v1.0.0 Latest version
A GitHub action to have pip install from a requirements file as securely as possible.
The command to run Python (as
-m is used to run pip). Defaults to
The path to the requirements file. Defaults to
Additional command-line options to pass to pip (e.g.
A few options are turned on for pip to make sure installations are secure and reproducible:
- A requirements file must be specified to make sure all dependencies are known
statically for auditing purposes (
- No dependency resolution is done to make sure the requirements file is
- All requirements must have a hash provided to make sure the files have not
been tampered with (
- Only wheels are allowed to have reproducible installs (