Skip to content

Update python-package.yml #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
dmdmx wants to merge 1 commit into from
Closed

Update python-package.yml #1

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions .github/workflows/python-package.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,3 +38,31 @@ jobs:
- name: Test with pytest
run: |
pytest
- name: Setup Node.js environment
uses: actions/setup-node@v6.1.0
Comment on lines +41 to +42

@sourcery-ai sourcery-ai Bot Jan 12, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

issue (bug_risk): The new Node setup step is mis-indented and split, which will make the workflow YAML invalid.

In GitHub Actions, each step must be a single, consistently indented map under steps:. Here - name is over-indented while uses:/with: are at the root level, so uses: is not actually part of the step and the workflow will fail to load. Please align this as a normal step, matching the indentation of the existing steps.

@sourcery-ai sourcery-ai Bot Jan 12, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion (bug_risk): The actions/setup-node version pin looks unusual and may not resolve to a valid action release.

actions/setup-node versions are usually pinned by major tag (e.g. @v4) or a released tag like @v4.1.0. @v6.1.0 likely does not exist and will cause the workflow to fail when the action cannot be resolved. Please switch to a known valid tag (e.g. @v4) or the specific released version you intend to use.

Suggested change
uses: actions/setup-node@v6.1.0
uses: actions/setup-node@v4

with:
# Version Spec of the version to use. Examples: 12.x, 10.15.1, >=10.15.0.
node-version: # optional
# File containing the version Spec of the version to use. Examples: package.json, .nvmrc, .node-version, .tool-versions.
node-version-file: # optional
# Target architecture for Node to use. Examples: x86, x64. Will use system architecture by default.
architecture: # optional
# Set this option if you want the action to check for the latest available version that satisfies the version spec.
check-latest: # optional
# Optional registry to set up for auth. Will set the registry in a project level .npmrc and .yarnrc file, and set up auth to read in from env.NODE_AUTH_TOKEN.
registry-url: # optional
# Optional scope for authenticating against scoped registries. Will fall back to the repository owner when using the GitHub Packages registry (https://npm.pkg.github.com/).
Comment on lines +45 to +54

@sourcery-ai sourcery-ai Bot Jan 12, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

issue (bug_risk): Several with: inputs are declared without values, which will result in invalid or unintended configuration.

In this case node-version: is declared but has no value. In GitHub Actions, a bare key like this can break the workflow or pass an empty value to the action. Either remove unused keys or set explicit values for the ones you actually need.

scope: # optional
# Used to pull node distributions from node-versions. Since there's a default, this is typically not supplied by the user. When running this action on github.com, the default value is sufficient. When running on GHES, you can pass a personal access token for github.com if you are experiencing rate limiting.
token: # optional, default is ${{ github.server_url == 'https://github.com' && github.token || '' }}
# Used to specify a package manager for caching in the default directory. Supported values: npm, yarn, pnpm.
cache: # optional
# Set to false to disable automatic caching. By default, caching is enabled when either devEngines.packageManager or the top-level packageManager field in package.json specifies npm as the package manager.
package-manager-cache: # optional, default is true
# Used to specify the path to a dependency file: package-lock.json, yarn.lock, etc. Supports wildcards or a list of file names for caching multiple dependencies.
cache-dependency-path: # optional
# Used to specify an alternative mirror to downlooad Node.js binaries from
mirror: # optional
# The token used as Authorization header when fetching from the mirror
mirror-token: # optional