Skip to content

feat: broaden pip cache keys to cover pyproject.toml and add caching to bandit workflow #400

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
abhimehro merged 2 commits into from
Feb 28, 2026
Merged

feat: broaden pip cache keys to cover pyproject.toml and add caching to bandit workflow #400

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3a6558a
Initial plan
Copilot Feb 20, 2026
373d59b
feat: add CI dependency caching to sync.yml and bandit.yml
Copilot Feb 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions .github/workflows/bandit.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,19 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

# PERFORMANCE: Cache pip dependencies so that any packages installed by the
# bandit scan action (or future pip-install steps) are served from cache.
# Key covers both requirements.txt and pyproject.toml so any dep change
# automatically busts the cache.
- name: Cache pip dependencies
uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt', 'pyproject.toml') }}
restore-keys: |
${{ runner.os }}-pip-

- name: Bandit Scan
uses: shundor/python-bandit-scan@ab1d87dfccc5a0ffab88be3aaac6ffe35c10d6cd
with: # optional arguments
Expand Down
10 changes: 7 additions & 3 deletions .github/workflows/sync.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,21 @@ jobs:
uses: actions/checkout@v4

# PERFORMANCE: Caching pip dependencies significantly speeds up CI
# Cache key is based on requirements.txt hash, automatically invalidating when deps change
# Cache key is based on requirements.txt + pyproject.toml hashes, automatically
# invalidating when deps change. Both files are included because pyproject.toml
# defines the source of truth for dependencies.
# See: https://github.com/actions/setup-python#caching-packages-dependencies
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.13'
cache: 'pip'
cache-dependency-path: 'requirements.txt'
cache-dependency-path: |
requirements.txt
pyproject.toml

# REPRODUCIBILITY: Install from requirements.txt to centralize and document dependencies
# This also aligns installs with the cache key derived from requirements.txt
# This also aligns installs with the cache key derived from requirements.txt + pyproject.toml
- name: Install dependencies
run: pip install -r requirements.txt

Expand Down
Loading