Add cache-write input for read-only cache mode#1284
Open
salmanmkc wants to merge 2 commits intoactions:mainfrom
Open
Add cache-write input for read-only cache mode#1284salmanmkc wants to merge 2 commits intoactions:mainfrom
salmanmkc wants to merge 2 commits intoactions:mainfrom
Conversation
Loading
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Right now if you use
cache: pip(or pipenv/poetry) in a PR workflow, the action restores and saves the cache. There's no way to get read-only mode where you benefit from existing caches without writing back. This matters for cache poisoning — an untrusted PR could plant bad packages in the cache that later get picked up by pushes to main.This adds a
cache-writeinput (defaults totrue, no breaking change). Set it tofalseto skip the post-step save.Usage:
What changed:
action.yml— newcache-writeinputsrc/cache-save.ts— early return whencache-writeisfalsedist/— rebuiltSame change going into setup-node, setup-go, setup-java, setup-dotnet.