From 4c2464d0131b93eebc7cc6cc147394345ffa673c Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Thu, 30 Oct 2025 16:15:51 +0100 Subject: [PATCH 1/3] chore: add concurrent workflow rules --- .github/workflows/codeql.yml | 4 ++++ .github/workflows/dependency-review.yml | 4 ++++ .github/workflows/lambda.yml | 4 ++++ .github/workflows/ossf-scorecard.yml | 4 ++++ .github/workflows/ovs.yml | 4 ++++ .github/workflows/packer-build.yml | 5 +++++ .github/workflows/release.yml | 4 ++++ .github/workflows/semantic-check.yml | 5 +++++ .github/workflows/stale.yml | 5 +++++ .github/workflows/terraform.yml | 4 ++++ .github/workflows/update-docs.yml | 4 ++++ .github/workflows/zizmor.yml | 4 ++++ 12 files changed, 51 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a75c370e57..f34e87e158 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -10,6 +10,10 @@ on: schedule: - cron: '25 19 * * 2' +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + permissions: contents: read diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index f964a92961..b7d4322c8e 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -9,6 +9,10 @@ name: 'Dependency Review' on: [pull_request] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + permissions: {} jobs: diff --git a/.github/workflows/lambda.yml b/.github/workflows/lambda.yml index 164ad423e4..4288db4ea4 100644 --- a/.github/workflows/lambda.yml +++ b/.github/workflows/lambda.yml @@ -8,6 +8,10 @@ on: - 'lambdas/**' - '.github/workflows/lambda.yml' +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + permissions: contents: read diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index ab722636c4..25cf0a1e6b 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -7,6 +7,10 @@ on: push: branches: [ "main" ] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + permissions: contents: read # for actions/checkout and repository analysis diff --git a/.github/workflows/ovs.yml b/.github/workflows/ovs.yml index c58a48616d..4bc95e6010 100644 --- a/.github/workflows/ovs.yml +++ b/.github/workflows/ovs.yml @@ -5,6 +5,10 @@ on: merge_group: branches: [main] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + permissions: {} jobs: diff --git a/.github/workflows/packer-build.yml b/.github/workflows/packer-build.yml index c7f96ac93e..32b847b255 100644 --- a/.github/workflows/packer-build.yml +++ b/.github/workflows/packer-build.yml @@ -8,6 +8,11 @@ on: - "images/**" - ".github/workflows/packer-build.yml" - "module/runners/templates/**" + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + permissions: contents: read diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d218bfb1cc..28a7ee1f9b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,6 +6,10 @@ on: - v1 workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false + permissions: contents: read diff --git a/.github/workflows/semantic-check.yml b/.github/workflows/semantic-check.yml index 148a41f72f..514b9259f5 100644 --- a/.github/workflows/semantic-check.yml +++ b/.github/workflows/semantic-check.yml @@ -5,6 +5,11 @@ on: - opened - edited - synchronize + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + permissions: contents: read # for actions/checkout pull-requests: read # for amannn/action-semantic-pull-request to check PR details diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 1c179ac829..5928ddf1d1 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -3,6 +3,11 @@ on: schedule: - cron: "30 1 * * *" workflow_dispatch: + +concurrency: + group: ${{ github.workflow }} + cancel-in-progress: false + permissions: {} jobs: stale: diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 8ecd94e9ee..6e88604987 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -6,6 +6,10 @@ on: pull_request: paths: ["**/*.tf", "**/*.hcl", ".github/workflows/terraform.yml"] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + permissions: contents: read diff --git a/.github/workflows/update-docs.yml b/.github/workflows/update-docs.yml index 47ddec0c47..013a0cefbd 100644 --- a/.github/workflows/update-docs.yml +++ b/.github/workflows/update-docs.yml @@ -6,6 +6,10 @@ on: - "**/*.md" - ".github/workflows/update-docs.yml" +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + permissions: contents: read diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 3c4c572cb0..1940d3478a 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -10,6 +10,10 @@ on: paths: - '.github/workflows/*.ya?ml' +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + permissions: {} jobs: From b12e1d7cf430903aee052421eacb4f795771d7c0 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Thu, 30 Oct 2025 16:22:31 +0100 Subject: [PATCH 2/3] chore: add concurrent workflow rules --- .github/workflows/stale.yml | 2 +- .github/zizmor.yml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 5928ddf1d1..9f97b0543b 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -6,7 +6,7 @@ on: concurrency: group: ${{ github.workflow }} - cancel-in-progress: false + cancel-in-progress: true permissions: {} jobs: diff --git a/.github/zizmor.yml b/.github/zizmor.yml index cd892a2bbe..7dd9e3bdf2 100644 --- a/.github/zizmor.yml +++ b/.github/zizmor.yml @@ -12,3 +12,6 @@ rules: dangerous-triggers: ignore: - semantic-check.yml:2 + concurrency-limits: + ignore: + - release.yml From 9a7d418c5c84e29dfe43b556f6e5b11678741d8d Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Thu, 30 Oct 2025 16:25:38 +0100 Subject: [PATCH 3/3] Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/codeql.yml | 2 +- .github/workflows/ossf-scorecard.yml | 2 +- .github/workflows/semantic-check.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index f34e87e158..56459d7151 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -11,7 +11,7 @@ on: - cron: '25 19 * * 2' concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }} cancel-in-progress: true permissions: diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 25cf0a1e6b..884e021b57 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -8,7 +8,7 @@ on: branches: [ "main" ] concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }} cancel-in-progress: true permissions: diff --git a/.github/workflows/semantic-check.yml b/.github/workflows/semantic-check.yml index 514b9259f5..83bc3c4da7 100644 --- a/.github/workflows/semantic-check.yml +++ b/.github/workflows/semantic-check.yml @@ -7,7 +7,7 @@ on: - synchronize concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: ${{ github.workflow }}-${{ github.event.pull_request.number }} cancel-in-progress: true permissions: