ci: don't skip check_advisories when tools change

The `check_advisories` step only runs if the tools didn't change. If tools *and* advisories changed, it skips the `check_advisories` step. This is incorrect behaviour. Ignore the state of the tools directory when deciding whether to run the `check_advisories` step.
haskell · Nov 6, 2023 · 554c759 · 554c759
1 parent 4254ead
commit 554c759
Showing 1 changed file with 2 additions and 15 deletions.
diff --git a/.github/workflows/check-advisories.yml b/.github/workflows/check-advisories.yml
@@ -2,19 +2,6 @@ name: Check advisories
 on:
   - pull_request
 jobs:
-  tools_changed:
-    continue-on-error: true
-    runs-on: ubuntu-22.04
-    outputs:
-      should_skip: ${{ steps.skip_check.outputs.should_skip }}
-    steps:
-      - id: skip_check
-        uses: fkirc/[email protected]
-        with:
-          concurrent_skipping: "never"
-          skip_after_successful_duplicate: "true"
-          paths: '["code/**"]'
-          do_not_skip: '["push", "workflow_dispatch", "schedule"]'
   advisories_changed:
     continue-on-error: true
     runs-on: ubuntu-22.04
@@ -52,8 +39,8 @@ jobs:
           echo "code-hash=$code_hash" >> "$GITHUB_OUTPUT"
   check_advisories:
     name: Invoke check-advisories workflow
-    needs: [tools_changed, advisories_changed, code_hash]
-    if: ${{ needs.tools_changed.outputs.should_skip == 'true' && needs.advisories_changed.outputs.should_skip != 'true' }}
+    needs: [advisories_changed, code_hash]
+    if: ${{ needs.advisories_changed.outputs.should_skip != 'true' }}
     uses: ./.github/workflows/call-check-advisories.yml
     with:
       fetch-key: hsec-tools-${{ needs.code_hash.outputs.code_hash }}