From 83269ba658555c067b4194b04e8e7f16dd068c0d Mon Sep 17 00:00:00 2001 From: Jonathan Yu Date: Tue, 1 Mar 2022 15:03:39 -0800 Subject: [PATCH] chore: limit concurrency for build jobs (#4929) * Configure build jobs to cancel previous builds when new changes are pushed to a pull request branch, and serialize builds when running in a branch from a push event * Reduce privileges of GitHub token for scripts workflow --- .github/workflows/ci.yaml | 7 +++++++ .github/workflows/codeql-analysis.yml | 7 +++++++ .github/workflows/docker.yaml | 7 +++++++ .github/workflows/docs-preview.yaml | 7 +++++++ .github/workflows/installer.yml | 7 +++++++ .github/workflows/npm-brew.yaml | 7 +++++++ .github/workflows/scripts.yml | 19 +++++++++++++++++++ 7 files changed, 61 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 9f3bb7d53..985a248b2 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -8,6 +8,13 @@ on: branches: - main +# Cancel in-progress runs for pull requests when developers push +# additional changes, and serialize builds in branches. +# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + # Note: if: success() is used in several jobs - # this ensures that it only executes if all previous jobs succeeded. diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 3b41e3d9b..d9ab78ab3 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -10,6 +10,13 @@ on: # Runs every Monday morning PST - cron: "17 15 * * 1" +# Cancel in-progress runs for pull requests when developers push +# additional changes, and serialize builds in branches. +# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + jobs: analyze: name: Analyze diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index ec1792b27..c31577d57 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -9,6 +9,13 @@ on: types: - released +# Cancel in-progress runs for pull requests when developers push +# additional changes, and serialize builds in branches. +# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + jobs: docker-images: runs-on: ubuntu-20.04 diff --git a/.github/workflows/docs-preview.yaml b/.github/workflows/docs-preview.yaml index 6eb4fcaef..e56acf5c4 100644 --- a/.github/workflows/docs-preview.yaml +++ b/.github/workflows/docs-preview.yaml @@ -17,6 +17,13 @@ permissions: security-events: none statuses: none +# Cancel in-progress runs for pull requests when developers push +# additional changes, and serialize builds in branches. +# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + jobs: preview: name: Docs preview diff --git a/.github/workflows/installer.yml b/.github/workflows/installer.yml index cba880cf9..761e1047c 100644 --- a/.github/workflows/installer.yml +++ b/.github/workflows/installer.yml @@ -12,6 +12,13 @@ on: paths: - "install.sh" +# Cancel in-progress runs for pull requests when developers push +# additional changes, and serialize builds in branches. +# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + jobs: ubuntu: name: Test installer on Ubuntu diff --git a/.github/workflows/npm-brew.yaml b/.github/workflows/npm-brew.yaml index a515e423e..7f9648d03 100644 --- a/.github/workflows/npm-brew.yaml +++ b/.github/workflows/npm-brew.yaml @@ -8,6 +8,13 @@ on: release: types: [released] +# Cancel in-progress runs for pull requests when developers push +# additional changes, and serialize builds in branches. +# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + jobs: # NOTE: this job requires curl, jq and yarn # All of them are included in ubuntu-latest. diff --git a/.github/workflows/scripts.yml b/.github/workflows/scripts.yml index 197d74ef8..cf6d18caa 100644 --- a/.github/workflows/scripts.yml +++ b/.github/workflows/scripts.yml @@ -14,6 +14,25 @@ on: - "**.sh" - "**.bats" +permissions: + actions: none + checks: none + contents: read + deployments: none + issues: none + packages: none + pull-requests: none + repository-projects: none + security-events: none + statuses: none + +# Cancel in-progress runs for pull requests when developers push +# additional changes, and serialize builds in branches. +# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + jobs: test: name: Run script unit tests