• src/install-pnpm/run.ts

---

📝 Walkthrough

Walkthrough

The readTargetVersion function in src/install-pnpm/run.ts now collects pnpm version candidates from three sources (inputs.version, packageJson.packageManager when it starts with pnpm@, and packageJson.devEngines.packageManager.version when its name is pnpm), de-duplicates them, throws if multiple distinct versions are present, and returns the single resolved version or undefined if none are found.

Changes

Version Candidate Consolidation

Layer / File(s)	Summary
Data Extraction src/install-pnpm/run.ts	Derives packageManagerVersion from packageJson.packageManager when it starts with pnpm@, and devEnginesVersion from packageJson.devEngines.packageManager.version when the name is pnpm.
Candidate Aggregation & Validation src/install-pnpm/run.ts	Gathers non-empty candidates (inputs.version, packageManagerVersion, devEnginesVersion) into a de-duplicated set; throws a consolidated "Multiple conflicting pnpm versions specified" error when more than one distinct version exists.
Return Behavior src/install-pnpm/run.ts	Returns undefined when no candidates are defined; otherwise returns the single selected version.
Cleanup src/install-pnpm/run.ts	Removes previous branching that returned early for provided version or emitted explicit errors for missing workspace or unspecified pnpm version.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hopped through three seeds in a tidy row,
I nudged out duplicates, made conflicts show.
One version chosen, none left to stew,
Quiet, neat logic — a carrot or two. 🥕

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main fix: enabling the action to use the pnpm version selected in package.json instead of ignoring it.
Linked Issues check	✅ Passed	The PR directly addresses issue #225 by updating logic to respect pnpm versions from action inputs, packageVersion, and devEngines, fixing the regression where specified versions were ignored.
Out of Scope Changes check	✅ Passed	All changes are scoped to the version resolution logic in readTargetVersion function, directly addressing the linked issue without introducing unrelated modifications.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Review rate limit: 8/10 reviews remaining, refill in 11 minutes and 16 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/install-pnpm/run.ts`:
- Around line 128-141: The code is currently treating empty strings as
"unspecified" by using filter(v => !!v); instead, explicitly validate each
candidate (version, packageManagerVersion, devEnginesVersion) for blank/empty
values and throw a descriptive Error when any candidate exists but is an empty
string (e.g., "packageManagerVersion is blank" or "devEnginesVersion is blank");
then build the Set only from validated non-blank values, keep the existing
conflict check using definedVersions, and return the single value as
before—reference the variables definedVersions, version, packageManagerVersion,
and devEnginesVersion to locate and update the logic.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 38d66848-c55b-4f52-b4ec-deb25fc38c29

📥 Commits

Reviewing files that changed from the base of the PR and between e578e19 and f33147b.

⛔ Files ignored due to path filters (1)

• dist/index.js is excluded by !**/dist/**

📒 Files selected for processing (1)

• src/install-pnpm/run.ts

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Do not silently ignore empty pnpm version values.

filter(v => !!v) drops empty strings, so a malformed packageManager: "pnpm@" or empty devEngines.packageManager.version is treated the same as “no version specified” and the action falls back to the bootstrap pnpm instead of failing fast. Please validate candidates explicitly and throw on blank values.

Proposed fix

-  const definedVersions = new Set([version, packageManagerVersion, devEnginesVersion].filter(v => !!v))
+  const candidateVersions = [version, packageManagerVersion, devEnginesVersion]
+  if (candidateVersions.some(v => v === '')) {
+    throw new Error('Invalid pnpm version specified')
+  }
+  const definedVersions = new Set(candidateVersions.filter((v): v is string => v !== undefined))

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const definedVersions = new Set([version, packageManagerVersion, devEnginesVersion].filter(v => !!v))
	if (definedVersions.size > 1) {
	throw new Error(`Multiple conflicting pnpm versions specified:
	- version ${version ?? "undefined"} in the GitHub Action config with the key "version"
	- version ${packageManagerVersion ?? "undefined"} in the package.json with the key "packageManager"
	- version ${devEnginesVersion ?? "undefined"} in the package.json with the key "devEngines.packageManager"
	Remove conflicting versions to avoid version mismatch errors like ERR_PNPM_BAD_PM_VERSION`)
	}
	// pnpm will automatically download and switch to the right version
	if (typeof packageManager === 'string' && packageManager.startsWith('pnpm@')) {
	if (definedVersions.size === 0) {
	return undefined
	}
	if (devEngines?.packageManager?.name === 'pnpm' && devEngines.packageManager.version) {
	return undefined
	}
	if (!GITHUB_WORKSPACE) {
	throw new Error(`No workspace is found.
	If you've intended to let pnpm/action-setup read preferred pnpm version from the "packageManager" field in the package.json file,
	please run the actions/checkout before pnpm/action-setup.
	Otherwise, please specify the pnpm version in the action configuration.`)
	}
	throw new Error(`No pnpm version is specified.
	Please specify it by one of the following ways:
	- in the GitHub Action config with the key "version"
	- in the package.json with the key "packageManager"
	- in the package.json with the key "devEngines.packageManager"`)
	return definedVersions.values().next().value
	const candidateVersions = [version, packageManagerVersion, devEnginesVersion]
	if (candidateVersions.some(v => v === '')) {
	throw new Error('Invalid pnpm version specified')
	}
	const definedVersions = new Set(candidateVersions.filter((v): v is string => v !== undefined))
	if (definedVersions.size > 1) {
	throw new Error(`Multiple conflicting pnpm versions specified:
	- version ${version ?? "undefined"} in the GitHub Action config with the key "version"
	- version ${packageManagerVersion ?? "undefined"} in the package.json with the key "packageManager"
	- version ${devEnginesVersion ?? "undefined"} in the package.json with the key "devEngines.packageManager"
	Remove conflicting versions to avoid version mismatch errors like ERR_PNPM_BAD_PM_VERSION`)
	}
	if (definedVersions.size === 0) {
	return undefined
	}
	return definedVersions.values().next().value

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/install-pnpm/run.ts` around lines 128 - 141, The code is currently
treating empty strings as "unspecified" by using filter(v => !!v); instead,
explicitly validate each candidate (version, packageManagerVersion,
devEnginesVersion) for blank/empty values and throw a descriptive Error when any
candidate exists but is an empty string (e.g., "packageManagerVersion is blank"
or "devEnginesVersion is blank"); then build the Set only from validated
non-blank values, keep the existing conflict check using definedVersions, and
return the single value as before—reference the variables definedVersions,
version, packageManagerVersion, and devEnginesVersion to locate and update the
logic.