Since #279, the 'dummy workflow' is ran for PRs and pushes.
If I understand correctly, the intent was to have a CI job that checks the latest allowed versions of actions don't introduce dependencies on actions that are not yet allowed.
This does not seem to work for pull_request triggers: since the updated action refers to versions of the actions not yet allowlisted, they always fail.
This does not seem to work for push triggers: since there is a race between updating the allowlist and running the job, they often fail.
Perhaps we should make this a nightly/weekly/... job instead?
Since #279, the 'dummy workflow' is ran for PRs and pushes.
If I understand correctly, the intent was to have a CI job that checks the latest allowed versions of actions don't introduce dependencies on actions that are not yet allowed.
This does not seem to work for
pull_requesttriggers: since the updated action refers to versions of the actions not yet allowlisted, they always fail.This does not seem to work for
pushtriggers: since there is a race between updating the allowlist and running the job, they often fail.Perhaps we should make this a nightly/weekly/... job instead?