diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 9442fc4..99b5bc4 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -2,9 +2,21 @@ name: Checks on: push: + branches: + - main pull_request: workflow_dispatch: +# Use concurrency to deduplicate runs. +# - For pull requests: group by `pr-` so multiple commits to the same PR +# cancel previous runs and only the latest is kept. +# - For direct pushes: fall back to deduplicating by commit SHA so identical +# commits don't trigger multiple concurrent workflows. +# - Include the `github.workflow` name in the group to avoid cross-workflow collisions. +concurrency: + group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || github.sha }} + cancel-in-progress: true + # Minimal file-level permissions for checks: read repository contents for linting/tests permissions: contents: read diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index c0dfbe9..4fb8deb 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -2,9 +2,21 @@ name: Docker CI on: push: + branches: + - main pull_request: workflow_dispatch: +# Use concurrency to deduplicate runs. +# - For pull requests: group by `pr-` so multiple commits to the same PR +# cancel previous runs and only the latest is kept. +# - For direct pushes: fall back to deduplicating by commit SHA so identical +# commits don't trigger multiple concurrent workflows. +# - Include the `github.workflow` name in the group to avoid cross-workflow collisions. +concurrency: + group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || github.sha }} + cancel-in-progress: true + # Minimize permissions for Docker CI; only allow read access to repo contents # and package write for pushing images to GHCR. permissions: