Update pnpm and use corepack

[obulat]

Fixes

Fixes #3807 by @dhruvkb

Description

This PR replaces pnpm/action-setup@v3 with corepack enable for setting up pnpm in the CI and Docker containers.
For the Playwright Docker containers, corepack looks into the closest package.json file to find the pnpm version, so I added it in the frontend/package.json

Since we no longer need to provide the pnpm version to the set up script (it's extracted from package.json's packageManager field), I removed the related env variables.

Testing Instructions

The CI should pass.

Checklist

• My pull request has a descriptive title (not a vague title likeUpdate index.md).
• My pull request targets the default branch of the repository (main) or a parent feature branch.
• My commit messages follow best practices.
• My code follows the established code style of the repository.
• I added or updated tests for the changes I made (if applicable).
• I added or updated documentation (if applicable).
• I tried running the project locally and verified that there are no visible errors.
• I ran the DAG documentation generator (ov just catalog/generate-docs for catalog
  PRs) or the media properties generator (ov just catalog/generate-docs media-props
  for the catalog or ov just api/generate-docs for the API) where applicable.

Developer Certificate of Origin

Developer Certificate of Origin

Developer Certificate of Origin
Version 1.1

Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
1 Letterman Drive
Suite D4700
San Francisco, CA, 94129

Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.


Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
    have the right to submit it under the open source license
    indicated in the file; or

(b) The contribution is based upon previous work that, to the best
    of my knowledge, is covered under an appropriate open source
    license and I have the right under that license to submit that
    work with modifications, whether created in whole or in part
    by me, under the same open source license (unless I am
    permitted to submit under a different license), as indicated
    in the file; or

(c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.

(d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
    this project or the open source license(s) involved.

[dhruvkb]

Approving even though it's a draft because it's great. I love Corepack and happy to see it being used more.

[dhruvkb]

Please correct me if I'm wrong but I was under the impression that packageManager is only read from the package.json in the repo root.

[obulat]

This is necessary for the Playwright Docker setup, not the frontend (I think frontend can use the root package.json). The node corepack docs say "The Corepack proxies will find the closest package.json file in your current directory hierarchy to extract its "packageManager" property."

[sarayourfriend]

It'd be great to run Playwright from the repo root context instead, if not for this PR (makes sense, might be a big change), then in a separate issue.

It would be really great if Playwright ran inside ov so we didn't have to have a separate docker container for it, but that's a separate story.

[sarayourfriend]

It'd be great to run Playwright from the repo root context instead, if not for this PR (makes sense, might be a big change), then in a separate issue.

It would be really great if Playwright ran inside ov so we didn't have to have a separate docker container for it, but that's a separate story.

[sarayourfriend]

This kind of comment is sort of just documenting what Corepack is isn't it? Do we need this kind of comment? I'd argue it wasn't necessary for pnpm/action-setup either.

What's the benefit of using corepack here instead of the action, by the way? Just consistency or is there something else? The action does quite a lot of things, including basic clean up steps that are apparently necessary for GitHub actions (store prune at the end of the job, for example).

Is corepack by itself, without any additional support steps or jobs, sufficient to actually replace what pnpm/action-setup does? It's not only installing pnpm, after all: https://github.com/pnpm/action-setup/blob/master/src/index.ts#L8-L17

[obulat]

The main reason is consistency and the removal of one extra dependency that needs to be updated.

I've seen many large projects use corepack enable instead of pnpm/action-setup. Do you think we really need all of the steps that the action does? Is store pruning important during the CI, if we are discarding the containers at the end anyway?

[sarayourfriend]

I have no idea what the purpose of store pruning is at the end of the action, all I know is that pnpm/action-setup does it, and lots of other actions have similar clean up type steps. I have not read about why that is or what the advice is for this (I've never written of this nature). To clarify, store pruning is on the host, not inside the docker images, so relevant for when we run pnpm install in the next step after this one.

Based on a quick search, I can't find anything clear or definitive on why clean up steps are necessary, other than suggestions that while runners are intended to be ephemeral, clean up helps prevent any accidental leaks between runners. In our case, the pnpm store shouldn't have an issue in that regard, not that I can think of off the top of my head. We don't download and proprietary packages from private repositories, for example, so it isn't like there is IP that could leak between runners if ephemerality didn't work as expected. It also seems like it might be more relevant for self-hosted runners (perhaps those have different behaviour in this regard).

[AetherUnbound]

Don't have much to add beyond what others have shared, but I'm glad we can get rid of some of the env vars here! 🙂