actions/setup-go
3
0
Fork 0
mirror of https://github.com/actions/setup-go.git synced 2026-04-10 06:30:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add cache-write input for read-only cache mode

Browse source 
Add a 'cache-write' input (default: true) that controls whether the cache
is saved at the end of the workflow. When set to 'false', the action will
restore cached dependencies but skip saving, providing a read-only cache
mode.

This is useful for preventing cache poisoning attacks from untrusted PR
builds while still benefiting from cached dependencies.
This commit is contained in:
Salman Chishti 2026-03-09 05:35:59 -07:00 committed by GitHub
parent 27fdb267c1
commit c948a2c163
3 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
dist/cache-save/index.js vendored
View file

@ -71548,6 +71548,11 @@ process.on('uncaughtException', e => {
function run(earlyExit) {
return __awaiter(this, void 0, void 0, function* () {
try {
const cacheWriteEnabled = core.getInput('cache-write');
if (cacheWriteEnabled === 'false') {
core.info('Cache write is disabled (read-only mode). Skipping cache save.');
return;
}
const cacheInput = core.getBooleanInput('cache');
if (cacheInput) {
yield cachePackages();