From f15d1be810911726a077e082bbeec75a8fbb15b8 Mon Sep 17 00:00:00 2001 From: Tomasz Tylenda Date: Fri, 27 Mar 2026 12:35:29 +0100 Subject: [PATCH 1/2] BUILD-XXXXX Optimize CI to reduce Repox bandwidth Applied automated safe optimizations to reduce Repox bandwidth consumption. See PR description for details of changes and additional recommendations. Generated by jfrog-optimizer plugin --- .github/workflows/PrepareNextIteration.yml | 1 + .github/workflows/PullRequestClosed.yml | 10 ++++++++++ .github/workflows/PullRequestCreated.yml | 10 ++++++++++ .github/workflows/ReleasabilityCheck.yml | 1 + .github/workflows/RequestReview.yml | 10 ++++++++++ .github/workflows/SubmitReview.yml | 1 + .github/workflows/ToggleLockBranch.yml | 1 + .github/workflows/UpdateRuleMetadata.yml | 1 + .github/workflows/automated-release.yml | 1 + .github/workflows/build.yml | 19 +++++++++++++++++++ .github/workflows/dogfood.yml | 6 ++++++ .github/workflows/mark-prs-stale.yml | 1 + .github/workflows/pr-cleanup.yml | 10 ++++++++++ .github/workflows/releasability.yaml | 1 + .github/workflows/release.yml | 1 + .github/workflows/slack_notify.yml | 1 + .github/workflows/unified-dogfooding.yml | 1 + 17 files changed, 76 insertions(+) diff --git a/.github/workflows/PrepareNextIteration.yml b/.github/workflows/PrepareNextIteration.yml index 34a8a54f8a6..74a1c6070ab 100644 --- a/.github/workflows/PrepareNextIteration.yml +++ b/.github/workflows/PrepareNextIteration.yml @@ -11,6 +11,7 @@ jobs: Next-Iteration-Job: name: Next Iteration Job runs-on: github-ubuntu-latest-s + timeout-minutes: 15 permissions: pull-requests: write contents: write diff --git a/.github/workflows/PullRequestClosed.yml b/.github/workflows/PullRequestClosed.yml index a020047260b..b622b37dca0 100644 --- a/.github/workflows/PullRequestClosed.yml +++ b/.github/workflows/PullRequestClosed.yml @@ -3,11 +3,21 @@ name: Pull Request Closed on: pull_request: types: [closed] + paths-ignore: + - '**.md' + - 'docs/**' + - '.github/CODEOWNERS' + - 'LICENSE' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true jobs: PullRequestMerged_job: name: Pull Request Merged runs-on: github-ubuntu-latest-s + timeout-minutes: 15 permissions: id-token: write pull-requests: read diff --git a/.github/workflows/PullRequestCreated.yml b/.github/workflows/PullRequestCreated.yml index 32fbe0c566b..f08587347a4 100644 --- a/.github/workflows/PullRequestCreated.yml +++ b/.github/workflows/PullRequestCreated.yml @@ -3,11 +3,21 @@ name: Pull Request Created on: pull_request: types: ["opened"] + paths-ignore: + - '**.md' + - 'docs/**' + - '.github/CODEOWNERS' + - 'LICENSE' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true jobs: PullRequestCreated_job: name: Pull Request Created runs-on: github-ubuntu-latest-s + timeout-minutes: 15 permissions: id-token: write # For external PR, ticket should be created manually diff --git a/.github/workflows/ReleasabilityCheck.yml b/.github/workflows/ReleasabilityCheck.yml index a910e4d9db6..0376d7616ed 100644 --- a/.github/workflows/ReleasabilityCheck.yml +++ b/.github/workflows/ReleasabilityCheck.yml @@ -15,6 +15,7 @@ jobs: releasability-status: name: Releasability status runs-on: github-ubuntu-latest-s + timeout-minutes: 30 permissions: id-token: write statuses: write diff --git a/.github/workflows/RequestReview.yml b/.github/workflows/RequestReview.yml index eb1425d4084..41a9890a717 100644 --- a/.github/workflows/RequestReview.yml +++ b/.github/workflows/RequestReview.yml @@ -3,11 +3,21 @@ name: Request review on: pull_request: types: ["review_requested"] + paths-ignore: + - '**.md' + - 'docs/**' + - '.github/CODEOWNERS' + - 'LICENSE' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true jobs: RequestReview_job: name: Request review runs-on: github-ubuntu-latest-s + timeout-minutes: 15 permissions: id-token: write # For external PR, ticket should be moved manually diff --git a/.github/workflows/SubmitReview.yml b/.github/workflows/SubmitReview.yml index d5b18a7edbe..5be399bd117 100644 --- a/.github/workflows/SubmitReview.yml +++ b/.github/workflows/SubmitReview.yml @@ -8,6 +8,7 @@ jobs: SubmitReview_job: name: Submit Review runs-on: github-ubuntu-latest-s + timeout-minutes: 15 permissions: id-token: write pull-requests: read diff --git a/.github/workflows/ToggleLockBranch.yml b/.github/workflows/ToggleLockBranch.yml index 6da9ebb9a5e..21e2647965b 100644 --- a/.github/workflows/ToggleLockBranch.yml +++ b/.github/workflows/ToggleLockBranch.yml @@ -7,6 +7,7 @@ jobs: ToggleLockBranch_job: name: Toggle lock branch runs-on: github-ubuntu-latest-s + timeout-minutes: 15 permissions: id-token: write steps: diff --git a/.github/workflows/UpdateRuleMetadata.yml b/.github/workflows/UpdateRuleMetadata.yml index 886199d8610..2e083a35d11 100644 --- a/.github/workflows/UpdateRuleMetadata.yml +++ b/.github/workflows/UpdateRuleMetadata.yml @@ -5,6 +5,7 @@ on: workflow_dispatch jobs: rule-metadata-update: runs-on: github-ubuntu-latest-s + timeout-minutes: 15 permissions: id-token: write contents: write diff --git a/.github/workflows/automated-release.yml b/.github/workflows/automated-release.yml index 37e50ff3330..9e27a8e17c9 100644 --- a/.github/workflows/automated-release.yml +++ b/.github/workflows/automated-release.yml @@ -43,6 +43,7 @@ on: jobs: release: name: Release + timeout-minutes: 60 uses: SonarSource/release-github-actions/.github/workflows/automated-release.yml@v1 permissions: statuses: read diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 45a95634552..2aa8355de7c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -5,7 +5,17 @@ on: - master - branch-* - dogfood-* + paths-ignore: + - '**.md' + - 'docs/**' + - '.github/CODEOWNERS' + - 'LICENSE' pull_request: + paths-ignore: + - '**.md' + - 'docs/**' + - '.github/CODEOWNERS' + - 'LICENSE' workflow_dispatch: schedule: - cron: "30 1 * * *" # Run daily at 1:30 AM UTC @@ -22,6 +32,7 @@ jobs: build: runs-on: github-ubuntu-latest-m # Public repo uses custom GitHub-hosted runner name: Build + timeout-minutes: 60 permissions: id-token: write # Required for Vault OIDC authentication contents: write # Required for repository access and tagging @@ -64,6 +75,7 @@ jobs: - build if: ${{ needs.build.outputs.deployed }} runs-on: ${{ matrix.item.runner }} + timeout-minutes: 60 permissions: id-token: write contents: write @@ -121,6 +133,7 @@ jobs: - build if: ${{ needs.build.outputs.deployed }} runs-on: github-ubuntu-latest-m + timeout-minutes: 60 permissions: id-token: write contents: write @@ -160,6 +173,7 @@ jobs: - build if: ${{ needs.build.outputs.deployed }} runs-on: github-ubuntu-latest-m + timeout-minutes: 60 permissions: id-token: write contents: write @@ -202,6 +216,7 @@ jobs: - build if: ${{ needs.build.outputs.deployed }} runs-on: github-ubuntu-latest-l + timeout-minutes: 60 permissions: id-token: write contents: write @@ -237,6 +252,7 @@ jobs: - build if: ${{ needs.build.outputs.deployed }} runs-on: github-ubuntu-latest-m + timeout-minutes: 60 permissions: id-token: write contents: write @@ -284,6 +300,7 @@ jobs: - build if: ${{ needs.build.outputs.deployed }} runs-on: github-ubuntu-latest-m + timeout-minutes: 60 permissions: id-token: write contents: write @@ -344,6 +361,7 @@ jobs: name: Build and Unit Test on Windows # No dependency on build step, because we do not need the build number. runs-on: github-windows-latest-m + timeout-minutes: 60 permissions: id-token: write # Required for Vault OIDC authentication contents: write # Required for repository access and tagging @@ -376,6 +394,7 @@ jobs: if: ${{ needs.build.outputs.deployed }} runs-on: github-ubuntu-latest-s # Public repo uses custom GitHub-hosted runners name: Promote + timeout-minutes: 15 permissions: id-token: write contents: write diff --git a/.github/workflows/dogfood.yml b/.github/workflows/dogfood.yml index 00c7d1d515c..ba80ed7649d 100644 --- a/.github/workflows/dogfood.yml +++ b/.github/workflows/dogfood.yml @@ -5,6 +5,11 @@ on: branches: - master - 'dogfood/**' + paths-ignore: + - '**.md' + - 'docs/**' + - '.github/CODEOWNERS' + - 'LICENSE' # commenting 'delete' action, as it is triggered way too often # delete: # branches: @@ -14,6 +19,7 @@ jobs: dogfood_merge: runs-on: github-ubuntu-latest-s name: Update dogfood branch + timeout-minutes: 15 permissions: id-token: write # required for SonarSource/vault-action-wrapper steps: diff --git a/.github/workflows/mark-prs-stale.yml b/.github/workflows/mark-prs-stale.yml index 12c46e40826..0709fb3bb5f 100644 --- a/.github/workflows/mark-prs-stale.yml +++ b/.github/workflows/mark-prs-stale.yml @@ -7,6 +7,7 @@ on: jobs: stale: runs-on: github-ubuntu-latest-s + timeout-minutes: 15 permissions: issues: write pull-requests: write diff --git a/.github/workflows/pr-cleanup.yml b/.github/workflows/pr-cleanup.yml index 4b1e8286fb6..12dde0f4de7 100644 --- a/.github/workflows/pr-cleanup.yml +++ b/.github/workflows/pr-cleanup.yml @@ -2,10 +2,20 @@ name: Cleanup PR Resources on: pull_request: types: [closed] + paths-ignore: + - '**.md' + - 'docs/**' + - '.github/CODEOWNERS' + - 'LICENSE' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true jobs: cleanup: runs-on: github-ubuntu-latest-s # Public repo + timeout-minutes: 15 permissions: actions: write steps: diff --git a/.github/workflows/releasability.yaml b/.github/workflows/releasability.yaml index 4999f62058f..ed81b23bc9b 100644 --- a/.github/workflows/releasability.yaml +++ b/.github/workflows/releasability.yaml @@ -12,6 +12,7 @@ jobs: releasability-job: name: Releasability check runs-on: github-ubuntu-latest-s + timeout-minutes: 30 permissions: id-token: write # required by SonarSource/vault-action-wrapper contents: read # required by checkout diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 52aa22101e8..7b37e2918e0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,6 +26,7 @@ jobs: permissions: id-token: write contents: write + timeout-minutes: 60 uses: SonarSource/gh-action_release/.github/workflows/main.yaml@v6 with: publishToBinaries: true diff --git a/.github/workflows/slack_notify.yml b/.github/workflows/slack_notify.yml index 505cf90b514..527885e3a3e 100644 --- a/.github/workflows/slack_notify.yml +++ b/.github/workflows/slack_notify.yml @@ -15,6 +15,7 @@ jobs: if: >- contains(fromJSON('["main", "master"]'), github.event.check_suite.head_branch) || startsWith(github.event.check_suite.head_branch, 'dogfood-') || startsWith(github.event.check_suite.head_branch, 'branch-') runs-on: github-ubuntu-latest-s + timeout-minutes: 15 steps: - name: Send Slack Notification env: diff --git a/.github/workflows/unified-dogfooding.yml b/.github/workflows/unified-dogfooding.yml index 2bfae282ee4..ec27f0b2b78 100644 --- a/.github/workflows/unified-dogfooding.yml +++ b/.github/workflows/unified-dogfooding.yml @@ -7,6 +7,7 @@ on: jobs: unified-platform-dogfooding: runs-on: github-ubuntu-latest-l + timeout-minutes: 60 name: Unified Platform Dogfooding permissions: id-token: write From 6feaf64695a0a1533743d87c3fe2157f6831c5af Mon Sep 17 00:00:00 2001 From: Tomasz Tylenda Date: Fri, 27 Mar 2026 14:31:31 +0100 Subject: [PATCH 2/2] Undo paths-ignore --- .github/workflows/PullRequestClosed.yml | 5 ----- .github/workflows/PullRequestCreated.yml | 5 ----- .github/workflows/RequestReview.yml | 5 ----- .github/workflows/build.yml | 10 ---------- .github/workflows/dogfood.yml | 5 ----- .github/workflows/pr-cleanup.yml | 5 ----- 6 files changed, 35 deletions(-) diff --git a/.github/workflows/PullRequestClosed.yml b/.github/workflows/PullRequestClosed.yml index b622b37dca0..52f62836d32 100644 --- a/.github/workflows/PullRequestClosed.yml +++ b/.github/workflows/PullRequestClosed.yml @@ -3,11 +3,6 @@ name: Pull Request Closed on: pull_request: types: [closed] - paths-ignore: - - '**.md' - - 'docs/**' - - '.github/CODEOWNERS' - - 'LICENSE' concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} diff --git a/.github/workflows/PullRequestCreated.yml b/.github/workflows/PullRequestCreated.yml index f08587347a4..474f3a7a2c8 100644 --- a/.github/workflows/PullRequestCreated.yml +++ b/.github/workflows/PullRequestCreated.yml @@ -3,11 +3,6 @@ name: Pull Request Created on: pull_request: types: ["opened"] - paths-ignore: - - '**.md' - - 'docs/**' - - '.github/CODEOWNERS' - - 'LICENSE' concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} diff --git a/.github/workflows/RequestReview.yml b/.github/workflows/RequestReview.yml index 41a9890a717..42ce2fa812b 100644 --- a/.github/workflows/RequestReview.yml +++ b/.github/workflows/RequestReview.yml @@ -3,11 +3,6 @@ name: Request review on: pull_request: types: ["review_requested"] - paths-ignore: - - '**.md' - - 'docs/**' - - '.github/CODEOWNERS' - - 'LICENSE' concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2aa8355de7c..9ea8b13a28d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -5,17 +5,7 @@ on: - master - branch-* - dogfood-* - paths-ignore: - - '**.md' - - 'docs/**' - - '.github/CODEOWNERS' - - 'LICENSE' pull_request: - paths-ignore: - - '**.md' - - 'docs/**' - - '.github/CODEOWNERS' - - 'LICENSE' workflow_dispatch: schedule: - cron: "30 1 * * *" # Run daily at 1:30 AM UTC diff --git a/.github/workflows/dogfood.yml b/.github/workflows/dogfood.yml index ba80ed7649d..950a05495bf 100644 --- a/.github/workflows/dogfood.yml +++ b/.github/workflows/dogfood.yml @@ -5,11 +5,6 @@ on: branches: - master - 'dogfood/**' - paths-ignore: - - '**.md' - - 'docs/**' - - '.github/CODEOWNERS' - - 'LICENSE' # commenting 'delete' action, as it is triggered way too often # delete: # branches: diff --git a/.github/workflows/pr-cleanup.yml b/.github/workflows/pr-cleanup.yml index 12dde0f4de7..a41b17ead52 100644 --- a/.github/workflows/pr-cleanup.yml +++ b/.github/workflows/pr-cleanup.yml @@ -2,11 +2,6 @@ name: Cleanup PR Resources on: pull_request: types: [closed] - paths-ignore: - - '**.md' - - 'docs/**' - - '.github/CODEOWNERS' - - 'LICENSE' concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}