From 745a05f48a6f896feb4346c1855e6066800f6aff Mon Sep 17 00:00:00 2001 From: Jack Luo Date: Fri, 19 Dec 2025 18:18:57 +0800 Subject: [PATCH 1/6] fix(ci): use GitHub-hosted runner for lightweight path filtering job The `filter-relevant-changes` job only performs git operations to detect changed paths. Using a GitHub-hosted runner avoids consuming self-hosted runner resources needed for heavier build jobs. --- .github/workflows/clp-artifact-build.yaml | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/.github/workflows/clp-artifact-build.yaml b/.github/workflows/clp-artifact-build.yaml index b47b0369a7..1f7d2174ed 100644 --- a/.github/workflows/clp-artifact-build.yaml +++ b/.github/workflows/clp-artifact-build.yaml @@ -28,12 +28,9 @@ concurrency: jobs: filter-relevant-changes: name: "filter-relevant-changes" - runs-on: &runner >- - ${{ - github.repository_owner == 'y-scope' - && fromJSON('["self-hosted", "x64", "ubuntu-noble"]') - || 'ubuntu-24.04' - }} + # This job only performs git operations to detect changed paths, so we use a GitHub-hosted + # runner to avoid consuming self-hosted runner resources needed for heavier build jobs. + runs-on: "ubuntu-24.04" outputs: centos_stream_9_image_changed: "${{steps.filter.outputs.centos_stream_9_image}}" manylinux_2_28_x86_64_image_changed: "${{steps.filter.outputs.manylinux_2_28_x86_64_image}}" @@ -104,7 +101,14 @@ jobs: name: "centos-stream-9-deps-image" if: "needs.filter-relevant-changes.outputs.centos_stream_9_image_changed == 'true'" needs: "filter-relevant-changes" - runs-on: *runner + # Define a reusable runner configuration for jobs that require Docker and benefit from + # self-hosted runner resources. Falls back to GitHub-hosted runners for non-y-scope forks. + runs-on: &runner >- + ${{ + github.repository_owner == 'y-scope' + && fromJSON('["self-hosted", "x64", "ubuntu-noble"]') + || 'ubuntu-24.04' + }} steps: - uses: "actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683" with: From 702cbbe056b17a4ac1bd16ee2618e424fe1a1248 Mon Sep 17 00:00:00 2001 From: Jack Luo Date: Fri, 19 Dec 2025 18:33:45 +0800 Subject: [PATCH 2/6] fix(ci): limit push event trigger to main branch only Prevents duplicate workflow runs when pushing to PR branches. PRs are tested via the pull_request event; the push event is only needed for testing commits merged to main. --- .github/workflows/clp-artifact-build.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/clp-artifact-build.yaml b/.github/workflows/clp-artifact-build.yaml index 1f7d2174ed..1dcf5d934b 100644 --- a/.github/workflows/clp-artifact-build.yaml +++ b/.github/workflows/clp-artifact-build.yaml @@ -8,6 +8,8 @@ on: - "components/core/tools/scripts/lib_install/macos/**" - "docs/**" push: + branches: + - "main" paths-ignore: *ignored_paths schedule: # Run daily at 00:15 UTC (the 15 is to avoid periods of high load) From b59fbd5a67c6dcc6080ecbf3b3c2bd258e850255 Mon Sep 17 00:00:00 2001 From: Jack Luo Date: Sat, 20 Dec 2025 09:29:59 +0800 Subject: [PATCH 3/6] fix(ci): use skip-duplicate-actions to prevent duplicate workflow runs Replace the push branch restriction with step-security/skip-duplicate-actions to handle duplicate runs when both push and pull_request events trigger. This action is: - Used by 9,234+ repositories including haskell-language-server, CNCF TOC, and MegaLinter - A security-hardened drop-in replacement for fkirc/skip-duplicate-actions - More flexible than limiting push to main branch only --- .github/workflows/clp-artifact-build.yaml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/.github/workflows/clp-artifact-build.yaml b/.github/workflows/clp-artifact-build.yaml index 1dcf5d934b..b8c5df1003 100644 --- a/.github/workflows/clp-artifact-build.yaml +++ b/.github/workflows/clp-artifact-build.yaml @@ -8,8 +8,6 @@ on: - "components/core/tools/scripts/lib_install/macos/**" - "docs/**" push: - branches: - - "main" paths-ignore: *ignored_paths schedule: # Run daily at 00:15 UTC (the 15 is to avoid periods of high load) @@ -28,8 +26,25 @@ concurrency: cancel-in-progress: "${{github.ref != 'refs/heads/main'}}" jobs: + skip-duplicate-check: + name: "skip-duplicate-check" + runs-on: "ubuntu-24.04" + outputs: + should_skip: "${{steps.skip_check.outputs.should_skip}}" + steps: + - id: "skip_check" + uses: "step-security/skip-duplicate-actions@v5" + with: + # Skip duplicate runs for the same content (e.g., when both push and pull_request trigger) + concurrent_skipping: "same_content" + skip_after_successful_duplicate: "true" + # Always run for scheduled builds and manual triggers + do_not_skip: '["schedule", "workflow_dispatch"]' + filter-relevant-changes: name: "filter-relevant-changes" + needs: "skip-duplicate-check" + if: "needs.skip-duplicate-check.outputs.should_skip != 'true'" # This job only performs git operations to detect changed paths, so we use a GitHub-hosted # runner to avoid consuming self-hosted runner resources needed for heavier build jobs. runs-on: "ubuntu-24.04" From e0e89b6b4c33001ed664c6355c1a7b45d383398c Mon Sep 17 00:00:00 2001 From: Jack Luo Date: Sat, 20 Dec 2025 09:38:57 +0800 Subject: [PATCH 4/6] fix(ci): switch to fkirc/skip-duplicate-actions step-security version requires a paid subscription. --- .github/workflows/clp-artifact-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/clp-artifact-build.yaml b/.github/workflows/clp-artifact-build.yaml index b8c5df1003..dd02ef53a3 100644 --- a/.github/workflows/clp-artifact-build.yaml +++ b/.github/workflows/clp-artifact-build.yaml @@ -33,7 +33,7 @@ jobs: should_skip: "${{steps.skip_check.outputs.should_skip}}" steps: - id: "skip_check" - uses: "step-security/skip-duplicate-actions@v5" + uses: "fkirc/skip-duplicate-actions@v5" with: # Skip duplicate runs for the same content (e.g., when both push and pull_request trigger) concurrent_skipping: "same_content" From ada1991b41f58a6c0551d992aa9a47a7641e379e Mon Sep 17 00:00:00 2001 From: Jack Luo Date: Sat, 20 Dec 2025 09:47:57 +0800 Subject: [PATCH 5/6] fix(ci): use double quotes for yamllint compliance --- .github/workflows/clp-artifact-build.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/clp-artifact-build.yaml b/.github/workflows/clp-artifact-build.yaml index dd02ef53a3..044090b123 100644 --- a/.github/workflows/clp-artifact-build.yaml +++ b/.github/workflows/clp-artifact-build.yaml @@ -38,8 +38,10 @@ jobs: # Skip duplicate runs for the same content (e.g., when both push and pull_request trigger) concurrent_skipping: "same_content" skip_after_successful_duplicate: "true" - # Always run for scheduled builds and manual triggers - do_not_skip: '["schedule", "workflow_dispatch"]' + # Always run for scheduled builds and manual triggers. + # NOTE: This is a JSON array string (required by the action), with escaped quotes for + # yamllint compliance. + do_not_skip: "[\"schedule\", \"workflow_dispatch\"]" filter-relevant-changes: name: "filter-relevant-changes" From 9f49be489529412acf6f566dd54bb9b5a5540af8 Mon Sep 17 00:00:00 2001 From: Jack Luo Date: Sun, 21 Dec 2025 10:26:59 +0800 Subject: [PATCH 6/6] refactor(ci): extract skip-duplicate-check to reusable workflow Create a reusable workflow for skip-duplicate-check that can be used by other workflows in the future. --- .github/workflows/clp-artifact-build.yaml | 16 +-------- .github/workflows/skip-duplicate-check.yaml | 40 +++++++++++++++++++++ 2 files changed, 41 insertions(+), 15 deletions(-) create mode 100644 .github/workflows/skip-duplicate-check.yaml diff --git a/.github/workflows/clp-artifact-build.yaml b/.github/workflows/clp-artifact-build.yaml index 044090b123..443116bb0f 100644 --- a/.github/workflows/clp-artifact-build.yaml +++ b/.github/workflows/clp-artifact-build.yaml @@ -27,21 +27,7 @@ concurrency: jobs: skip-duplicate-check: - name: "skip-duplicate-check" - runs-on: "ubuntu-24.04" - outputs: - should_skip: "${{steps.skip_check.outputs.should_skip}}" - steps: - - id: "skip_check" - uses: "fkirc/skip-duplicate-actions@v5" - with: - # Skip duplicate runs for the same content (e.g., when both push and pull_request trigger) - concurrent_skipping: "same_content" - skip_after_successful_duplicate: "true" - # Always run for scheduled builds and manual triggers. - # NOTE: This is a JSON array string (required by the action), with escaped quotes for - # yamllint compliance. - do_not_skip: "[\"schedule\", \"workflow_dispatch\"]" + uses: "./.github/workflows/skip-duplicate-check.yaml" filter-relevant-changes: name: "filter-relevant-changes" diff --git a/.github/workflows/skip-duplicate-check.yaml b/.github/workflows/skip-duplicate-check.yaml new file mode 100644 index 0000000000..abc13c0279 --- /dev/null +++ b/.github/workflows/skip-duplicate-check.yaml @@ -0,0 +1,40 @@ +name: "skip-duplicate-check" + +# Reusable workflow to skip duplicate runs when both push and pull_request events trigger on the +# same commit. Other workflows can call this and check the `should_skip` output to avoid redundant +# work. +# +# Usage: +# jobs: +# skip-check: +# uses: "./.github/workflows/skip-duplicate-check.yaml" +# +# my-job: +# needs: "skip-check" +# if: "needs.skip-check.outputs.should_skip != 'true'" +# ... + +on: + workflow_call: + outputs: + should_skip: + description: "Whether the workflow run should be skipped" + value: "${{jobs.check.outputs.should_skip}}" + +jobs: + check: + name: "skip-duplicate-check" + runs-on: "ubuntu-24.04" + outputs: + should_skip: "${{steps.skip_check.outputs.should_skip}}" + steps: + - id: "skip_check" + uses: "fkirc/skip-duplicate-actions@v5" + with: + # Skip duplicate runs for the same content (e.g., when both push and pull_request trigger) + concurrent_skipping: "same_content" + skip_after_successful_duplicate: "true" + # Always run for scheduled builds and manual triggers. + # NOTE: This is a JSON array string (required by the action), with escaped quotes for + # yamllint compliance. + do_not_skip: "[\"schedule\", \"workflow_dispatch\"]"