WIP: workflows: Add concurrency limits

It is good practice to add concurrency limits to automatically
cancel jobs that have been superceded and potentially stop
race conditions if we try and get artifacts by workflows and job id
rather than run id.

See https://docs.zizmor.sh/audits/#concurrency-limits

Signed-off-by: stevenhorsman <steven@uk.ibm.com>

.github/workflows/build-checks.yaml

@@ -7,7 +7,6 @@ on:
 
 permissions: {}
 
-
 name: Build checks
 jobs:
   check:
@@ -75,7 +74,9 @@ jobs:
               - protobuf-compiler
         instance:
           - ${{ inputs.instance }}
-
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-${{ matrix.component.name }}-${{ matrix.command }}
+      cancel-in-progress: true
     steps:
       - name: Adjust a permission for repo
         run: |

.github/workflows/cleanup-resources.yaml

@@ -4,6 +4,10 @@ on:
     - cron: "0 0 * * *"
   workflow_dispatch:
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 permissions: {}
 
 jobs:

.github/workflows/codeql.yml

@@ -19,6 +19,10 @@ on:
   schedule:
     - cron: '45 0 * * 1'
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 permissions: {}
 
 

.github/workflows/docs-url-alive-check.yaml

@@ -3,6 +3,10 @@ on:
     - cron:  '0 23 * * 0'
   workflow_dispatch:
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 permissions: {}
 
 name: Docs URL Alive Check

.github/workflows/docs.yaml

@@ -3,6 +3,11 @@ on:
   push:
     branches:
       - main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 permissions: {}
 jobs:
   deploy-docs:

.github/workflows/gatekeeper-skipper.yaml

@@ -31,6 +31,10 @@ on:
       skip_static:
         value: ${{ jobs.skipper.outputs.skip_static }}
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 permissions: {}
 
 jobs:

.github/workflows/govulncheck.yaml

@@ -3,6 +3,10 @@ on:
 
 name: Govulncheck
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 permissions: {}
 
 jobs:

.github/workflows/publish-kata-deploy-payload.yaml

@@ -34,6 +34,10 @@ on:
       QUAY_DEPLOYER_PASSWORD:
         required: true
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 permissions: {}
 
 jobs:

.github/workflows/run-kata-monitor-tests.yaml

@@ -13,6 +13,10 @@ on:
         type: string
         default: ""
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 permissions: {}
 
 jobs:

.github/workflows/run-metrics.yaml

@@ -22,6 +22,10 @@ on:
         type: string
         default: ""
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 permissions: {}
 
 jobs:

.github/workflows/scorecard.yaml

@@ -11,6 +11,10 @@ on:
     branches: [ "main" ]
   workflow_dispatch:
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 permissions: {}
 
 jobs:

.github/workflows/stale.yaml

@@ -4,6 +4,10 @@ on:
     - cron: '0 0 * * *'
   workflow_dispatch:
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 permissions: {}
 
 concurrency:

src/runtime/pkg/govmm/.github/workflows/main.yml

@@ -1,6 +1,10 @@
 on: ["pull_request"]
 name: Unit tests
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 permissions:
   contents: read