diff --git a/.github/workflows/benchmarks.yml b/.github/workflows/benchmarks.yml index ae7846e4..eb915423 100644 --- a/.github/workflows/benchmarks.yml +++ b/.github/workflows/benchmarks.yml @@ -1,5 +1,10 @@ name: Benchmarks +# Cancel superseded PR runs; protect main + scheduled runs. +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + on: push: branches: [main] diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ce951bb1..efd546ef 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,5 +1,11 @@ name: CI +# Cancel superseded PR runs; protect main + scheduled runs. +# `head_ref || ref` keys per-PR-source-branch on PRs, falls back to ref on push. +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + on: push: branches: [main] diff --git a/.github/workflows/compliance.yml b/.github/workflows/compliance.yml index 2e521cd3..0f1c547c 100644 --- a/.github/workflows/compliance.yml +++ b/.github/workflows/compliance.yml @@ -1,5 +1,12 @@ name: Compliance Report +# Compliance variant: produces compliance reports / signed artifacts. Group +# for serialization but never cancel — partially-completed compliance runs +# leave registries / attestations in inconsistent state. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false + on: workflow_call: inputs: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 770f4661..fa701025 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,5 +1,12 @@ name: Release +# Release variant: serialize per-tag, never cancel. A cancelled release +# mid-publish leaves the GitHub Release page, registries, and per-target +# binary archives in inconsistent state. +concurrency: + group: release-${{ github.ref }} + cancel-in-progress: false + on: push: tags: