{"id":13529182,"url":"https://github.com/actions/setup-python","last_synced_at":"2026-01-22T05:01:38.820Z","repository":{"id":37405907,"uuid":"192625525","full_name":"actions/setup-python","owner":"actions","description":"Set up your GitHub Actions workflow with a specific version of Python","archived":false,"fork":false,"pushed_at":"2026-01-08T06:38:07.000Z","size":31936,"stargazers_count":2072,"open_issues_count":75,"forks_count":693,"subscribers_count":42,"default_branch":"main","last_synced_at":"2026-01-16T21:03:20.853Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/actions.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-06-18T23:30:52.000Z","updated_at":"2026-01-15T13:29:00.000Z","dependencies_parsed_at":"2023-01-05T04:50:58.332Z","dependency_job_id":"58258841-ce92-436c-a199-0f1e31431806","html_url":"https://github.com/actions/setup-python","commit_stats":{"total_commits":384,"total_committers":92,"mean_commits":4.173913043478261,"dds":0.8880208333333334,"last_synced_commit":"3fddbee7870211eda9047db10474808be43c71ec"},"previous_names":[],"tags_count":61,"template":false,"template_full_name":null,"purl":"pkg:github/actions/setup-python","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fsetup-python","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fsetup-python/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fsetup-python/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fsetup-python/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/actions","download_url":"https://codeload.github.com/actions/setup-python/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fsetup-python/sbom","scorecard":{"id":163796,"data":{"date":"2025-08-11","repo":{"name":"github.com/actions/setup-python","commit":"9322b3ca74000aeb2c01eb777b646334015ddd72"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.7,"checks":[{"name":"Maintained","score":9,"reason":"11 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish-immutable-actions.yml:11","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/publish-immutable-actions.yml:13","Warn: no topLevel permission defined: .github/workflows/basic-validation.yml:1","Warn: no topLevel permission defined: .github/workflows/check-dist.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/e2e-cache-freethreaded.yml:16","Info: topLevel 'contents' permission set to 'read': .github/workflows/e2e-cache.yml:16","Warn: no topLevel permission defined: .github/workflows/e2e-tests.yml:1","Warn: no topLevel permission defined: .github/workflows/licensed.yml:1","Warn: no topLevel permission defined: .github/workflows/publish-immutable-actions.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release-new-action-version.yml:15","Warn: no topLevel permission defined: .github/workflows/test-graalpy.yml:1","Warn: no topLevel permission defined: .github/workflows/test-pypy.yml:1","Warn: no topLevel permission defined: .github/workflows/test-python-freethreaded.yml:1","Warn: no topLevel permission defined: .github/workflows/test-python.yml:1","Warn: no topLevel permission defined: .github/workflows/update-config-files.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/basic-validation.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/basic-validation.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/check-dist.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache-freethreaded.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/e2e-cache-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache-freethreaded.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/e2e-cache-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache-freethreaded.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/e2e-cache-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache-freethreaded.yml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/e2e-cache-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache-freethreaded.yml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/e2e-cache-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache-freethreaded.yml:212: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/e2e-cache-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache-freethreaded.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/e2e-cache-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/e2e-cache.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/e2e-cache.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/e2e-cache.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache.yml:187: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/e2e-cache.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache.yml:225: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/e2e-cache.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache.yml:271: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/e2e-cache.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache.yml:299: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/e2e-cache.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-tests.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/e2e-tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/licensed.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/licensed.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-immutable-actions.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/publish-immutable-actions.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-immutable-actions.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/publish-immutable-actions.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-new-action-version.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/release-new-action-version.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-graalpy.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-graalpy.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-graalpy.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-graalpy.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-graalpy.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-graalpy.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-pypy.yml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-pypy.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-pypy.yml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-pypy.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-pypy.yml:226: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-pypy.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-pypy.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-pypy.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-pypy.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-pypy.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python-freethreaded.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python-freethreaded.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python-freethreaded.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python-freethreaded.yml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python-freethreaded.yml:264: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python-freethreaded.yml:456: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python-freethreaded.yml:514: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python-freethreaded.yml:233: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python-freethreaded.yml:343: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python-freethreaded.yml:417: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python-freethreaded.yml:488: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python-freethreaded.yml:545: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python-freethreaded.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python-freethreaded.yml:304: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python-freethreaded.yml:380: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python-freethreaded.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python.yml:356: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python.yml:405: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python.yml:524: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python.yml:556: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python.yml:588: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python.yml:222: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python.yml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python.yml:306: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python.yml:448: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python.yml:485: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-python.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/test-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-config-files.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-python/update-config-files.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/e2e-cache-freethreaded.yml:193","Warn: pipCommand not pinned by hash: .github/workflows/e2e-cache-freethreaded.yml:222","Warn: pipCommand not pinned by hash: .github/workflows/e2e-cache-freethreaded.yml:44","Warn: downloadThenRun not pinned by hash: .github/workflows/e2e-cache-freethreaded.yml:72","Warn: pipCommand not pinned by hash: .github/workflows/e2e-cache-freethreaded.yml:134","Warn: downloadThenRun not pinned by hash: .github/workflows/e2e-cache-freethreaded.yml:163","Warn: pipCommand not pinned by hash: .github/workflows/e2e-cache.yml:57","Warn: downloadThenRun not pinned by hash: .github/workflows/e2e-cache.yml:97","Warn: pipCommand not pinned by hash: .github/workflows/e2e-cache.yml:196","Warn: downloadThenRun not pinned by hash: .github/workflows/e2e-cache.yml:235","Warn: pipCommand not pinned by hash: .github/workflows/e2e-cache.yml:280","Warn: pipCommand not pinned by hash: .github/workflows/e2e-cache.yml:309","Info:   0 out of  60 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   8 pipCommand dependencies pinned","Info:   0 out of   4 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":9,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/actions/.github/SECURITY.md:1","Info: Found linked content: github.com/actions/.github/SECURITY.md:1","Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy","Info: Found text in security policy: github.com/actions/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'restore-v4-release'","Warn: branch protection not enabled for branch 'releases/v3'","Warn: branch protection not enabled for branch 'releases/v2'","Warn: branch protection not enabled for branch 'releases/v1'","Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Info: codeowner review is required on branch 'main'","Info: 'last push approval' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":2,"reason":"8 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2022-42986 / GHSA-43fp-rhv2-5gv8","Warn: Project is vulnerable to: PYSEC-2023-135 / GHSA-xqr8-7jwr-rhp7","Warn: Project is vulnerable to: PYSEC-2021-140 / GHSA-9w8r-397f-prfh","Warn: Project is vulnerable to: PYSEC-2023-117 / GHSA-mrwq-x4v8-fh7p","Warn: Project is vulnerable to: PYSEC-2021-141 / GHSA-pq64-v7f5-gqh8","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v","Warn: Project is vulnerable to: GHSA-44wm-f244-xhp3"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-16T14:18:12.941Z","repository_id":37405907,"created_at":"2025-08-16T14:18:12.941Z","updated_at":"2025-08-16T14:18:12.941Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28655022,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-22T01:17:37.254Z","status":"online","status_checked_at":"2026-01-22T02:00:07.137Z","response_time":144,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T07:00:34.096Z","updated_at":"2026-01-22T05:01:38.814Z","avatar_url":"https://github.com/actions.png","language":"TypeScript","funding_links":[],"categories":["TypeScript","Official Resources","Popular GitHub Actions","二、核心官方Action（工作流必备）"],"sub_categories":["Official Actions","3. 编程语言环境配置"],"readme":"# setup-python\n\n[![Basic validation](https://github.com/actions/setup-python/actions/workflows/basic-validation.yml/badge.svg?branch=main)](https://github.com/actions/setup-python/actions/workflows/basic-validation.yml)\n[![Validate Python e2e](https://github.com/actions/setup-python/actions/workflows/test-python.yml/badge.svg?branch=main)](https://github.com/actions/setup-python/actions/workflows/test-python.yml)\n[![Validate PyPy e2e](https://github.com/actions/setup-python/actions/workflows/test-pypy.yml/badge.svg?branch=main)](https://github.com/actions/setup-python/actions/workflows/test-pypy.yml)\n[![e2e-cache](https://github.com/actions/setup-python/actions/workflows/e2e-cache.yml/badge.svg?branch=main)](https://github.com/actions/setup-python/actions/workflows/e2e-cache.yml)\n\nThis action provides the following functionality for GitHub Actions users:\n\n- Installing a version of Python or PyPy and (by default) adding it to the PATH\n- Optionally caching dependencies for pip, pipenv and poetry\n- Registering problem matchers for error output\n\n## Breaking changes in V6\n\n- Upgraded action from node20 to node24\n  \u003e Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See [Release Notes](https://github.com/actions/runner/releases/tag/v2.327.1)\n\nFor more details,  see the full release notes on the [releases page](https://github.com/actions/setup-python/releases/tag/v6.0.0)\n\n## Basic usage\n\nSee [action.yml](action.yml)\n\n**Python**\n```yaml\nsteps:\n- uses: actions/checkout@v5\n- uses: actions/setup-python@v6\n  with:\n    python-version: '3.13' \n- run: python my_script.py\n```\n\n**PyPy**\n```yaml\nsteps:\n- uses: actions/checkout@v5\n- uses: actions/setup-python@v6 \n  with:\n    python-version: 'pypy3.10' \n- run: python my_script.py\n```\n\n**GraalPy**\n```yaml\nsteps:\n- uses: actions/checkout@v5\n- uses: actions/setup-python@v6 \n  with:\n    python-version: 'graalpy-24.0' \n- run: python my_script.py\n```\n\n**Free threaded Python**\n```yaml\nsteps:\n- uses: actions/checkout@v5\n- uses: actions/setup-python@v6\n  with:\n    python-version: '3.13t'\n- run: python my_script.py\n```\n\nThe `python-version` input is optional. If not supplied, the action will try to resolve the version from the default `.python-version` file. If the `.python-version` file doesn't exist Python or PyPy version from the PATH will be used. The default version of Python or PyPy in PATH varies between runners and can be changed unexpectedly so we recommend always setting Python version explicitly using the `python-version` or `python-version-file` inputs.\n\nThe action will first check the local [tool cache](docs/advanced-usage.md#hosted-tool-cache) for a [semver](https://github.com/npm/node-semver#versions) match. If unable to find a specific version in the tool cache, the action will attempt to download a version of Python from [GitHub Releases](https://github.com/actions/python-versions/releases) and for PyPy from the official [PyPy's dist](https://downloads.python.org/pypy/).\n\nFor information regarding locally cached versions of Python or PyPy on GitHub hosted runners, check out [GitHub Actions Runner Images](https://github.com/actions/runner-images).\n\n## Supported version syntax\n\nThe `python-version` input supports the [Semantic Versioning Specification](https://semver.org/) and some special version notations (e.g. `semver ranges`, `x.y-dev syntax`, etc.), for detailed examples please refer to the section: [Using python-version input](docs/advanced-usage.md#using-the-python-version-input) of the [Advanced usage](docs/advanced-usage.md) guide.\n\n## Supported architectures\n\nUsing the `architecture` input, it is possible to specify the required Python or PyPy interpreter architecture: `x86`, `x64`, or `arm64`. If the input is not specified, the architecture defaults to the host OS architecture.\n\n## Caching packages dependencies\n\nThe action has built-in functionality for caching and restoring dependencies. It uses [toolkit/cache](https://github.com/actions/toolkit/tree/main/packages/cache) under the hood for caching dependencies but requires less configuration settings. Supported package managers are `pip`, `pipenv` and `poetry`. The `cache` input is optional, and caching is turned off by default.\n\nThe action defaults to searching for a dependency file (`requirements.txt` or `pyproject.toml` for pip, `Pipfile.lock` for pipenv or `poetry.lock` for poetry) in the repository, and uses its hash as a part of the cache key. Input `cache-dependency-path` is used for cases when multiple dependency files are used, they are located in different subdirectories or different files for the hash that want to be used.\n\n - For `pip`, the action will cache the global cache directory\n - For `pipenv`, the action will cache virtualenv directory\n - For `poetry`, the action will cache virtualenv directories -- one for each poetry project found\n\n**Caching pip dependencies:**\n\n```yaml\nsteps:\n- uses: actions/checkout@v5\n- uses: actions/setup-python@v6\n  with:\n    python-version: '3.13'\n    cache: 'pip' # caching pip dependencies\n- run: pip install -r requirements.txt\n```\n\u003e**Note:** Restored cache will not be used if the requirements.txt file is not updated for a long time and a newer version of the dependency is available which can lead to an increase in total build time.\n\n\u003eThe requirements file format allows for specifying dependency versions using logical operators (for example chardet\u003e=3.0.4) or specifying dependencies without any versions. In this case the pip install -r requirements.txt command will always try to install the latest available package version. To be sure that the cache will be used, please stick to a specific dependency version and update it manually if necessary.\n\n\u003eThe `setup-python` action does not handle authentication for pip when installing packages from private repositories. For help, refer [pip’s VCS support documentation](https://pip.pypa.io/en/stable/topics/vcs-support/) or visit the [pip repository](https://github.com/pypa/pip).\n\nSee examples of using `cache` and `cache-dependency-path` for `pipenv` and `poetry` in the section: [Caching packages](docs/advanced-usage.md#caching-packages) of the [Advanced usage](docs/advanced-usage.md) guide.\n\n## Advanced usage\n\n- [Using the python-version input](docs/advanced-usage.md#using-the-python-version-input)\n- [Using the python-version-file input](docs/advanced-usage.md#using-the-python-version-file-input)\n- [Check latest version](docs/advanced-usage.md#check-latest-version)\n- [Caching packages](docs/advanced-usage.md#caching-packages)\n- [Outputs and environment variables](docs/advanced-usage.md#outputs-and-environment-variables)\n- [Available versions of Python, PyPy and GraalPy](docs/advanced-usage.md#available-versions-of-python-pypy-and-graalpy)\n- [Hosted tool cache](docs/advanced-usage.md#hosted-tool-cache) \n- [Using `setup-python` with a self-hosted runner](docs/advanced-usage.md#using-setup-python-with-a-self-hosted-runner)\n- [Using `setup-python` on GHES](docs/advanced-usage.md#using-setup-python-on-ghes)\n- [Allow pre-releases](docs/advanced-usage.md#allow-pre-releases)\n- [Using the pip-version input](docs/advanced-usage.md#using-the-pip-version-input)\n- [Using the pip-install input](docs/advanced-usage.md#using-the-pip-install-input)\n\n## Recommended permissions\n\nWhen using the `setup-python` action in your GitHub Actions workflow, it is recommended to set the following permissions to ensure proper functionality:\n\n```yaml\npermissions:\n  contents: read # access to check out code and install dependencies\n```\n\n## License\n\nThe scripts and documentation in this project are released under the [MIT License](LICENSE).\n\n## Contributions\n\nContributions are welcome! See our [Contributor's Guide](docs/contributors.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Factions%2Fsetup-python","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Factions%2Fsetup-python","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Factions%2Fsetup-python/lists"}