From 7d33d364df6fc8f452f58efe8c5403a598ed918a Mon Sep 17 00:00:00 2001 From: Alem Tuzlak Date: Wed, 13 May 2026 11:30:32 +0200 Subject: [PATCH] chore(ci): harden CI workflows - Add job-level timeout-minutes to all workflows (15-45 min depending on job). - Add concurrency group with PR-only cancel-in-progress to benchmarks workflow. - Add version comment to autofix-ci/action SHA pin (v1.3.2). No behavioral changes: test commands, schedules, deploy targets, matrix configs, and notification settings are untouched. --- .github/workflows/autofix.yml | 3 ++- .github/workflows/benchmarks.yml | 5 +++++ .github/workflows/pr.yml | 2 ++ .github/workflows/release.yml | 1 + .github/workflows/zizmor.yml | 1 + 5 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/autofix.yml b/.github/workflows/autofix.yml index f2b1f71..21f5718 100644 --- a/.github/workflows/autofix.yml +++ b/.github/workflows/autofix.yml @@ -16,6 +16,7 @@ jobs: autofix: name: autofix runs-on: ubuntu-latest + timeout-minutes: 20 steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -28,6 +29,6 @@ jobs: - name: Regenerate docs run: pnpm build:all && pnpm generate-docs - name: Apply fixes - uses: autofix-ci/action@635ffb0c9798bd160680f18fd73371e355b85f27 + uses: autofix-ci/action@635ffb0c9798bd160680f18fd73371e355b85f27 # v1.3.2 with: commit-message: 'ci: apply automated fixes' diff --git a/.github/workflows/benchmarks.yml b/.github/workflows/benchmarks.yml index 051c036..b0e6b17 100644 --- a/.github/workflows/benchmarks.yml +++ b/.github/workflows/benchmarks.yml @@ -17,6 +17,10 @@ on: - 'pnpm-workspace.yaml' workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.event.number || github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + permissions: contents: read @@ -28,6 +32,7 @@ jobs: benchmarks: name: Run intent CodSpeed benchmark runs-on: ubuntu-latest + timeout-minutes: 30 permissions: contents: read id-token: write diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 6f9c44e..46c16e5 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -21,6 +21,7 @@ jobs: test: name: Test runs-on: ubuntu-latest + timeout-minutes: 30 steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -38,6 +39,7 @@ jobs: preview: name: Preview runs-on: ubuntu-latest + timeout-minutes: 30 steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 288bfb6..fc46c84 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,6 +20,7 @@ jobs: name: Release if: "!contains(github.event.head_commit.message, 'ci: changeset release')" runs-on: ubuntu-latest + timeout-minutes: 45 permissions: contents: write id-token: write diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 86d4b5b..5501523 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -12,6 +12,7 @@ jobs: zizmor: name: Run zizmor runs-on: ubuntu-latest + timeout-minutes: 10 steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2