mirror of
https://github.com/hwchase17/langchain
synced 2024-11-08 07:10:35 +00:00
6c308aabae
Using `${{ }}` to construct shell commands is risky, since the `${{ }}` interpolation runs first and ignores shell quoting rules. This means that shell commands that look safely quoted, like `echo "${{ github.event.issue.title }}"`, are actually vulnerable to shell injection. More details here: https://github.blog/2023-08-09-four-tips-to-keep-your-github-actions-workflows-secure/
85 lines
2.5 KiB
YAML
85 lines
2.5 KiB
YAML
# An action for setting up poetry install with caching.
|
|
# Using a custom action since the default action does not
|
|
# take poetry install groups into account.
|
|
# Action code from:
|
|
# https://github.com/actions/setup-python/issues/505#issuecomment-1273013236
|
|
name: poetry-install-with-caching
|
|
description: Poetry install with support for caching of dependency groups.
|
|
|
|
inputs:
|
|
python-version:
|
|
description: Python version, supporting MAJOR.MINOR only
|
|
required: true
|
|
|
|
poetry-version:
|
|
description: Poetry version
|
|
required: true
|
|
|
|
install-command:
|
|
description: Command run for installing dependencies
|
|
required: false
|
|
default: poetry install
|
|
|
|
cache-key:
|
|
description: Cache key to use for manual handling of caching
|
|
required: true
|
|
|
|
working-directory:
|
|
description: Directory to run install-command in
|
|
required: false
|
|
default: ""
|
|
|
|
runs:
|
|
using: composite
|
|
steps:
|
|
- uses: actions/setup-python@v4
|
|
name: Setup python $${ inputs.python-version }}
|
|
with:
|
|
python-version: ${{ inputs.python-version }}
|
|
|
|
- uses: actions/cache@v3
|
|
id: cache-pip
|
|
name: Cache Pip ${{ inputs.python-version }}
|
|
env:
|
|
SEGMENT_DOWNLOAD_TIMEOUT_MIN: "15"
|
|
with:
|
|
path: |
|
|
~/.cache/pip
|
|
key: pip-${{ runner.os }}-${{ runner.arch }}-py-${{ inputs.python-version }}
|
|
|
|
- name: Install poetry
|
|
shell: bash
|
|
env:
|
|
POETRY_VERSION: ${{ inputs.poetry-version }}
|
|
PYTHON_VERSION: ${{ inputs.python-version }}
|
|
run: pipx install "poetry==$POETRY_VERSION" --python "python$PYTHON_VERSION" --verbose
|
|
|
|
- name: Check Poetry File
|
|
shell: bash
|
|
working-directory: ${{ inputs.working-directory }}
|
|
run: |
|
|
poetry check
|
|
|
|
- name: Check lock file
|
|
shell: bash
|
|
working-directory: ${{ inputs.working-directory }}
|
|
run: |
|
|
poetry lock --check
|
|
|
|
- uses: actions/cache@v3
|
|
id: cache-poetry
|
|
env:
|
|
SEGMENT_DOWNLOAD_TIMEOUT_MIN: "15"
|
|
WORKDIR: ${{ inputs.working-directory == '' && '.' || inputs.working-directory }}
|
|
with:
|
|
path: |
|
|
~/.cache/pypoetry/virtualenvs
|
|
~/.cache/pypoetry/cache
|
|
~/.cache/pypoetry/artifacts
|
|
${{ env.WORKDIR }}/.venv
|
|
key: poetry-${{ runner.os }}-${{ runner.arch }}-py-${{ inputs.python-version }}-poetry-${{ inputs.poetry-version }}-${{ inputs.cache-key }}-${{ hashFiles(format('{0}/poetry.lock', env.WORKDIR)) }}
|
|
|
|
- run: ${{ inputs.install-command }}
|
|
working-directory: ${{ inputs.working-directory }}
|
|
shell: bash
|