feat: add explicit cypress install step after dependency install

[mschile]

What

Adds an explicit cypress install step that runs after dependency install in index.js, invoked via npx for all package managers:

npx cypress install

The step runs on every install path (including a custom install-command), is skipped when install: false, and respects CYPRESS_INSTALL_BINARY=0. It's a no-op when the binary is already present.

Why

Package managers may no longer run a dependency's postinstall script by default — pnpm and Yarn Berry (≥4.14) already block them, and npm 12 will via RFC #868. Cypress downloads its binary via a postinstall script, so without an explicit install:

• Cache hit (steady-state CI): binary restored from ~/.cache/Cypress, unaffected.
• Cache miss / first run / cache-key change: the binary is never downloaded and cypress verify fails.

Running cypress install explicitly downloads the binary on a cold cache regardless of package manager.

Why npx for all package managers (not pnpm cypress / yarn cypress)

The first iteration used package-manager-specific commands (pnpm cypress install, yarn cypress install). That broke the pnpm-workspaces example with:

[ERR_PNPM_RECURSIVE_EXEC_FIRST_FAIL] Command "cypress" not found

Root cause: pnpm <command> resolves <command> relative to the current directory's package. The action installs dependencies in the pnpm workspace root, whose package.json declares no cypress dependency and no cypress script (cypress is a devDependency of the child packages only). pnpm therefore has no cypress command to run there and errors out.

npx cypress instead resolves cypress from the dependency tree and finds the workspace's pinned version (verified: npx --no-install cypress --version returns the locked 15.17.0 from the workspace root, no download). This also matches how the action's existing cypress verify and cypress cache list steps already invoke cypress, so behavior is consistent across all three.

Notes for reviewers

• Wired into installMaybe() between install() and listCypressBinaries().
• No core.exportVariable('CYPRESS_CACHE_FOLDER', ...) in the new function — install() always runs immediately before it and already exports it for the process.
• dist/index.js rebuilt via the pre-commit hook (ncc build).
• No unit tests in this repo; behavior is exercised via the example workflows (the pnpm-workspaces examples were the ones that caught the original pnpm cypress issue).

Closes #1798

References

• Tracking issue: npm RFC #868 will block this package's install script by default cypress#33980
• Tech brief: cypress-io/engineering-documentation#496

🤖 Generated with Claude Code

[MikeMcC399]

I'm skeptical about combining npm's npx with Yarn and pnpm package managers. It has led to errors in the past.

The repo has been patched multiple times since the origin npm / Yarn Classic implementation to incorporate the later Yarn Modern and pnpm, and by now it's a bit difficult to maintain any further changes.

This PR should in any case be tested against a Cypress version that it not cypress@latest. npx will pull the latest version if it's not already installed.

I'm also not sure if this PR is necessary at this time.

In general, users will have set up their projects to install and test locally as a first step and they will have needed to add whatever configuration parameters are necessary to allow Cypress to install together with the Cypress binary. When they commit this configuration to a GitHub repo, it will also run there and allow the Cypress binary install.

If this weren't the case we would have already seen user issues reported for pnpm, and there haven't been any.

In terms of this repo, I would advocate minimum necessary changes to keep things running. Yarn Modern isn't properly supported anyway. Same for pnpm workspaces. Yarn v6 is on the horizon as well, with significant changes planned.

[MikeMcC399]

Running pnpm@11 standalone without allowBuilds doesn't work at all
It either needs to be set to:

allowBuilds:
  cypress: true

or

allowBuilds:
  cypress: false

attempting to run the following otherwise fails:

pnpm cypress install

[MikeMcC399]

At this time I would want to withhold support for this PR.

A correctly configured package.json for npm does not need this PR.

Changes affecting other package managers may introduce additional problems.

I'd suggest waiting for the release of npm@12, and a decision about whether it will be bundled into Node.js 26.

The documentation on https://docs.cypress.io/app/get-started/install-cypress#npm-configuration is inaccurate, about how to modify package.json to allow cypress. I'll follow that up separately.

If Cypress.io decides to move away from postinstall, then that would need a documentation-only deprecation phase. This topic could be re-addressed then at a later stage. Modifying the action at this time appears to be premature.

[MikeMcC399]

• Documentation error reported in Incorrect npm allowScripts syntax cypress-documentation#6586