From 3363ab0beec46e2372640014cfcc3882b0ce60e5 Mon Sep 17 00:00:00 2001
From: Mike Heffner <mikeh@fesnel.com>
Date: Tue, 17 Mar 2026 10:01:10 -0400
Subject: [PATCH] Skip secret tests on dependabot

---
 .github/workflows/ci.yml | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index bef317f..ccfcb4d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -36,18 +36,28 @@ jobs:
         with:
           target: ${{ matrix.target }}
           rustflags: ""
+
+      # dependabot does not have access to secrets, skip for dependency updates
       - name: Configure AWS credentials
+        if: ${{ github.actor != 'dependabot[bot]' }}
         uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ secrets.AWS_LAMBDA_CI_ROLE_ARN }}
           aws-region: us-east-1
-      - name: run test
-        env:
-          TEST_SECRETSMANAGER_ARNS: ${{ secrets.TEST_SECRETSMANAGER_ARNS }}
-          TEST_PARAMSTORE_ARNS: ${{ secrets.TEST_PARAMSTORE_ARNS }}
-          TEST_ENVSECRET_ARNS: ${{ secrets.TEST_ENVSECRET_ARNS }}
+      - name: Set secret test ARNS
+        if: ${{ github.actor != 'dependabot[bot]' }}
         run: |
-          cargo test --target ${{ matrix.target }} --verbose
+          echo "TEST_SECRETSMANAGER_ARNS=${{ secrets.TEST_SECRETSMANAGER_ARNS }}" >> $GITHUB_ENV
+          echo "TEST_PARAMSTORE_ARNS=${{ secrets.TEST_PARAMSTORE_ARNS }}" >> $GITHUB_ENV
+          echo "TEST_ENVSECRET_ARNS=${{ secrets.TEST_ENVSECRET_ARNS }}" >> $GITHUB_ENV
+
+      - uses: taiki-e/install-action@nextest
+      - name: run tests
+        uses: actions-rs/cargo@v1
+        with:
+          command: nextest
+          args: run --target ${{ matrix.target }} --verbose
+
 
   # Check formatting with rustfmt
   formatting: