diff --git a/.github/workflows/basic-ci-amd64.yaml b/.github/workflows/basic-ci-amd64.yaml index 29acac0c31..898baaf24b 100644 --- a/.github/workflows/basic-ci-amd64.yaml +++ b/.github/workflows/basic-ci-amd64.yaml @@ -15,6 +15,10 @@ on: permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-basic-amd64 + cancel-in-progress: true + jobs: run-containerd-sandboxapi: name: run-containerd-sandboxapi @@ -26,6 +30,9 @@ jobs: matrix: containerd_version: ['active'] vmm: ['dragonball', 'cloud-hypervisor', 'qemu-runtime-rs'] + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-sandboxapi-amd64-${{ toJSON(matrix) }} + cancel-in-progress: true # TODO: enable me when https://github.com/containerd/containerd/issues/11640 is fixed if: false runs-on: ubuntu-22.04 @@ -89,6 +96,9 @@ jobs: matrix: containerd_version: ['lts', 'active'] vmm: ['clh', 'cloud-hypervisor', 'dragonball', 'qemu', 'qemu-runtime-rs'] + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-run-containerd-stability-amd64-${{ toJSON(matrix) }} + cancel-in-progress: true runs-on: ubuntu-22.04 env: CONTAINERD_VERSION: ${{ matrix.containerd_version }} @@ -135,6 +145,9 @@ jobs: matrix: containerd_version: ['lts', 'active'] vmm: ['clh', 'qemu', 'dragonball', 'qemu-runtime-rs'] + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-run-nydus-amd64-${{ toJSON(matrix) }} + cancel-in-progress: true runs-on: ubuntu-22.04 env: CONTAINERD_VERSION: ${{ matrix.containerd_version }} @@ -188,6 +201,9 @@ jobs: vmm: - clh # cloud-hypervisor - qemu + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-tracing-amd64-${{ toJSON(matrix) }} + cancel-in-progress: true # TODO: enable me when https://github.com/kata-containers/kata-containers/issues/9763 is fixed # TODO: Transition to free runner (see #9940). if: false @@ -233,6 +249,9 @@ jobs: vmm: - clh - qemu + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-vfio-amd64-${{ toJSON(matrix) }} + cancel-in-progress: true # TODO: enable with clh when https://github.com/kata-containers/kata-containers/issues/9764 is fixed # TODO: enable with qemu when https://github.com/kata-containers/kata-containers/issues/9851 is fixed # TODO: Transition to free runner (see #9940). @@ -327,6 +346,9 @@ jobs: - qemu - cloud-hypervisor - qemu-runtime-rs + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-nerdctl-amd64-${{ toJSON(matrix) }} + cancel-in-progress: true runs-on: ubuntu-22.04 env: KATA_HYPERVISOR: ${{ matrix.vmm }} @@ -377,6 +399,9 @@ jobs: run-kata-agent-apis: name: run-kata-agent-apis runs-on: ubuntu-22.04 + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-agent-api-amd64 + cancel-in-progress: true steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: diff --git a/.github/workflows/basic-ci-s390x.yaml b/.github/workflows/basic-ci-s390x.yaml index bb45665e0d..5bf4293043 100644 --- a/.github/workflows/basic-ci-s390x.yaml +++ b/.github/workflows/basic-ci-s390x.yaml @@ -13,6 +13,10 @@ on: type: string default: "" +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-s390x + cancel-in-progress: true + permissions: {} jobs: @@ -26,6 +30,9 @@ jobs: matrix: containerd_version: ['active'] vmm: ['qemu-runtime-rs'] + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-s390x-${{ toJSON(matrix) }} + cancel-in-progress: true # TODO: enable me when https://github.com/containerd/containerd/issues/11640 is fixed if: false runs-on: s390x-large @@ -89,6 +96,9 @@ jobs: matrix: containerd_version: ['lts', 'active'] vmm: ['qemu'] + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-s390x-${{ toJSON(matrix) }} + cancel-in-progress: true runs-on: s390x-large env: CONTAINERD_VERSION: ${{ matrix.containerd_version }} diff --git a/.github/workflows/build-checks-preview-riscv64.yaml b/.github/workflows/build-checks-preview-riscv64.yaml index 4d40a326f9..6a889c475f 100644 --- a/.github/workflows/build-checks-preview-riscv64.yaml +++ b/.github/workflows/build-checks-preview-riscv64.yaml @@ -12,6 +12,10 @@ on: required: true type: string +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-riscv64 + cancel-in-progress: true + permissions: {} name: Build checks preview riscv64 @@ -63,7 +67,9 @@ jobs: path: src/runtime-rs needs: - rust - + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-${{ inputs.instance }}-${{ toJSON(matrix) }} + cancel-in-progress: true steps: - name: Adjust a permission for repo run: | diff --git a/.github/workflows/build-checks.yaml b/.github/workflows/build-checks.yaml index f8259fd5fb..c417c5241b 100644 --- a/.github/workflows/build-checks.yaml +++ b/.github/workflows/build-checks.yaml @@ -5,8 +5,11 @@ on: required: true type: string -permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-build-checks + cancel-in-progress: true +permissions: {} name: Build checks jobs: @@ -75,7 +78,9 @@ jobs: - protobuf-compiler instance: - ${{ inputs.instance }} - + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-${{ inputs.instance }}-${{ toJSON(matrix) }} + cancel-in-progress: true steps: - name: Adjust a permission for repo run: | diff --git a/.github/workflows/build-kata-static-tarball-amd64.yaml b/.github/workflows/build-kata-static-tarball-amd64.yaml index 4c8b4eddd5..c57f2acbee 100644 --- a/.github/workflows/build-kata-static-tarball-amd64.yaml +++ b/.github/workflows/build-kata-static-tarball-amd64.yaml @@ -28,6 +28,10 @@ on: permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-tarball-amd64 + cancel-in-progress: true + jobs: build-asset: name: build-asset @@ -64,6 +68,9 @@ jobs: exclude: - asset: cloud-hypervisor-glibc stage: release + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-amd64-${{ toJSON(matrix) }} + cancel-in-progress: true env: PERFORM_ATTESTATION: ${{ matrix.asset == 'agent' && inputs.push-to-registry == 'yes' && 'yes' || 'no' }} steps: @@ -169,6 +176,9 @@ jobs: - rootfs-image-nvidia-gpu-confidential - rootfs-initrd - rootfs-initrd-confidential + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-amd64-${{ toJSON(matrix) }} + cancel-in-progress: true steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} @@ -236,6 +246,9 @@ jobs: - coco-guest-components - kernel-nvidia-gpu-modules - pause-image + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-amd64-${{ toJSON(matrix) }} + cancel-in-progress: true steps: - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0 with: @@ -250,6 +263,9 @@ jobs: matrix: asset: - agent + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-${{ toJSON(matrix) }} + cancel-in-progress: true steps: - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0 if: ${{ inputs.stage == 'release' }} @@ -382,6 +398,9 @@ jobs: - trace-forwarder stage: - ${{ inputs.stage }} + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-amd64-${{ toJSON(matrix) }} + cancel-in-progress: true steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} diff --git a/.github/workflows/build-kata-static-tarball-arm64.yaml b/.github/workflows/build-kata-static-tarball-arm64.yaml index e1d2de97d5..e2922557d9 100644 --- a/.github/workflows/build-kata-static-tarball-arm64.yaml +++ b/.github/workflows/build-kata-static-tarball-arm64.yaml @@ -28,6 +28,10 @@ on: permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-arm64 + cancel-in-progress: true + jobs: build-asset: name: build-asset @@ -53,6 +57,9 @@ jobs: - ovmf - qemu - virtiofsd + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-arm64-${{ toJSON(matrix) }} + cancel-in-progress: true env: PERFORM_ATTESTATION: ${{ matrix.asset == 'agent' && inputs.push-to-registry == 'yes' && 'yes' || 'no' }} steps: @@ -153,6 +160,9 @@ jobs: - rootfs-image - rootfs-image-nvidia-gpu - rootfs-initrd + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-arm-${{ toJSON(matrix) }} + cancel-in-progress: true steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} @@ -217,6 +227,9 @@ jobs: asset: - busybox - kernel-nvidia-gpu-modules + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-arm-${{ toJSON(matrix) }} + cancel-in-progress: true steps: - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0 with: diff --git a/.github/workflows/build-kata-static-tarball-ppc64le.yaml b/.github/workflows/build-kata-static-tarball-ppc64le.yaml index fd0750d717..1fd2e2d211 100644 --- a/.github/workflows/build-kata-static-tarball-ppc64le.yaml +++ b/.github/workflows/build-kata-static-tarball-ppc64le.yaml @@ -26,6 +26,10 @@ on: permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-ppc64le + cancel-in-progress: true + jobs: build-asset: name: build-asset @@ -42,6 +46,9 @@ jobs: - virtiofsd stage: - ${{ inputs.stage }} + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-ppc64le-${{ toJSON(matrix) }} + cancel-in-progress: true steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} @@ -100,6 +107,9 @@ jobs: - rootfs-initrd stage: - ${{ inputs.stage }} + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-ppc64le-${{ toJSON(matrix) }} + cancel-in-progress: true steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} @@ -162,6 +172,9 @@ jobs: matrix: asset: - agent + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-ppc64le-${{ toJSON(matrix) }} + cancel-in-progress: true steps: - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0 if: ${{ inputs.stage == 'release' }} diff --git a/.github/workflows/build-kata-static-tarball-riscv64.yaml b/.github/workflows/build-kata-static-tarball-riscv64.yaml index 3b955812f5..ea99f803c9 100644 --- a/.github/workflows/build-kata-static-tarball-riscv64.yaml +++ b/.github/workflows/build-kata-static-tarball-riscv64.yaml @@ -21,6 +21,10 @@ on: type: string default: "" +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-tarball-riscv64 + cancel-in-progress: true + permissions: {} jobs: @@ -37,6 +41,9 @@ jobs: asset: - kernel - virtiofsd + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-riscv-${{ toJSON(matrix) }} + cancel-in-progress: true steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: diff --git a/.github/workflows/build-kata-static-tarball-s390x.yaml b/.github/workflows/build-kata-static-tarball-s390x.yaml index 0393dfd31b..db10b070c3 100644 --- a/.github/workflows/build-kata-static-tarball-s390x.yaml +++ b/.github/workflows/build-kata-static-tarball-s390x.yaml @@ -29,6 +29,10 @@ on: permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-tarball-s390x + cancel-in-progress: true + jobs: build-asset: name: build-asset @@ -47,6 +51,9 @@ jobs: - pause-image - qemu - virtiofsd + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-s390x-${{ toJSON(matrix) }} + cancel-in-progress: true env: PERFORM_ATTESTATION: ${{ matrix.asset == 'agent' && inputs.push-to-registry == 'yes' && 'yes' || 'no' }} steps: @@ -134,6 +141,9 @@ jobs: - rootfs-image-confidential - rootfs-initrd - rootfs-initrd-confidential + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-s390x-${{ toJSON(matrix) }} + cancel-in-progress: true steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} @@ -248,6 +258,9 @@ jobs: - agent - coco-guest-components - pause-image + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-s390x-${{ toJSON(matrix) }} + cancel-in-progress: true steps: - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0 if: ${{ inputs.stage == 'release' }} diff --git a/.github/workflows/build-kubectl-image.yaml b/.github/workflows/build-kubectl-image.yaml index fd079d8f8a..d68bc08b5f 100644 --- a/.github/workflows/build-kubectl-image.yaml +++ b/.github/workflows/build-kubectl-image.yaml @@ -15,6 +15,10 @@ on: permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-kubectl-image + cancel-in-progress: true + env: REGISTRY: quay.io IMAGE_NAME: kata-containers/kubectl diff --git a/.github/workflows/ci-devel.yaml b/.github/workflows/ci-devel.yaml index 7042a2ccee..c678106947 100644 --- a/.github/workflows/ci-devel.yaml +++ b/.github/workflows/ci-devel.yaml @@ -2,6 +2,10 @@ name: Kata Containers CI (manually triggered) on: workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-devel + cancel-in-progress: true + permissions: {} jobs: diff --git a/.github/workflows/ci-nightly-s390x.yaml b/.github/workflows/ci-nightly-s390x.yaml index 4249821827..33d656ceb2 100644 --- a/.github/workflows/ci-nightly-s390x.yaml +++ b/.github/workflows/ci-nightly-s390x.yaml @@ -6,6 +6,10 @@ name: Nightly CI for s390x permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-nightly-s390x + cancel-in-progress: true + jobs: check-internal-test-result: name: check-internal-test-result diff --git a/.github/workflows/ci-weekly.yaml b/.github/workflows/ci-weekly.yaml index a5d90303b0..ceb5d527b2 100644 --- a/.github/workflows/ci-weekly.yaml +++ b/.github/workflows/ci-weekly.yaml @@ -22,7 +22,7 @@ on: AZ_APPID: required: true AZ_TENANT_ID: - required: true + required: true AZ_SUBSCRIPTION_ID: required: true QUAY_DEPLOYER_PASSWORD: @@ -32,6 +32,10 @@ on: permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-weekly + cancel-in-progress: true + jobs: build-kata-static-tarball-amd64: permissions: diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ec557b1cc5..79774d26c9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -30,7 +30,7 @@ on: AZ_APPID: required: true AZ_TENANT_ID: - required: true + required: true AZ_SUBSCRIPTION_ID: required: true CI_HKD_PATH: @@ -46,6 +46,10 @@ on: permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-ci + cancel-in-progress: true + jobs: build-kata-static-tarball-amd64: permissions: @@ -370,7 +374,7 @@ jobs: commit-hash: ${{ inputs.commit-hash }} target-branch: ${{ inputs.target-branch }} - run-cri-containerd-amd64: + run-cri-containerd-tests-amd64: if: ${{ inputs.skip-test != 'yes' }} needs: build-kata-static-tarball-amd64 strategy: @@ -387,7 +391,10 @@ jobs: { containerd_version: active, vmm: qemu }, { containerd_version: active, vmm: cloud-hypervisor }, { containerd_version: active, vmm: qemu-runtime-rs }, - ] + ] + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-cri-amd64-${{ toJSON(matrix) }} + cancel-in-progress: true uses: ./.github/workflows/run-cri-containerd-tests.yaml with: tarball-suffix: -${{ inputs.tag }} @@ -398,16 +405,19 @@ jobs: containerd_version: ${{ matrix.params.containerd_version }} vmm: ${{ matrix.params.vmm }} - run-cri-containerd-s390x: + run-cri-containerd-tests-s390x: if: ${{ inputs.skip-test != 'yes' }} needs: build-kata-static-tarball-s390x strategy: fail-fast: false matrix: params: [ - { containerd_version: active, vmm: qemu }, - { containerd_version: active, vmm: qemu-runtime-rs }, - ] + {containerd_version: active, vmm: qemu}, + {containerd_version: active, vmm: qemu-runtime-rs}, + ] + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-${{ toJSON(matrix) }} + cancel-in-progress: true uses: ./.github/workflows/run-cri-containerd-tests.yaml with: tarball-suffix: -${{ inputs.tag }} @@ -425,8 +435,11 @@ jobs: fail-fast: false matrix: params: [ - { containerd_version: active, vmm: qemu }, - ] + {containerd_version: active, vmm: qemu}, + ] + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-cri-ppc64le-${{ toJSON(matrix) }} + cancel-in-progress: true uses: ./.github/workflows/run-cri-containerd-tests.yaml with: tarball-suffix: -${{ inputs.tag }} @@ -444,8 +457,11 @@ jobs: fail-fast: false matrix: params: [ - { containerd_version: active, vmm: qemu }, - ] + {containerd_version: active, vmm: qemu}, + ] + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-cri-arm64-${{ toJSON(matrix) }} + cancel-in-progress: true uses: ./.github/workflows/run-cri-containerd-tests.yaml with: tarball-suffix: -${{ inputs.tag }} diff --git a/.github/workflows/cleanup-resources.yaml b/.github/workflows/cleanup-resources.yaml index 95f47fb5b2..f25413a52c 100644 --- a/.github/workflows/cleanup-resources.yaml +++ b/.github/workflows/cleanup-resources.yaml @@ -4,6 +4,10 @@ on: - cron: "0 0 * * *" workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + permissions: {} jobs: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e452aee3c2..441dbcd4c3 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -19,6 +19,10 @@ on: schedule: - cron: '45 0 * * 1' +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + permissions: {} diff --git a/.github/workflows/docs-url-alive-check.yaml b/.github/workflows/docs-url-alive-check.yaml index 01d83df73d..99f7eb99f8 100644 --- a/.github/workflows/docs-url-alive-check.yaml +++ b/.github/workflows/docs-url-alive-check.yaml @@ -3,6 +3,10 @@ on: - cron: '0 23 * * 0' workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + permissions: {} name: Docs URL Alive Check diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 73bb6e9771..03d20e189f 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -3,7 +3,9 @@ on: push: branches: - main + permissions: {} + concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true diff --git a/.github/workflows/gatekeeper-skipper.yaml b/.github/workflows/gatekeeper-skipper.yaml index ab16c11232..c4a839ec72 100644 --- a/.github/workflows/gatekeeper-skipper.yaml +++ b/.github/workflows/gatekeeper-skipper.yaml @@ -31,6 +31,10 @@ on: skip_static: value: ${{ jobs.skipper.outputs.skip_static }} +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-gatekeeper-skipper + cancel-in-progress: true + permissions: {} jobs: diff --git a/.github/workflows/govulncheck.yaml b/.github/workflows/govulncheck.yaml index 8a5d40c379..a51cc364f2 100644 --- a/.github/workflows/govulncheck.yaml +++ b/.github/workflows/govulncheck.yaml @@ -3,6 +3,10 @@ on: name: Govulncheck +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + permissions: {} jobs: @@ -22,7 +26,7 @@ jobs: steps: - name: Checkout the code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 persist-credentials: false diff --git a/.github/workflows/osv-scanner.yaml b/.github/workflows/osv-scanner.yaml index 7dc59e0318..3158df9502 100644 --- a/.github/workflows/osv-scanner.yaml +++ b/.github/workflows/osv-scanner.yaml @@ -15,6 +15,10 @@ on: push: branches: [ "main" ] +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-osv-scanner + cancel-in-progress: true + permissions: {} jobs: diff --git a/.github/workflows/publish-kata-deploy-payload.yaml b/.github/workflows/publish-kata-deploy-payload.yaml index 6c6310a4e2..b2ec84b49d 100644 --- a/.github/workflows/publish-kata-deploy-payload.yaml +++ b/.github/workflows/publish-kata-deploy-payload.yaml @@ -34,6 +34,10 @@ on: QUAY_DEPLOYER_PASSWORD: required: true +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-${{ inputs.arch }}-publish-deploy + cancel-in-progress: true + permissions: {} jobs: diff --git a/.github/workflows/push-oras-tarball-cache.yaml b/.github/workflows/push-oras-tarball-cache.yaml index c071dfaf2c..6b9c5597b4 100644 --- a/.github/workflows/push-oras-tarball-cache.yaml +++ b/.github/workflows/push-oras-tarball-cache.yaml @@ -12,6 +12,10 @@ on: permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + jobs: push-oras-cache: name: push-oras-cache diff --git a/.github/workflows/release-amd64.yaml b/.github/workflows/release-amd64.yaml index 25e2bdfd79..8cc8ed9f32 100644 --- a/.github/workflows/release-amd64.yaml +++ b/.github/workflows/release-amd64.yaml @@ -11,6 +11,10 @@ on: KBUILD_SIGN_PIN: required: true +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false # Note - don't cancel the in progress build as we could end up with inconsistent results + permissions: {} jobs: diff --git a/.github/workflows/release-arm64.yaml b/.github/workflows/release-arm64.yaml index e9276ae960..45c7d05707 100644 --- a/.github/workflows/release-arm64.yaml +++ b/.github/workflows/release-arm64.yaml @@ -11,6 +11,10 @@ on: KBUILD_SIGN_PIN: required: true +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false # Note - don't cancel the in progress build as we could end up with inconsistent results + permissions: {} jobs: diff --git a/.github/workflows/release-ppc64le.yaml b/.github/workflows/release-ppc64le.yaml index 818c6c6266..cd96a2a99b 100644 --- a/.github/workflows/release-ppc64le.yaml +++ b/.github/workflows/release-ppc64le.yaml @@ -9,6 +9,10 @@ on: QUAY_DEPLOYER_PASSWORD: required: true +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false # Note - don't cancel the in progress build as we could end up with inconsistent results + permissions: {} jobs: diff --git a/.github/workflows/release-s390x.yaml b/.github/workflows/release-s390x.yaml index ebfafeba59..99fc53c8ad 100644 --- a/.github/workflows/release-s390x.yaml +++ b/.github/workflows/release-s390x.yaml @@ -11,6 +11,10 @@ on: QUAY_DEPLOYER_PASSWORD: required: true +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false # Note - don't cancel the in progress build as we could end up with inconsistent results + permissions: {} jobs: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 880651e59e..588af80a70 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -2,6 +2,10 @@ name: Release Kata Containers on: workflow_dispatch +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false # Note - don't cancel the in progress build as we could end up with inconsistent results + permissions: {} jobs: diff --git a/.github/workflows/run-cri-containerd-tests.yaml b/.github/workflows/run-cri-containerd-tests.yaml index 635540e2c2..ff9bb5ea2a 100644 --- a/.github/workflows/run-cri-containerd-tests.yaml +++ b/.github/workflows/run-cri-containerd-tests.yaml @@ -1,7 +1,5 @@ name: CI | Run cri-containerd tests -permissions: {} - on: workflow_call: inputs: @@ -32,6 +30,12 @@ on: required: true type: string +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-cri-tests-${{ toJSON(inputs) }} + cancel-in-progress: true + +permissions: {} + jobs: run-cri-containerd: name: run-cri-containerd-${{ inputs.arch }} (${{ inputs.containerd_version }}, ${{ inputs.vmm }}) diff --git a/.github/workflows/run-k8s-tests-on-aks.yaml b/.github/workflows/run-k8s-tests-on-aks.yaml index 561c8aec9e..2e11d85edf 100644 --- a/.github/workflows/run-k8s-tests-on-aks.yaml +++ b/.github/workflows/run-k8s-tests-on-aks.yaml @@ -29,10 +29,13 @@ on: AZ_APPID: required: true AZ_TENANT_ID: - required: true + required: true AZ_SUBSCRIPTION_ID: required: true +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-aks + cancel-in-progress: true permissions: {} @@ -54,6 +57,9 @@ jobs: - host_os: cbl-mariner vmm: clh instance-type: normal + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-run-k8s-tests-aks-${{ toJSON(matrix) }} + cancel-in-progress: true runs-on: ubuntu-22.04 permissions: contents: read diff --git a/.github/workflows/run-k8s-tests-on-arm64.yaml b/.github/workflows/run-k8s-tests-on-arm64.yaml index 1a4c81ecc5..b7d33d9a56 100644 --- a/.github/workflows/run-k8s-tests-on-arm64.yaml +++ b/.github/workflows/run-k8s-tests-on-arm64.yaml @@ -22,6 +22,10 @@ on: type: string default: "" +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-k8s-arm64 + cancel-in-progress: true + permissions: {} jobs: @@ -35,6 +39,9 @@ jobs: - qemu-runtime-rs k8s: - kubeadm + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-arm64-${{ toJSON(matrix) }} + cancel-in-progress: true runs-on: arm64-k8s env: DOCKER_REGISTRY: ${{ inputs.registry }} diff --git a/.github/workflows/run-k8s-tests-on-free-runner.yaml b/.github/workflows/run-k8s-tests-on-free-runner.yaml index 23b738b7b6..b73abb3c0b 100644 --- a/.github/workflows/run-k8s-tests-on-free-runner.yaml +++ b/.github/workflows/run-k8s-tests-on-free-runner.yaml @@ -27,6 +27,10 @@ on: type: string default: "" +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-free-runner + cancel-in-progress: true + permissions: {} jobs: @@ -47,6 +51,9 @@ jobs: { vmm: cloud-hypervisor, containerd_version: lts }, { vmm: cloud-hypervisor, containerd_version: active }, ] + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-free-runner-${{ toJSON(matrix) }} + cancel-in-progress: true runs-on: ubuntu-24.04 permissions: contents: read diff --git a/.github/workflows/run-k8s-tests-on-nvidia-gpu.yaml b/.github/workflows/run-k8s-tests-on-nvidia-gpu.yaml index 5a6da266b4..8a10acf316 100644 --- a/.github/workflows/run-k8s-tests-on-nvidia-gpu.yaml +++ b/.github/workflows/run-k8s-tests-on-nvidia-gpu.yaml @@ -28,6 +28,10 @@ on: NGC_API_KEY: required: true +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-nvidia-gpu + cancel-in-progress: true + permissions: {} jobs: @@ -40,6 +44,9 @@ jobs: { name: nvidia-gpu, vmm: qemu-nvidia-gpu, runner: amd64-nvidia-a100 }, { name: nvidia-gpu-snp, vmm: qemu-nvidia-gpu-snp, runner: amd64-nvidia-h100-snp }, ] + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-${{ toJSON(matrix) }} + cancel-in-progress: true runs-on: ${{ matrix.environment.runner }} env: DOCKER_REGISTRY: ${{ inputs.registry }} diff --git a/.github/workflows/run-k8s-tests-on-ppc64le.yaml b/.github/workflows/run-k8s-tests-on-ppc64le.yaml index 673f5306bd..1f4fef117f 100644 --- a/.github/workflows/run-k8s-tests-on-ppc64le.yaml +++ b/.github/workflows/run-k8s-tests-on-ppc64le.yaml @@ -22,6 +22,10 @@ on: type: string default: "" +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-ppc64le + cancel-in-progress: true + permissions: {} jobs: @@ -34,6 +38,9 @@ jobs: - qemu k8s: - kubeadm + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-ppc64le-${{ toJSON(matrix) }} + cancel-in-progress: true runs-on: ppc64le-k8s env: DOCKER_REGISTRY: ${{ inputs.registry }} diff --git a/.github/workflows/run-k8s-tests-on-zvsi.yaml b/.github/workflows/run-k8s-tests-on-zvsi.yaml index 88cf3ed7af..e42f5dfcfd 100644 --- a/.github/workflows/run-k8s-tests-on-zvsi.yaml +++ b/.github/workflows/run-k8s-tests-on-zvsi.yaml @@ -25,6 +25,10 @@ on: AUTHENTICATED_IMAGE_PASSWORD: required: true +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-zvsi + cancel-in-progress: true + permissions: {} jobs: @@ -63,6 +67,9 @@ jobs: vmm: qemu - snapshotter: nydus vmm: qemu-runtime-rs + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-zvsi-${{ toJSON(matrix) }} + cancel-in-progress: true runs-on: s390x-large env: DOCKER_REGISTRY: ${{ inputs.registry }} diff --git a/.github/workflows/run-kata-coco-stability-tests.yaml b/.github/workflows/run-kata-coco-stability-tests.yaml index 8753c2c6bb..ba9a5aea1b 100644 --- a/.github/workflows/run-kata-coco-stability-tests.yaml +++ b/.github/workflows/run-kata-coco-stability-tests.yaml @@ -29,12 +29,16 @@ on: AZ_APPID: required: true AZ_TENANT_ID: - required: true + required: true AZ_SUBSCRIPTION_ID: required: true AUTHENTICATED_IMAGE_PASSWORD: required: true +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-coco-stability + cancel-in-progress: true + permissions: {} jobs: @@ -51,6 +55,9 @@ jobs: - nydus pull-type: - guest-pull + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-${{ toJSON(matrix) }} + cancel-in-progress: true runs-on: ubuntu-22.04 permissions: diff --git a/.github/workflows/run-kata-coco-tests.yaml b/.github/workflows/run-kata-coco-tests.yaml index ad267ab3de..fd4ddebbe9 100644 --- a/.github/workflows/run-kata-coco-tests.yaml +++ b/.github/workflows/run-kata-coco-tests.yaml @@ -34,12 +34,16 @@ on: AZ_APPID: required: true AZ_TENANT_ID: - required: true + required: true AZ_SUBSCRIPTION_ID: required: true ITA_KEY: required: true +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-coco + cancel-in-progress: true + permissions: {} jobs: @@ -55,6 +59,9 @@ jobs: vmm: qemu-snp - runner: sev-snp vmm: qemu-snp-runtime-rs + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-${{ toJSON(matrix) }} + cancel-in-progress: true runs-on: ${{ matrix.runner }} env: DOCKER_REGISTRY: ${{ inputs.registry }} @@ -143,6 +150,9 @@ jobs: { vmm: qemu-coco-dev-runtime-rs, snapshotter: nydus, pull_type: guest-pull }, { vmm: qemu-coco-dev, snapshotter: "", pull_type: experimental-force-guest-pull }, ] + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-${{ toJSON(matrix) }} + cancel-in-progress: true runs-on: ubuntu-24.04 permissions: contents: read @@ -270,6 +280,9 @@ jobs: { k8s: microk8s, vmm: qemu-coco-dev, snapshotter: "", pull_type: experimental-force-guest-pull }, { k8s: microk8s, vmm: qemu-coco-dev-runtime-rs, snapshotter: nydus, pull_type: guest-pull }, ] + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-${{ toJSON(matrix) }} + cancel-in-progress: true runs-on: ubuntu-24.04 permissions: contents: read @@ -384,6 +397,9 @@ jobs: - erofs pull-type: - default + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true runs-on: ubuntu-24.04 environment: name: ci diff --git a/.github/workflows/run-kata-deploy-tests-on-aks.yaml b/.github/workflows/run-kata-deploy-tests-on-aks.yaml index f19e65e180..0fa5e0dbdb 100644 --- a/.github/workflows/run-kata-deploy-tests-on-aks.yaml +++ b/.github/workflows/run-kata-deploy-tests-on-aks.yaml @@ -25,10 +25,14 @@ on: AZ_APPID: required: true AZ_TENANT_ID: - required: true + required: true AZ_SUBSCRIPTION_ID: required: true +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-kata-deploy-aks + cancel-in-progress: true + permissions: {} jobs: @@ -47,6 +51,9 @@ jobs: include: - host_os: cbl-mariner vmm: clh + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-${{ toJSON(matrix) }} + cancel-in-progress: true runs-on: ubuntu-22.04 environment: name: ci diff --git a/.github/workflows/run-kata-deploy-tests.yaml b/.github/workflows/run-kata-deploy-tests.yaml index 2554257888..4a53c2552c 100644 --- a/.github/workflows/run-kata-deploy-tests.yaml +++ b/.github/workflows/run-kata-deploy-tests.yaml @@ -22,6 +22,10 @@ on: type: string default: "" +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-kata-deploy + cancel-in-progress: true + permissions: {} jobs: @@ -37,6 +41,9 @@ jobs: - k3s - rke2 - microk8s + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-${{ toJSON(matrix) }} + cancel-in-progress: true runs-on: ubuntu-22.04 env: DOCKER_REGISTRY: ${{ inputs.registry }} diff --git a/.github/workflows/run-kata-monitor-tests.yaml b/.github/workflows/run-kata-monitor-tests.yaml index 6d0a91788c..37d964eb72 100644 --- a/.github/workflows/run-kata-monitor-tests.yaml +++ b/.github/workflows/run-kata-monitor-tests.yaml @@ -13,6 +13,10 @@ on: type: string default: "" +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-kata-monitor + cancel-in-progress: true + permissions: {} jobs: @@ -34,6 +38,9 @@ jobs: # TODO: enable with containerd when https://github.com/kata-containers/kata-containers/issues/9761 is fixed - container_engine: containerd vmm: qemu + concurrency: + group: ${{ github.workflow }}-${{ github.job }}-${{ github.event.pull_request.number || github.ref }}-${{ toJSON(matrix) }} + cancel-in-progress: true runs-on: ubuntu-22.04 env: CONTAINER_ENGINE: ${{ matrix.container_engine }} diff --git a/.github/workflows/run-metrics.yaml b/.github/workflows/run-metrics.yaml index 76725119f5..0cae90bb00 100644 --- a/.github/workflows/run-metrics.yaml +++ b/.github/workflows/run-metrics.yaml @@ -22,6 +22,10 @@ on: type: string default: "" +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-metrics + cancel-in-progress: true + permissions: {} jobs: diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 1f30fc2d67..5a024a170b 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -11,6 +11,10 @@ on: branches: [ "main" ] workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + permissions: {} jobs: