feat: adapt rule to identify caching via actions/setup-node

Author: NicholasEllul

rules/src/github-actions/publish-actions-cache-used.yaml

@@ -15,10 +15,23 @@ rules:
         Using GitHub's Action Cache in publishing workflows, especially in open source repositories, can be dangerous. See
         https://github.com/MetaMask/MetaMask-planning/issues/3925 for more details and alternative recommendations.
     patterns:
-        - pattern: "uses: $ACTION_NAME"
+    - pattern-either:
+      - patterns:
+        - pattern: "uses: $ACTION_CACHE"
         - metavariable-regex:
-            metavariable: $ACTION_NAME
-            regex: actions/cache@.+
+            metavariable: $ACTION_CACHE
+            regex: (actions/cache@.+)
+      - patterns: 
+        - pattern-inside: |
+            ...
+            uses: $SETUP_NODE
+            with:
+              ...
+        - pattern: |
+            cache: ...
+        - metavariable-regex:
+            metavariable: $SETUP_NODE
+            regex: (actions/setup-node@.*)
     paths:
       include:
         - ".github/**/*publish*.yml"

rules/test/github-actions/publish-actions-cache-used.test.yaml

@@ -27,6 +27,7 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version-file: '.nvmrc'
+          # ruleid: publish-actions-cache-used
           cache: yarn
       # ruleid: publish-actions-cache-used
       - uses: actions/cache@v4