Skip to content

Separate "audit" workflow#1333

Open
fbacall wants to merge 6 commits into
masterfrom
audit-workflow
Open

Separate "audit" workflow#1333
fbacall wants to merge 6 commits into
masterfrom
audit-workflow

Conversation

@fbacall

@fbacall fbacall commented Jun 30, 2026

Copy link
Copy Markdown
Member

Summary of changes

  • Move gem auditing into separate workflow which only runs if Gemfile/Gemfile.lock was modified.
  • Also run it automatically on Monday @ 9AM - but possibly this is unnecessary with dependabot... remove if it is just flagging duplicate issues.

Motivation and context

It was annoying having the test workflow "fail" due to no fault of the committed code.

Checklist

  • I have read and followed the CONTRIBUTING guide.
  • I confirm that I have the authority necessary to make this contribution on behalf of its copyright owner and agree to license it to the TeSS codebase under the BSD license.

(Squash before merge)

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR separates Ruby gem vulnerability auditing from the main test workflow into its own GitHub Actions workflow, so routine test runs aren’t marked as failed due to advisory DB updates or unrelated audit findings.

Changes:

  • Removed the bundle-audit step from .github/workflows/test.yml.
  • Added a new .github/workflows/audit.yml workflow that runs gem auditing only when Gemfile/Gemfile.lock changes, plus a weekly scheduled run.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
.github/workflows/test.yml Removes gem auditing from the test workflow so tests aren’t blocked by audit results.
.github/workflows/audit.yml Introduces a dedicated gem audit workflow triggered by Gemfile changes and a weekly schedule.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/audit.yml
Comment thread .github/workflows/audit.yml
Comment thread .github/workflows/audit.yml Outdated
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants