From e4b290f45bdc5a749e563b22f861b15b7ab10633 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Fri, 17 May 2024 14:41:41 -0400 Subject: [PATCH] release: remove pip cache usage Signed-off-by: William Woodruff --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fa7413311..c8a679aca 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,9 +21,9 @@ jobs: - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: + # NOTE: We intentionally don't use a cache in the release step, + # to reduce the risk of cache poisoning. python-version: "3.x" - cache: "pip" - cache-dependency-path: pyproject.toml - name: deps run: python -m pip install -U build