ci: Disable cargo-audit in CI (PRQL#5051)

richb-hanover · Dec 9, 2024 · 5fb8612 · 5fb8612
1 parent d3e4d02
commit 5fb8612
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/.github/workflows/nightly.yaml b/.github/workflows/nightly.yaml
@@ -27,9 +27,14 @@ jobs:
     #
     # Would be better if we could only run when we know we have permissions. But
     # this will do...
+
+    # 2024-12-09 — this is failing on normal PRs despite clearing the advisories
+    # in GitHub, and the action is archived. We have the GitHub security audits,
+    # `prqlc` doesn't cross any trust boundaries, so disabling for the moment.
+    # We can re-enable if a supported action is available.
     if:
       ${{ github.repository_owner == 'prql' &&
-      !github.event.pull_request.head.repo.fork }}
+      !github.event.pull_request.head.repo.fork && 'run' == 'no' }}
     permissions:
       actions: read
       contents: read