chore(ci): add concurrency control to all workflows#258
Merged
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'Rivet Criterion Benchmarks'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.20.
| Benchmark suite | Current: 9399432 | Previous: 08b87f8 | Ratio |
|---|---|---|---|
traceability_matrix/1000 |
59200 ns/iter (± 893) |
44661 ns/iter (± 159) |
1.33 |
query/10000 |
116419 ns/iter (± 886) |
92475 ns/iter (± 909) |
1.26 |
This comment was automatically generated by workflow using github-action-benchmark.
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
5 tasks
Add top-level `concurrency:` blocks to every workflow so superseded PR
runs are cancelled while runs on `main`, tags, releases, and scheduled
events complete normally. Org-wide context: 93 workflows queued across
the org as of 2026-05-02 with the oldest job 23h old; rivet has been
intermittently sitting at 5h+ runner-queue stalls on chore PRs.
Without this, every PR push starts a fresh run while previous runs on
superseded commits keep executing — agents pushing 2-5 commits per
minute multiply queue pressure for zero useful signal. The conditional
`cancel-in-progress: ${{ github.event_name == 'pull_request' }}`
preserves all main-branch and scheduled work.
Variants applied per the brief:
- **default** (cancel only on PR): `benchmarks.yml`, `ci.yml`
- **compliance** (serialize, never cancel — partial reports leave
registries / attestations inconsistent): `compliance.yml`
- **release** (serialize per-tag, never cancel — partial publish
leaves npm / GitHub Release inconsistent): `release.yml`,
`release-npm.yml`. `release-npm.yml` keys on tag-name with
fallback through `inputs.version` and `github.ref` for
workflow_dispatch.
Already had correct concurrency, left alone:
- `rivet-delta.yml`: groups by `pull_request.number`, always cancels
(correct: PR-only workflow, no main runs to protect).
- `fuzz.yml`: groups by ref with `cancel-in-progress: false` (correct
for hybrid push+schedule workflow; one fuzz run per ref serializes
cleanly without losing scheduled corpus growth).
Verification before merge:
- All YAMLs parse cleanly via Python yaml.safe_load.
- Diff is workflow-files-only — no job restructure, no runs-on
change, no caching change.
Trace: skip
#261 already added a concurrency block to release-npm.yml when switching the trigger to workflow_run. Rebasing this branch on top stacked the original release: published variant on top, producing duplicate top-level concurrency keys (invalid YAML). Drop the now-redundant block; #261's block (keyed on github.event.workflow_run.head_branch) is the correct one for the current trigger. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
avrabe
force-pushed
the
chore/ci-concurrency-control
branch
from
9efe096 to
9399432
Compare
5 tasks
avrabe
added a commit
that referenced
this pull request
May 11, 2026
Three queued feature requests now land: rivet bundle (#266), rivet coverage --matrix (#243), s-expr linked-via operator (#265). Plus externals load their own schemas (#267) and STPA TCL numbering is corrected to ISO 26262-8 (#257). Infrastructure: CI concurrency control across all workflows (#258), migration to self-hosted smithy runners (#262), release-npm trigger fix that retroactively unblocked v0.7.0/v0.8.0 npm publication (#261), weekly dependabot (#216), and the wasmtime 42→43 upgrade that retires the RUSTSEC-2026-0114 suppression introduced in v0.8.0 (#260). #125 (provenance-lifecycle) intentionally deferred — 5-week-old branch with conflicts in heavily-churned files (CLAUDE.md, ci.yml, settings). Needs its own attention session, not safe to autonomously rebase. Refs: FEAT-001 Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds top-level
concurrency:blocks to all workflows per the org-wide CI Concurrency Hardening brief. Superseded PR runs are cancelled; main / tag / scheduled / release runs are protected.Why
Org-wide stats (2026-05-02): 93 workflows queued across the org; oldest queued job 23h old. Rivet has been intermittently sitting at 5h+ stalls on chore PRs (#246, #256). Without concurrency control, every PR push starts a fresh run while older runs on superseded commits keep executing for zero useful signal.
Variants applied
benchmarks.ymlci.ymlcompliance.ymlrelease.ymlrelease-npm.ymlAlready had correct concurrency, left alone
rivet-delta.yml: groups bypull_request.number, always cancels — correct for a PR-only workflow.fuzz.yml: groups by ref,cancel-in-progress: false— correct for hybrid push+schedule (one fuzz run per ref, scheduled corpus growth never lost).Verification
yaml.safe_load.mainrun completes normally (not cancelled).Out of scope (separate work)
Per the brief: not changing
runs-on:, not splitting matrices, not changing caching, not minimizingpermissions:. Those depend on this landing first.🤖 Generated with Claude Code