chore: standardize Blacksmith runner, concurrency + job timeouts#101
Conversation
Org-wide Actions hygiene sweep (developerz-ai/infrastructure#300). All 14 jobs across ci/docker-publish/publish-test/publish get timeout-minutes (lint/verify 10, tests/coverage/build-in-ci 15, publish/release/build-in-publish 30) so a hung job cannot run to GitHub's 6h default. The three publishers gain a concurrency block with hard cancel-in-progress: false - PyPI publish, TestPyPI, and the tag image + provenance attestation are irreversible and must never auto-cancel. ci.yml's existing concurrency stays; the publish-test 4vcpu runner stays. CI-standard note in CLAUDE.md. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (5)
📝 WalkthroughWalkthroughGitHub Actions workflows across this repository are updated to enforce execution safety: seven CI jobs receive explicit timeout limits, and three publish-related workflows ( ChangesCI and publish workflow configuration
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes Possibly related issues
Possibly related PRs
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
@CodeRabbit full review |
✅ Action performedFull review finished. |
|
@CodeRabbit full review |
✅ Action performedFull review finished. |
|
@coderabbitai full review |
✅ Action performedFull review finished. |
|
@coderabbitai full review |
✅ Action performedFull review finished. |
|
Post-merge live test: PASS - 2026-06-12. CI run on merge commit 1071712 completed green on main (all 7 jobs with the new timeout-minutes). The 3 publish workflows are tag-triggered and unexercised here - their hard cancel-in-progress: false blocks take effect on the next release tag; semantics documented in the PR body, actionlint-verified pre-merge. |
What
Adds
timeout-minutesto all 14 jobs across the 4 workflows and a hardcancel-in-progress: falseconcurrencyblock to the 3 publish workflows.ci.yml's existing concurrency and thepublish-test4vcpu runner are unchanged. Appends the org CI-standard note toCLAUDE.md.Why
Part of the org-wide Actions hygiene sweep (developerz-ai/infrastructure#300, motivated by wurk run 27345104330 hanging 24 min without a job timeout). PyPI publishes are irreversible — the publishers must never auto-cancel mid-flight; timeouts are sized to catch a hang, not bound runtime.
Changes
ci.yml:lint10;test-unit/test-integration/test-property/coverage/build/cli-test15. Concurrency UNCHANGED (cancel:truestays — pure CI).docker-publish.yml:build-and-push30 + newconcurrencyblock (group: ${{ github.workflow }}-${{ github.ref }},cancel-in-progress: false) — tag image + provenance attestation.publish-test.yml:build-and-publish30 + same hard-false block;blacksmith-4vcpurunner kept (deliberate).publish.yml:verify10,test15,build30,create-release30,publish-pypi30 + same hard-false block.CLAUDE.md: trailing## CI standardsection appended.Note: the planning spec referred to the
docker-publish.ymljob asbuild-and-publish; the actual job id isbuild-and-push(the workflow's only job, matching the spec's description) — applied there.Verification
actionlint 1.7.12on all 4 changed workflows: zero findings on any touched line. 24 pre-existing shellcheck findings (SC2086 x23, SC2129 x1) live inside untouchedrun:script blocks; linting the HEAD blobs gives identical per-file counts (ci 3, docker-publish 19, publish-test 1, publish 1), so none were introduced here.ci.yml's concurrency block and everyruns-online have no hunk.Closes developerz-ai/infrastructure#309
Summary by CodeRabbit
Release Notes
Chores
Documentation