From 82c1f096de262dee0740cb629973f8625035b533 Mon Sep 17 00:00:00 2001 From: Matthias Date: Tue, 6 Jan 2026 08:35:40 +0100 Subject: [PATCH] maint: skip pip-audit in github actions --- tests/test_pip_audit.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/test_pip_audit.py b/tests/test_pip_audit.py index ab9017b89..7c135c2c9 100644 --- a/tests/test_pip_audit.py +++ b/tests/test_pip_audit.py @@ -4,6 +4,7 @@ Original Idea and base for this implementation by Michael Kennedy's blog: https://mkennedy.codes/posts/python-supply-chain-security-made-easy/ """ +import os import subprocess import sys from pathlib import Path @@ -11,6 +12,12 @@ from pathlib import Path import pytest +IN_GITHUB_ACTIONS = os.getenv("GITHUB_ACTIONS") == "true" + + +# Skip this test in github actions - github issues a security warning on it's own. +# This is to detect local transient dependencies. +@pytest.mark.skipif(IN_GITHUB_ACTIONS, reason="Skip pip-audit in GitHub Actions") def test_pip_audit_no_vulnerabilities(): """ Run pip-audit to check for known security vulnerabilities.