This GitHub Action checks for "yanked" Python packages in your poetry.lock
file. These are packages that have been removed from the Python Package Index
(PyPI), by the package maintainer, and should not be used.
It requires that your project uses poetry for
dependency management, and that the poetry.lock
file to be present in the
repository.
Under the hood, this action uses my check-yanked plugin for poetry, so check that out for local control over yanked packages.
The Action will fail if any yanked packages are found in the poetry.lock
file,
you can check the Action logs for more information on which packages are yanked.
To use this GitHub Action, you can add the following code to your workflow file:
name: Check for Yanked Packages
on: [push, pull_request]
jobs:
check-yanked:
runs-on: ubuntu-latest
steps:
- name: Run poetry check-yanked
uses: seapagan/check-yanked-packages@v1
Note that you do not need to checkout the repository or setup Python, as the action will do this for you. However, if you do have these steps in your workflow, the action will not attempt to run them again.
If this action is run as part of a larger workflow, put it after the main checkout and python setup steps. If these are aleady run, the plugin will not attempt to checkout the repository again nor setup python.
name: CI
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Run poetry check-yanked
uses: seapagan/check-yanked-packages@v1
There are currently two options available for this action:
path
- The path to the directory containing thepoetry.lock
file. This defaults to the root of the repository.python-version
- The version of Python to use when running the action. This defaults to the latest version of Python 3.x available on the runner.- If you are using the
actions/setup-python
action, this will be ignored, and the version of Python installed by that will be used instead.
- If you are using the
These are both optional, and can be set in the workflow file like so:
- name: Run poetry check-yanked
uses: seapagan/check-yanked-packages@v1
with:
python-version: '3.10'
path: 'path/to/directory'
v1 - 24th June 2024
- Initial Release