action-setup@v6 does not install pnpm version specified in `package_json_file`

[timdawborn]

This is probably the same underlying cause as #225

When specifying package_json_file and that package.json file has a packageManager field that specifies the version of pnpm to use, the v6 release does not load the specified version.

This results in the following error, which we are currently seeing across tens of repos:

ERR_PNPM_BROKEN_LOCKFILE  The lockfile at "<path>/pnpm-lock.yaml" is broken: expected a single document in the stream, but found more

The packageManager field is set to pnpm 10 in the specified package.json file:

$ grep packageManager package.json
  "packageManager": "pnpm@10.28.1",

The GitHub Action is invoked with the package_json_file input argument only:

    - name: Setup pnpm
      uses: pnpm/action-setup@v6
      with:
        package_json_file: "${{ inputs.working-directory }}/package.json"

[HowieHz]

link #228 #226

My workflow includes an auto-commit step after formatting, so I noticed that the new v6.0 workflow causes the following content to be added to the beginning of pnpm-lock.yaml:

---
lockfileVersion: '9.0'

importers:

  .:
    configDependencies: {}
    packageManagerDependencies:
      '@pnpm/exe':
        specifier: 10.33.0
        version: 10.33.0
      pnpm:
        specifier: 10.33.0
        version: 10.33.0

packages:

  '@pnpm/exe@10.33.0':
    resolution: {integrity: sha512-sGsjztJBelzVMd0RhceDJ3p8Hk7eBcpu4G/TF6REzIvNdkKyxDT0czc1BWyo8Kbg+U0OBtK/TAGXN7Art4rTdg==}
    hasBin: true

  '@pnpm/linux-arm64@10.33.0':
    resolution: {integrity: sha512-oYb5NxEyImqaTkLVX/7jL59m9Vfmd07iLWzr4Pg2LIk4XEtAllNcnksNHcp5Uf+lFk/BggtpOdvC84TG3VnbFw==}
    cpu: [arm64]
    os: [linux]
    hasBin: true

  '@pnpm/linux-x64@10.33.0':
    resolution: {integrity: sha512-JYD2GXDF2roKpvTg5s032lYcUcT9lMedYlzxoqitWTjKlkMhl2gXRYpiDHdi2mWC5nFOJYlgYbUuy6jh3rXhng==}
    cpu: [x64]
    os: [linux]
    hasBin: true

  '@pnpm/macos-arm64@10.33.0':
    resolution: {integrity: sha512-3w9Pqpw0swnAbnEdAKumMuKj+TPaGratnqC49bC41vjR1pNs0UMwVdOxiIROUMQy5OHKPx0IH/wOOP0hkhJd+g==}
    cpu: [arm64]
    os: [darwin]
    hasBin: true

  '@pnpm/macos-x64@10.33.0':
    resolution: {integrity: sha512-SBeiLjU/9ORMIXAMsD6+Ltaaesniwh49FeFcG6kA64Zxr30U9SyzeZDnNOyWCGFjHeCmGfzCnSpNEN4VNo827g==}
    cpu: [x64]
    os: [darwin]
    hasBin: true

  '@pnpm/win-arm64@10.33.0':
    resolution: {integrity: sha512-8X3NQqmfNVZ+dCu+EfD7ZkAgDgIKKdAgBBKcvhvMoMJq/nWHOfqDLxewE9TQ7qzVLuUKG/9b/xBVRVjdtDOm0w==}
    cpu: [arm64]
    os: [win32]
    hasBin: true

  '@pnpm/win-x64@10.33.0':
    resolution: {integrity: sha512-wiPVvxmTuB6FFn+rZ4FfSk1WTn+cxiQ7MTJEEz1k9VZLN/yZujGrv/WLYH2JcwzVTgObfmQuBKeNgEUavEL0Qg==}
    cpu: [x64]
    os: [win32]
    hasBin: true

  pnpm@10.33.0:
    resolution: {integrity: sha512-EFaLtKavtYyes2MNqQzJUWQXq+vT+rvmc58K55VyjaFJHp21pUTHatjrdXD1xLs9bGN7LLQb/c20f6gjyGSTGQ==}
    engines: {node: '>=18.12'}
    hasBin: true

snapshots:

  '@pnpm/exe@10.33.0':
    optionalDependencies:
      '@pnpm/linux-arm64': 10.33.0
      '@pnpm/linux-x64': 10.33.0
      '@pnpm/macos-arm64': 10.33.0
      '@pnpm/macos-x64': 10.33.0
      '@pnpm/win-arm64': 10.33.0
      '@pnpm/win-x64': 10.33.0

  '@pnpm/linux-arm64@10.33.0':
    optional: true

  '@pnpm/linux-x64@10.33.0':
    optional: true

  '@pnpm/macos-arm64@10.33.0':
    optional: true

  '@pnpm/macos-x64@10.33.0':
    optional: true

  '@pnpm/win-arm64@10.33.0':
    optional: true

  '@pnpm/win-x64@10.33.0':
    optional: true

  pnpm@10.33.0: {}

---

So it reports that the file is broken.