From 3af3581fd6b316875360af839fe2174b04c561e7 Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Fri, 19 Dec 2025 07:59:11 -0600
Subject: [PATCH 1/3] Upgrade to checkout@v6

---
 .github/workflows/build.yml  | 8 ++++----
 .github/workflows/codeql.yml | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 360f505b12..cac1461003 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -22,7 +22,7 @@ jobs:
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
     # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v6
       with:
         submodules: recursive
 
@@ -55,7 +55,7 @@ jobs:
     - name: Install Deps
       run: dnf install -y cmake git procps-ng dbus-devel libacl-devel libblkid-devel libcap-devel libcurl-devel libgcrypt-devel libselinux-devel libxml2-devel libxslt-devel libattr-devel make openldap-devel pcre2-devel perl-XML-Parser perl-XML-XPath perl-devel python3-devel python3-dbusmock rpm-devel swig bzip2-devel gcc-c++ libyaml-devel xmlsec1-devel xmlsec1-openssl-devel hostname bzip2 lua rpm-build which strace python3-pytest
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v6
       with:
         submodules: recursive
     - name: Build
@@ -78,7 +78,7 @@ jobs:
     - name: Install Deps
       run: dnf install -y cmake git procps-ng dbus-devel libacl-devel libblkid-devel libcap-devel libcurl-devel nss-devel libselinux-devel libxml2-devel libxslt-devel libattr-devel make openldap-devel pcre2-devel perl-XML-Parser perl-XML-XPath perl-devel python3-devel python3-dbusmock rpm-devel swig bzip2-devel gcc-c++ libyaml-devel xmlsec1-devel xmlsec1-openssl-devel hostname bzip2 lua rpm-build which strace python3-pytest
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v6
       with:
         submodules: recursive
     - name: Build
@@ -100,7 +100,7 @@ jobs:
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
     # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v6
 
     # Runs a single command using the runners shell
     - name: Install Deps
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 21d00a1293..6295d221c9 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -27,7 +27,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v6
 
     - name: Install Deps
       run: |

From 4f2f20cb4ac551e17a87ba815ee894829fe9e671 Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Fri, 19 Dec 2025 08:01:20 -0600
Subject: [PATCH 2/3] Add concurrency for GitHub Actions

---
 .github/workflows/build.yml  | 3 +++
 .github/workflows/codeql.yml | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index cac1461003..cbb1194f36 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -10,6 +10,9 @@ on:
   pull_request:
     branches: [ main, maint-1.3 ]
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.number || github.run_id }}
+  cancel-in-progress: true
 
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 6295d221c9..731b9d018f 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -9,6 +9,10 @@ on:
   schedule:
     - cron: '32 17 * * 0'
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.number || github.run_id }}
+  cancel-in-progress: true
+
 jobs:
   analyze:
     name: Analyze

From 0eae28660afcd22251a871ebafbcf57044d4bd77 Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Fri, 19 Dec 2025 08:01:49 -0600
Subject: [PATCH 3/3] Enable codeql for main pull requests

---
 .github/workflows/codeql.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 731b9d018f..d49d6d200f 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -5,7 +5,7 @@ on:
     branches: [ 'maint-1.3', 'maint-1.2', 'main' ]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ 'maint-1.3' ]
+    branches: [ 'maint-1.3', 'main' ]
   schedule:
     - cron: '32 17 * * 0'