Skip to content
/ check-yanked-packages Public

This GitHub Action checks for "yanked" Python packages in your `poetry.lock` file.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

seapagan/check-yanked-packages

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.github
.github
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
TODO.md
TODO.md
 
 
action.yml
action.yml
 
 

Repository files navigation

Check for Yanked Python Packages

This GitHub Action checks for "yanked" Python packages in your poetry.lock file. These are packages that have been removed from the Python Package Index (PyPI), by the package maintainer, and should not be used.

It requires that your project uses poetry for dependency management, and that the poetry.lock file to be present in the repository.

Under the hood, this action uses my check-yanked plugin for poetry, so check that out for local control over yanked packages.

The Action will fail if any yanked packages are found in the poetry.lock file, you can check the Action logs for more information on which packages are yanked.

Usage

To use this GitHub Action, you can add the following code to your workflow file:

Standalone

name: Check for Yanked Packages

on: [push, pull_request]

jobs:
  check-yanked:
    runs-on: ubuntu-latest

    steps:
      - name: Run poetry check-yanked
        uses: seapagan/check-yanked-packages@v1

Note that you do not need to checkout the repository or setup Python, as the action will do this for you. However, if you do have these steps in your workflow, the action will not attempt to run them again.

As part of a larger workflow

If this action is run as part of a larger workflow, put it after the main checkout and python setup steps. If these are aleady run, the plugin will not attempt to checkout the repository again nor setup python.

name: CI

on: [push, pull_request]

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: '3.x'
      - name: Run poetry check-yanked
        uses: seapagan/check-yanked-packages@v1

Options

There are currently two options available for this action:

  • path - The path to the directory containing the poetry.lock file. This defaults to the root of the repository.
  • python-version - The version of Python to use when running the action. This defaults to the latest version of Python 3.x available on the runner.
    • If you are using the actions/setup-python action, this will be ignored, and the version of Python installed by that will be used instead.

These are both optional, and can be set in the workflow file like so:

- name: Run poetry check-yanked
  uses: seapagan/check-yanked-packages@v1
  with:
    python-version: '3.10'
    path: 'path/to/directory'

Changelog

v1 - 24th June 2024

  • Initial Release

About

This GitHub Action checks for "yanked" Python packages in your `poetry.lock` file.

Topics

package-management lockfile github-action poetry-python yanked

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 3

v1 Latest
Jun 24, 2024
+ 2 releases

Sponsor this project

 
Learn more about GitHub Sponsors