From 4e6893307b0f0d8723c8136748ef76040e3a1991 Mon Sep 17 00:00:00 2001
From: Marc Hoersken <info@marc-hoersken.de>
Date: Sat, 17 Sep 2022 23:45:32 +0200
Subject: [PATCH] CI/GHA: cancel outdated CI runs on new PR changes

Avoid letting outdated CI runs continue if a PR receives
new changes. Outside a PR we let them continue running
by tying the concurrency to the commit hash instead.

Also only let one CodeQL or Hacktoberfest job run at a time.

Other CI platforms we use have this build in, but GitHub
unfortunately neither by default nor with a simple option.

This saves CI resources and therefore a little energy.

Approved-by: Daniel Stenberg
Approved-by: Max Dymond
Closes #9533
---
 .github/workflows/codeql-analysis.yml        | 5 +++--
 .github/workflows/fuzz.yml                   | 6 ++++--
 .github/workflows/hacktoberfest-accepted.yml | 6 +++++-
 .github/workflows/linkcheck.yml              | 4 ++++
 .github/workflows/linux.yml                  | 6 ++++--
 .github/workflows/macos.yml                  | 6 ++++--
 .github/workflows/msh3.yml                   | 7 +++++--
 .github/workflows/ngtcp2-gnutls.yml          | 7 +++++--
 .github/workflows/ngtcp2-wolfssl.yml         | 7 +++++--
 .github/workflows/openssl3.yml               | 7 +++++--
 .github/workflows/proselint.yml              | 4 ++++
 .github/workflows/reuse.yml                  | 6 ++++--
 .github/workflows/torture.yml                | 7 +++++--
 .github/workflows/wolfssl.yml                | 7 +++++--
 14 files changed, 62 insertions(+), 23 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 7309753bb6..1d2792242a 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -5,8 +5,6 @@
 name: CodeQL
 
 on:
-  # Trigger the workflow on push or pull requests, but only for the
-  # master branch
   push:
     branches:
     - master
@@ -17,6 +15,9 @@ on:
   schedule:
     - cron: '0 0 * * 4'
 
+concurrency:
+  group: ${{ github.workflow }}
+
 permissions:
   security-events: write
 
diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml
index c6512faf0a..ca07fa699b 100644
--- a/.github/workflows/fuzz.yml
+++ b/.github/workflows/fuzz.yml
@@ -5,8 +5,6 @@
 name: Fuzzer
 
 on:
-  # Trigger the workflow on push or pull requests, but only for the
-  # master branch
   push:
     branches:
     - master
@@ -15,6 +13,10 @@ on:
     branches:
     - master
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
 jobs:
   fuzzing:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/hacktoberfest-accepted.yml b/.github/workflows/hacktoberfest-accepted.yml
index cb84ed9892..59aca12188 100644
--- a/.github/workflows/hacktoberfest-accepted.yml
+++ b/.github/workflows/hacktoberfest-accepted.yml
@@ -5,11 +5,15 @@
 name: Hacktoberfest
 
 on:
-  # run for all pushes to master branch
+  # this must not ever run on any other branch than master
   push:
     branches:
     - master
 
+concurrency:
+  # this should not run in parallel, so just run one at a time
+  group: ${{ github.workflow }}
+
 permissions:
   # requires issues AND pull-requests write permissions to edit labels on PRs!
   issues: write
diff --git a/.github/workflows/linkcheck.yml b/.github/workflows/linkcheck.yml
index 4517ef7c04..9ee7f04e10 100644
--- a/.github/workflows/linkcheck.yml
+++ b/.github/workflows/linkcheck.yml
@@ -19,6 +19,10 @@ on:
     - '.github/workflows/linkcheck.yml'
     - '**.md'
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
 jobs:
   # Docs: https://github.com/marketplace/actions/markdown-link-check
   check:
diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
index b2397f3cc2..959e2bc1be 100644
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@@ -5,8 +5,6 @@
 name: Linux
 
 on:
-  # Trigger the workflow on push or pull requests, but only for the
-  # master branch
   push:
     branches:
     - master
@@ -15,6 +13,10 @@ on:
     branches:
     - master
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
 jobs:
   autotools:
     name: ${{ matrix.build.name }}
diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml
index ea87b84258..6fa5bfbe8e 100644
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@@ -5,8 +5,6 @@
 name: macOS
 
 on:
-  # Trigger the workflow on push or pull requests, but only for the
-  # master branch
   push:
     branches:
     - master
@@ -15,6 +13,10 @@ on:
     branches:
     - master
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
 jobs:
   autotools:
     name: ${{ matrix.build.name }}
diff --git a/.github/workflows/msh3.yml b/.github/workflows/msh3.yml
index 6a061c701f..b58be815a8 100644
--- a/.github/workflows/msh3.yml
+++ b/.github/workflows/msh3.yml
@@ -5,8 +5,6 @@
 name: Linux
 
 on:
-  # Trigger the workflow on push or pull requests, but only for the
-  # master branch
   push:
     branches:
     - master
@@ -15,6 +13,11 @@ on:
     branches:
     - master
 
+concurrency:
+  # Hardcoded workflow filename as workflow name above is just Linux again
+  group: msh3-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
 jobs:
   autotools:
     name: ${{ matrix.build.name }}
diff --git a/.github/workflows/ngtcp2-gnutls.yml b/.github/workflows/ngtcp2-gnutls.yml
index fcd209f4b8..41a414981f 100644
--- a/.github/workflows/ngtcp2-gnutls.yml
+++ b/.github/workflows/ngtcp2-gnutls.yml
@@ -5,8 +5,6 @@
 name: ngtcp2
 
 on:
-  # Trigger the workflow on push or pull requests, but only for the
-  # master branch
   push:
     branches:
     - master
@@ -15,6 +13,11 @@ on:
     branches:
     - master
 
+concurrency:
+  # Hardcoded workflow filename as workflow name above is just Linux again
+  group: ngtcp2-gnutls-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
 jobs:
   autotools:
     name: ${{ matrix.build.name }}
diff --git a/.github/workflows/ngtcp2-wolfssl.yml b/.github/workflows/ngtcp2-wolfssl.yml
index 1c25283bba..da6594aa2a 100644
--- a/.github/workflows/ngtcp2-wolfssl.yml
+++ b/.github/workflows/ngtcp2-wolfssl.yml
@@ -5,8 +5,6 @@
 name: ngtcp2
 
 on:
-  # Trigger the workflow on push or pull requests, but only for the
-  # master branch
   push:
     branches:
     - master
@@ -15,6 +13,11 @@ on:
     branches:
     - master
 
+concurrency:
+  # Hardcoded workflow filename as workflow name above is just Linux again
+  group: ngtcp2-wolfssl-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
 jobs:
   autotools:
     name: ${{ matrix.build.name }}
diff --git a/.github/workflows/openssl3.yml b/.github/workflows/openssl3.yml
index 7838104074..a0881722d0 100644
--- a/.github/workflows/openssl3.yml
+++ b/.github/workflows/openssl3.yml
@@ -5,8 +5,6 @@
 name: Linux
 
 on:
-  # Trigger the workflow on push or pull requests, but only for the
-  # master branch
   push:
     branches:
     - master
@@ -15,6 +13,11 @@ on:
     branches:
     - master
 
+concurrency:
+  # Hardcoded workflow filename as workflow name above is just Linux again
+  group: openssl3-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
 jobs:
   autotools:
     name: ${{ matrix.build.name }}
diff --git a/.github/workflows/proselint.yml b/.github/workflows/proselint.yml
index 3152a48d06..c7b32ccae0 100644
--- a/.github/workflows/proselint.yml
+++ b/.github/workflows/proselint.yml
@@ -19,6 +19,10 @@ on:
     - '.github/workflows/proselint.yml'
     - '**.md'
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
 jobs:
   check:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml
index 23e019fc82..c9fb48ca66 100644
--- a/.github/workflows/reuse.yml
+++ b/.github/workflows/reuse.yml
@@ -6,8 +6,6 @@
 name: REUSE compliance
 
 on:
-  # Trigger the workflow on push or pull requests, but only for the
-  # master branch
   push:
     branches:
     - master
@@ -16,6 +14,10 @@ on:
     branches:
     - master
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
 jobs:
   check:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/torture.yml b/.github/workflows/torture.yml
index c73a4aee5c..706f5530e3 100644
--- a/.github/workflows/torture.yml
+++ b/.github/workflows/torture.yml
@@ -5,8 +5,6 @@
 name: Linux
 
 on:
-  # Trigger the workflow on push or pull requests, but only for the
-  # master branch
   push:
     branches:
     - master
@@ -15,6 +13,11 @@ on:
     branches:
     - master
 
+concurrency:
+  # Hardcoded workflow filename as workflow name above is just Linux again
+  group: torture-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
 jobs:
   autotools:
     name: ${{ matrix.build.name }}
diff --git a/.github/workflows/wolfssl.yml b/.github/workflows/wolfssl.yml
index aa08a79018..d6bd0aded3 100644
--- a/.github/workflows/wolfssl.yml
+++ b/.github/workflows/wolfssl.yml
@@ -5,8 +5,6 @@
 name: Linux
 
 on:
-  # Trigger the workflow on push or pull requests, but only for the
-  # master branch
   push:
     branches:
     - master
@@ -15,6 +13,11 @@ on:
     branches:
     - master
 
+concurrency:
+  # Hardcoded workflow filename as workflow name above is just Linux again
+  group: wolfssl-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
 jobs:
   autotools:
     name: ${{ matrix.build.name }}