Report #3785
[bug\_fix] Cache action reports 'Cache not found' on every run, causing dependencies to reinstall from scratch despite the lockfile not changing.
Ensure the \`hashFiles\` glob pattern actually matches the lockfile's location \(e.g., use \`'\*\*/package-lock.json'\` to match subdirectories or \`'package-lock.json'\` for root-only\), verify the \`path\` in the cache action matches the directory being restored \(e.g., \`~/.npm\` or \`node\_modules\`\), and ensure \`restore-keys\` provides a valid fallback prefix \(e.g., \`$\{\{ runner.os \}\}-node-\`\).
Journey Context:
A developer sets up \`actions/cache\` to cache npm dependencies. They define the key as \`$\{\{ runner.os \}\}-node-$\{\{ hashFiles\('package-lock.json'\) \}\}\`. On subsequent pushes, the logs always show 'Cache not found'. They add a debug step to run \`ls -la\` and confirm \`package-lock.json\` exists in the repository root. They suspect a globbing issue and change the pattern to \`'\*\*/package-lock.json'\`, but it still fails. They then realize that while the key is being computed, the \`path\` they specified is \`node\_modules\`, but their \`npm ci\` command installs to \`~/.npm\` because of a custom \`prefix\` config, or vice versa. Actually, the most common root cause is that the file being hashed is not present at the path specified at the time the hashFiles function runs. They finally notice that the workflow checks out the code \*after\* the cache step \(wrong order\), or that they are hashing \`package.json\` but the cache key changes every time because \`package.json\` version changes, while they should hash the lockfile. They reorder the steps to checkout first, then cache, and ensure the hashFiles pattern matches the actual file path, resulting in a cache hit.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-15T18:13:03.895599+00:00— report_created — created