From 3716997cb42acb84486bc02f1b8fdfcf6e0864d1 Mon Sep 17 00:00:00 2001 From: Otto Allmendinger Date: Wed, 4 Feb 2026 10:22:54 +0100 Subject: [PATCH] ci(root): remove dependency audit from PR checks Move dependency audit from ci.yml to publish.yml workflow to reduce unrelated PR failures. Audit check will still run during publishing. Issue: BTC-3003 Co-authored-by: llm-git --- .github/workflows/ci.yml | 7 +++---- .github/workflows/publish.yml | 3 +++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2db52d06ca..7fe98d411e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -87,7 +87,7 @@ jobs: strategy: fail-fast: false matrix: - check: ['lint', 'format', 'commit-lint', 'dependencies', 'audit'] + check: ['lint', 'format', 'commit-lint', 'dependencies'] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -130,9 +130,8 @@ jobs: if: matrix.check == 'dependencies' run: yarn run check-deps - - name: Audit Dependencies - if: matrix.check == 'audit' - run: yarn run improved-yarn-audit --min-severity high + # We conciously do not audit dependencies as a PR step since errors are typically + # unrelated to the PR changes. This check is performed in `publish.yml`. license-analysis: runs-on: ubuntu-latest diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 182203e4cc..1a6f571788 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -28,6 +28,9 @@ jobs: - name: Install BitGoJS run: yarn install --with-frozen-lockfile + - name: Audit Dependencies + run: yarn run improved-yarn-audit --min-severity high + - name: Set Environment Variable for Alpha if: github.ref != 'refs/heads/master' # only publish changes if on feature branches run: |