{"id":20618598,"url":"https://github.com/allanchain/poetry-cache-action","last_synced_at":"2026-04-12T23:53:15.600Z","repository":{"id":40324202,"uuid":"361295081","full_name":"AllanChain/poetry-cache-action","owner":"AllanChain","description":"Action to handle poetry package caching and installation, with utilities to handle tricky cases","archived":false,"fork":false,"pushed_at":"2024-07-18T13:24:10.000Z","size":1583,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-06T19:44:30.789Z","etag":null,"topics":["actions","cache","github-actions","poetry","typescript"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AllanChain.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-04-25T00:25:25.000Z","updated_at":"2024-07-18T13:24:13.000Z","dependencies_parsed_at":"2024-07-18T15:56:28.108Z","dependency_job_id":null,"html_url":"https://github.com/AllanChain/poetry-cache-action","commit_stats":{"total_commits":53,"total_committers":2,"mean_commits":26.5,"dds":"0.24528301886792447","last_synced_commit":"1ccad1a9790922611ec760f4808a861750d9f753"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":"actions/typescript-action","purl":"pkg:github/AllanChain/poetry-cache-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AllanChain%2Fpoetry-cache-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AllanChain%2Fpoetry-cache-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AllanChain%2Fpoetry-cache-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AllanChain%2Fpoetry-cache-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AllanChain","download_url":"https://codeload.github.com/AllanChain/poetry-cache-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AllanChain%2Fpoetry-cache-action/sbom","scorecard":{"id":12001,"data":{"date":"2025-08-11","repo":{"name":"github.com/AllanChain/poetry-cache-action","commit":"768aff10c4bbdb3da4a2463c4aad2a0b70764757"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.9,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/9 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/AllanChain/poetry-cache-action/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/AllanChain/poetry-cache-action/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/AllanChain/poetry-cache-action/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/AllanChain/poetry-cache-action/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/AllanChain/poetry-cache-action/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/AllanChain/poetry-cache-action/test.yml/main?enable=pin","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'","Warn: branch protection not enabled for branch 'release'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":4,"reason":"6 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-14T14:49:42.285Z","repository_id":40324202,"created_at":"2025-08-14T14:49:42.285Z","updated_at":"2025-08-14T14:49:42.285Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271765028,"owners_count":24817286,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-23T02:00:09.327Z","response_time":69,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","cache","github-actions","poetry","typescript"],"created_at":"2024-11-16T12:08:59.631Z","updated_at":"2026-04-12T23:53:15.539Z","avatar_url":"https://github.com/AllanChain.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Poetry Cache Action\n\nAre you annoyed by random CI failure because poetry cache strangely becomes invalid? This action is for you!\n\npoetry-cache-action is an action to handle poetry **package** caching and installation, with utilities to handle tricky cases.\n\n## Features\n\n- cache and install pacakges\n- validate cache and try reinstall\n- hack to replace mirror url for ci (python-poetry/poetry#1632)\n\n## Usage Example\n\n```yaml\n- uses: actions/checkout@v3\n- uses: actions/setup-python@v4\n- uses: Gr1N/setup-poetry@v8\n- uses: allanchain/poetry-cache-action@release # or any other tags\n```\n\n## Inputs\n\n### `cache-key-prefix`\n\nThis action internally uses `@actions/cache` for caching. By default it generates a hash string based on python version, python installation path, and poetry version. You can add a custom key prefix to have more control over caching.\n\nDefault to `'poetry'`\n\n### `ensure-module`\n\nOne highlight feature of this action is auto checking cache by importing a module specified by `ensure-module`, and tring to reinstall if import fails.\n\nDefault to `'pytest'`\n\n### `install-args`\n\nAny args after `poetry install`. Seperated by spaces, as normally do in command line. e.g.:\n\n```yaml\ninstall-args: --no-root --no-dev\n```\n\nDefault to `''`\n\n### `replace-mirror`\n\nHack to replace mirror url for ci ([python-poetry/poetry#1632](https://github.com/python-poetry/poetry/issues/1632)).\n\nThe string is passed to sed: `sed -i 's/${replaceMirror}/g'`. e.g.:\n\n```yaml\nreplace-mirror: pypi.tuna.tsinghua.edu.cn/pypi.org\n```\n\nDefault to do nothing.\n\n### `working-directory`\n\nWorking directory of th poetry project.\n\nDefault to current directory.\n\n### `upload-strategy`\n\nWhen to upload updated cache. `'immediate'` means upload the cache immediately after installing all the packages. `'on-success'` means upload cache after everything is successfully done, just like the official cache action does.\n\nBoth of the strategies are useful. Sometime you want to update the cache even though tests fail. And sometimes you just need the default behavior of the official cache action, or rely on cache hit status to do something, or maybe caching all the pyc files.\n\nDefault to `'immediate'`\n\n## Outputs\n\n### `cache-hit`\n\nWhether the cache is resored from the exact key.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fallanchain%2Fpoetry-cache-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fallanchain%2Fpoetry-cache-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fallanchain%2Fpoetry-cache-action/lists"}