chore(ci): add concurrency control to all workflows#48
Open
Conversation
Per the org-wide CI Concurrency Hardening brief. Adds top-level
`concurrency:` blocks to cancel superseded PR runs while preserving
main-branch / scheduled / release runs.
Classification per file:
- ci.yml → default variant
Cancels superseded runs on PRs only; main-branch
runs (which this workflow doesn't currently have,
but the conditional `cancel-in-progress` is a
future-proofing default) are never cancelled.
- deploy.yml → release variant
Never cancels a deploy. The deploy script does
`find . -delete && tar -xzf` on Netcup; cancelling
mid-flight could leave the site in a half-deleted
state. Group by ref so parallel pushes serialize
without race-deleting each other.
- blog-autopublish.yml → ALREADY HAS the correct concurrency block
(group: blog-autopublish, cancel-in-progress: false).
This is a fixed-group pattern that serializes ALL
autopublish runs (cron + workflow_dispatch). For
this workflow that's correct, NOT the brief's
"scheduled variant" with ${{ github.run_id }}: this
workflow mutates repo state (creates branches and
PRs), so concurrent runs would race. Per idempotency
rule, leaving unchanged.
No job-level concurrency. No `runs-on:` changes. No matrix
restructuring. Scope is strictly `.github/workflows/`.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Per the org-wide CI Concurrency Hardening brief. Adds top-level `concurrency:` blocks to all workflow files in `.github/workflows/`. Cancels superseded PR runs; never cancels runs on `main`, releases, or operational state-mutating workflows.
This is the lowest-risk, highest-leverage move available against the 93-job org-wide queue backlog observed in the last 24h.
Classification per file
Out of scope (per brief)
No `runs-on:` changes, no matrix restructuring, no caching changes, no permissions tightening. All those are tracked separately and depend on this PR landing first.
Test plan
Security
The `concurrency:` blocks use only server-controlled context vars (`github.workflow`, `github.ref`, `github.head_ref`, `github.event_name`). No PR-author-controlled input (issue titles, PR bodies, commit messages) flows into the group key — no command-injection surface.
🤖 Generated with Claude Code