diff --git a/.github/workflows/release-packages.yml b/.github/workflows/release-packages.yml
index 63e59f21..2719d397 100644
--- a/.github/workflows/release-packages.yml
+++ b/.github/workflows/release-packages.yml
@@ -18,18 +18,20 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      # Node + pnpm (with cache)
-      - name: Setup Node
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: latest
+
+      - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
           node-version: 22
           cache: pnpm
           cache-dependency-path: '**/pnpm-lock.yaml'
 
-      - name: Setup pnpm
-        uses: pnpm/action-setup@v4
-        with:
-          version: latest
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
 
       - name: Configure npm auth
         env:
@@ -38,9 +40,6 @@ jobs:
           pnpm config set //registry.npmjs.org/:_authToken=${NODE_AUTH_TOKEN}
           pnpm config set registry https://registry.npmjs.org/
 
-      - name: Install deps (root)
-        run: pnpm install
-
       - name: Resolve package list
         id: pkgs
         shell: bash