https://github.com/seapagan/check-yanked-packages

This GitHub Action checks for "yanked" Python packages in your `poetry.lock` file.
https://github.com/seapagan/check-yanked-packages

github-action lockfile package-management poetry-python yanked

Last synced: 6 months ago
JSON representation

This GitHub Action checks for "yanked" Python packages in your `poetry.lock` file.

• Host: GitHub
• URL: https://github.com/seapagan/check-yanked-packages
• Owner: seapagan
• License: mit
• Created: 2024-06-24T13:09:09.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2024-06-24T19:08:55.000Z (over 1 year ago)
• Last Synced: 2025-04-05T13:53:23.297Z (7 months ago)
• Topics: github-action, lockfile, package-management, poetry-python, yanked
• Homepage:
• Size: 10.7 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE.txt

Awesome Lists containing this project

README

          
# Check for Yanked Python Packages

This GitHub Action checks for "yanked" Python packages in your `poetry.lock`

file. These are packages that have been removed from the Python Package Index

(PyPI), by the package maintainer, and should not be used.

It requires that your project uses [poetry](https://python-poetry.org/) for

dependency management, and that the `poetry.lock` file to be present in the

repository.

Under the hood, this action uses my

[check-yanked](https://github.com/seapagan/poetry-plugin-check-yanked) plugin

for poetry, so check that out for local control over yanked packages.

The Action will fail if any yanked packages are found in the `poetry.lock` file,

you can check the Action logs for more information on which packages are yanked.

- [Check for Yanked Python Packages](#check-for-yanked-python-packages)

  - [Usage](#usage)

    - [Standalone](#standalone)

    - [As part of a larger workflow](#as-part-of-a-larger-workflow)

  - [Options](#options)

  - [Changelog](#changelog)

## Usage

To use this GitHub Action, you can add the following code to your workflow file:

### Standalone

```yaml

name: Check for Yanked Packages

on: [push, pull_request]

jobs:

  check-yanked:

    runs-on: ubuntu-latest

    steps:

      - name: Run poetry check-yanked

        uses: seapagan/check-yanked-packages@v1

```

Note that you do **not** need to checkout the repository or setup Python, as the

action will do this for you. However, if you do have these steps in your

workflow, the action will not attempt to run them again.

### As part of a larger workflow

If this action is run as part of a larger workflow, put it after the main

checkout and python setup steps. If these are aleady run, the plugin will not

attempt to checkout the repository again nor setup python.

```yaml

name: CI

on: [push, pull_request]

jobs:

  build:

    runs-on: ubuntu-latest

    steps:

      - uses: actions/checkout@v4

      - uses: actions/setup-python@v5

        with:

          python-version: '3.x'

      - name: Run poetry check-yanked

        uses: seapagan/check-yanked-packages@v1

```

## Options

There are currently two options available for this action:

- `path` - The path to the directory containing the `poetry.lock` file. This

  defaults to the root of the repository.

- `python-version` - The version of Python to use when running the action. This

  defaults to the latest version of Python 3.x available on the runner.

  - If you are using the `actions/setup-python` action, this will be **ignored**,

  and the version of Python installed by that will be used instead.

These are both optional, and can be set in the workflow file like so:

```yaml

- name: Run poetry check-yanked

  uses: seapagan/check-yanked-packages@v1

  with:

    python-version: '3.10'

    path: 'path/to/directory'

```

## Changelog

**v1** - 24th June 2024

- Initial Release