ci: add 2-day package install cooldown (supply-chain guard) (1/n) #285

	name: Nightly packages

	on:
	pull_request: # this shall test only the part of workflow before publishing
	branches: [master, "release/*"]
	types: [opened, reopened, ready_for_review, synchronize]
	paths:
	- "requirements/ci.txt"
	- ".github/actions/pkg-check/*"
	- ".github/workflows/release-nightly.yml"
	schedule:
	- cron: "0 0 * * 0" # on Sundays
	workflow_dispatch: {}

	defaults:
	run:
	shell: bash

	jobs:
	build-packages:
	runs-on: ubuntu-22.04
	env:
	PKG_NAME: "lightning"
	# Supply-chain guard: skip PyPI releases newer than this (ISO 8601 duration). See https://pip.pypa.io/en/stable/cli/pip_install/#cmdoption-uploaded-prior-to
	PIP_UPLOADED_PRIOR_TO: "P2D"
	steps:
	- uses: actions/checkout@v6
	- uses: actions/setup-python@v6
	with:
	python-version: "3.10"

	- name: Upgrade pip (for --uploaded-prior-to, pip >= 26.1)
	run: python -m pip install --upgrade "pip>=26.1"
	- name: Convert actual version to nightly
	run: \|
	pip install -q -r .actions/requirements.txt
	python .actions/assistant.py convert_version2nightly
	- run: python -c "print('NB_DIRS=' + str(2 if '${{ env.PKG_NAME }}' == 'pytorch' else 1))" >> $GITHUB_ENV
	- name: Build & check package
	uses: ./.github/actions/pkg-check
	with:
	pkg-name: ${{ env.PKG_NAME }}
	nb-dirs: ${{ env.NB_DIRS }}
	allow-local-changes: "true"

	- uses: actions/upload-artifact@v7
	with:
	name: nightly-packages-${{ github.sha }}
	path: dist
	include-hidden-files: true

Provide feedback