Feature proposal: Integrate dependency support

[alexjurkiewicz]

I think a most users of this action run an "install dependencies" step immediately after. I think it would improve the developer experience if the "install dependencies" step was integrated into this action.

Current workflow:

    - name: Set up Python ${{ matrix.python-version }}
      uses: actions/setup-python@v1
      with:
        python-version: ${{ matrix.python-version }}
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -r requirements.txt

Option 1: Support installing packages with pip

    - name: Set up Python ${{ matrix.python-version }}
      uses: actions/setup-python@v1
      with:
        python-version: ${{ matrix.python-version }}
        pip-install: -r requirements.txt

        # or if you use a different package manager...
        # pip-install: pipenv
    # - name: Install dependencies
      # run: pipenv install

Option 2: Add full support for all package managers

    - name: Set up Python ${{ matrix.python-version }}
      uses: actions/setup-python@v1
      with:
        python-version: ${{ matrix.python-version }}
        # Pip
        package-manager: pip
        package-manager-args: -r requirements.txt
        # Pipenv
        package-manager: pipenv
        package-manager-args: --pre --dev --deploy
        # Poetry
        package-manager: poetry
        package-manager-args: --no-dev

What do you think? Option 1 is much smaller in scope than option 2, but I think both would be low maintenance (Python has a lot of package managers, but not that many).

[zyv]

We would very much like to use this action, because it will be a huge speed improvement as compared to pulling our pre-baked CI docker image. However, we absolutely need dependency management support - and specifically poetry. So sadly we can't switch until some kind of poetry support is implemented...

[omBratteng]

I probably wouldn't install the project dependencies in the same step as setting up python, but it would be nice if the action included the major package managers. Like the node action includes yarn.
Although I think it would be better if the package manager was added at the image layer, which yarn is.
https://github.com/actions/virtual-environments/blob/main/images/linux/Ubuntu2004-README.md

[omBratteng]

I opened a PR that adds poetry to the virtual environments
actions/runner-images#3293

[zyv]

We ended up creating an action to install Poetry after setting up Python - it's still faster than pulling a complete pre-baked docker image with the operating system:

https://github.com/moneymeets/action-setup-poetry

Adding poetry to the base action images would of course only make it better!

[omBratteng]

They closed my PR, as they think because poetry only takes a few seconds to install, it is not needed in the action image, and using actions is better.

[ricardo-dematos]

Like many of you, I also immediately run an "install dependencies" step after running this action, thus I've created a composite action:

name: 'Set up python'
description: 'Set up GitHub Actions workflow with a version of Python configured with our settings'
inputs:
  python-version:
    description: "Version range or exact version of Python to use, using SemVer's version range syntax"
    required: false
    default: '3.9'
  python-requirements-file:
    description: "Path to the python requirements file"
    required: false
    default: 'requirements.txt'
outputs:
  python-path:
    description: "The absolute path to the Python executable"
    value: '${{ steps.python.outputs.python-path }}'
  python-version:
    description: "The installed and configured Python version"
    value: '${{ steps.python.outputs.python-version }}'
  cache-hit:
    description: "A boolean value to indicate a cache entry was found"
    value: '${{ steps.python.outputs.cache-hit }}'
runs:
  using: composite
  steps:
    - id: python
      uses: actions/setup-python@v4
      with:
        token: '${{ env.GITHUB_TOKEN }}'
        python-version: '${{ inputs.python-version }}'
        cache: 'pip'
        cache-dependency-path: '${{ inputs.python-requirements-file }}'
    - id: libxmlsec1-dev
      run: sudo apt-get update && sudo apt-get --assume-yes install pkg-config libxmlsec1-dev
      shell: bash
    - id: requirements
      run: pip install --exists-action w --requirement "${{ inputs.python-requirements-file }}"
      shell: bash

The action documentation states:

The action has built-in functionality for caching and restoring dependencies. It uses toolkit/cache under the hood for caching dependencies but requires less configuration settings. Supported package managers are pip, pipenv and poetry. The cache input is optional, and caching is turned off by default.

The action defaults to searching for a dependency file (requirements.txt for pip, Pipfile.lock for pipenv or poetry.lock for poetry) in the repository, and uses its hash as a part of the cache key. Input cache-dependency-path is used for cases when multiple dependency files are used, they are located in different subdirectories or different files for the hash that want to be used.

This means that the inputs to run the "install dependencies" step are already available, at least for the currently supported package managers, thus this action could execute it in one go.

[brcrista]

My usual take on this is that actions should follow the Unix philosophy. But in this case, by adding built-in dependency caching, we’ve already tightly coupled with the popular Python package managers. We'd welcome a PR for this if anyone wants to take that on.