From 12a62a286dcc7e14b010d542d70a198fbce5ef6b Mon Sep 17 00:00:00 2001 From: Saurabh Jain Date: Sun, 10 May 2026 21:12:09 +0200 Subject: [PATCH 1/2] chore(ci): cancel orphaned PR runs + prune Java matrix on PR MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sweeps the same patterns shipped on axonflow-enterprise (#2140, #2146): 1. **Concurrency**: cancel orphaned PR runs when a new commit is pushed; push-to-main keys on SHA so main runs never queue or cancel each other. Applied to ci, integration (existing block reshaped from `cancel-in-progress: true`), heartbeat-real-stack, wire-shape-contract, definition-of-done, validate-version-alignment. 2. **Matrix prune on PR** for ci.yml + integration.yml's contract-integration job: PR: java-version: [17] (current release toolchain) else: java-version: [11, 17, 21] (push, dispatch, weekly cron) Cuts the heaviest workflow in the SDK fleet from p95 ~5.2m to ~2m. Version-specific drift surfaces post-merge on push:main and the Tuesday cron (already present on integration.yml). 3. **definition-of-done.yml**: drop the `edited` PR event type — it re-runs the gate on title/body edits without any code change. Keep opened/synchronize/reopened. No app code change; CI ergonomics only. Signed-off-by: Saurabh Jain --- .github/workflows/ci.yml | 12 +++++++++++- .github/workflows/definition-of-done.yml | 9 ++++++++- .github/workflows/heartbeat-real-stack.yml | 4 ++++ .github/workflows/integration.yml | 11 +++++++---- .github/workflows/validate-version-alignment.yml | 4 ++++ .github/workflows/wire-shape-contract.yml | 4 ++++ 6 files changed, 38 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a42a8c5..b9c60cc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,6 +9,12 @@ on: permissions: contents: read +# Cancel orphaned PR runs when a new commit is pushed; push to main uses SHA so +# main runs never queue or cancel each other. +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + env: AXONFLOW_TELEMETRY: 'off' @@ -17,8 +23,12 @@ jobs: runs-on: ubuntu-latest strategy: + # PR runs only Java 17 (current release toolchain). Push to main and + # workflow_dispatch run the full [11, 17, 21] matrix to validate + # version-specific drift before the next tag. Cuts PR-time wallclock + # ~2/3 (5.2m → ~2m on the heaviest workflow in the SDK fleet). matrix: - java-version: [11, 17, 21] + java-version: ${{ fromJson(github.event_name == 'pull_request' && '[17]' || '[11, 17, 21]') }} steps: - name: Checkout code diff --git a/.github/workflows/definition-of-done.yml b/.github/workflows/definition-of-done.yml index dd8e433..a10e0c6 100644 --- a/.github/workflows/definition-of-done.yml +++ b/.github/workflows/definition-of-done.yml @@ -6,12 +6,19 @@ name: Definition of Done on: pull_request: - types: [opened, synchronize, reopened, edited] + # Trim out non-diff-changing event types: dropped `edited` (title/body + # edit re-runs the gate without any code change). `reopened` retained for + # PRs that were closed and reopened with new commits. + types: [opened, synchronize, reopened] permissions: contents: read pull-requests: read +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + jobs: lint-no-mocks-in-runtime-e2e: name: Lint — no mocks in runtime-e2e/ diff --git a/.github/workflows/heartbeat-real-stack.yml b/.github/workflows/heartbeat-real-stack.yml index 9f47509..4209557 100644 --- a/.github/workflows/heartbeat-real-stack.yml +++ b/.github/workflows/heartbeat-real-stack.yml @@ -12,6 +12,10 @@ on: pull_request: branches: [main] +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + env: AXONFLOW_TELEMETRY: 'off' diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 70584f2..5858afe 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -15,10 +15,11 @@ permissions: contents: read # Avoid spawning parallel docker-compose stacks for back-to-back pushes; -# also cancels stale PR runs when a new commit lands. +# also cancels stale PR runs when a new commit lands. Push to main keys on SHA +# so main runs never queue or cancel each other. concurrency: - group: integration-${{ github.ref }} - cancel-in-progress: true + group: integration-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} env: AXONFLOW_TELEMETRY: 'off' @@ -33,8 +34,10 @@ jobs: timeout-minutes: 15 strategy: fail-fast: false + # PR runs only Java 17 (release toolchain). Push, dispatch, and weekly + # cron run the full [11, 17, 21] matrix to catch version drift. matrix: - java-version: [11, 17, 21] + java-version: ${{ fromJson(github.event_name == 'pull_request' && '[17]' || '[11, 17, 21]') }} steps: - name: Checkout SDK uses: actions/checkout@v4 diff --git a/.github/workflows/validate-version-alignment.yml b/.github/workflows/validate-version-alignment.yml index 48cbc2d..ef2dba3 100644 --- a/.github/workflows/validate-version-alignment.yml +++ b/.github/workflows/validate-version-alignment.yml @@ -28,6 +28,10 @@ on: permissions: contents: read +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + env: AXONFLOW_TELEMETRY: 'off' diff --git a/.github/workflows/wire-shape-contract.yml b/.github/workflows/wire-shape-contract.yml index 9e3e546..a2f2e06 100644 --- a/.github/workflows/wire-shape-contract.yml +++ b/.github/workflows/wire-shape-contract.yml @@ -33,6 +33,10 @@ on: permissions: contents: read +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + jobs: wire-shape: name: Validate Wire Shape From 19fed71a14ea95c902536d9ac789a4280549c08b Mon Sep 17 00:00:00 2001 From: Saurabh Jain Date: Sun, 10 May 2026 21:34:37 +0200 Subject: [PATCH 2/2] ci: add Build Summary aggregator job MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The matrix prune in this PR (`[11, 17, 21]` → `[17]` on PR) means the per-version check names (`build (11)`, `build (21)`) don't report on PR runs. Branch protection requires those names, so PRs get permanently blocked. Add a `Build Summary` aggregator that always runs, reflects the overall matrix result (success/skipped → green; failure → red), and emits a stable single check name regardless of matrix shape. Branch protection should require `Build Summary` instead of the per-version names — same pattern axonflow-enterprise uses with its `Build Summary` / `Test Summary` aggregators. Signed-off-by: Saurabh Jain --- .github/workflows/ci.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b9c60cc..75f81c1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -94,6 +94,26 @@ jobs: if: matrix.java-version == 17 run: mvn jacoco:check -B + # Aggregator that always reports a single check name regardless of the + # matrix shape (PR-time matrix is `[17]`; push/dispatch is `[11, 17, 21]`). + # Branch protection requires `Build Summary`, not the per-version names, + # so matrix changes don't strand required checks. + build-summary: + name: Build Summary + needs: [build] + if: always() + runs-on: ubuntu-latest + steps: + - name: Aggregate build matrix result + run: | + result="${{ needs.build.result }}" + echo "build matrix result: $result" + if [ "$result" != "success" ] && [ "$result" != "skipped" ]; then + echo "::error::build matrix did not all pass (result: $result)" + exit 1 + fi + echo "Build matrix OK" + lint: runs-on: ubuntu-latest