ci: skip security-audit tests in CI

benvinegar · benvinegar · commit 5e6da35c7311 · 2026-02-15T21:47:44.000-05:00
The audit script checks live system state (running services, firewall
rules, /proc mounts) that does not exist in a CI runner. Run locally.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -34,8 +34,9 @@ jobs:
       - name: Test — log redaction (11 tests)
         run: cd bin && bash redact-logs.test.sh
 
-      - name: Test — security audit (21 tests)
-        run: cd bin && bash security-audit.test.sh
+      # security-audit.sh checks live system state (running services, firewall,
+      # /proc mounts) that doesn't exist in CI. Run it locally instead:
+      #   cd bin && bash security-audit.test.sh
 
   secret-scan:
     runs-on: ubuntu-latest
