From 7e81370788516f8e2f676a725404293745bce348 Mon Sep 17 00:00:00 2001 From: "Jonathan D.A. Jewell" <6759885+hyperpolymath@users.noreply.github.com> Date: Fri, 19 Jun 2026 09:21:48 +0000 Subject: [PATCH 1/6] ci: cut Actions burn in .github/workflows/guix-nix-policy.yml (scope push + concurrency-cancel) --- .github/workflows/guix-nix-policy.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/guix-nix-policy.yml b/.github/workflows/guix-nix-policy.yml index dd21a8d..197c4dc 100644 --- a/.github/workflows/guix-nix-policy.yml +++ b/.github/workflows/guix-nix-policy.yml @@ -1,6 +1,15 @@ # SPDX-License-Identifier: MPL-2.0-or-later name: Guix/Nix Package Policy -on: [push, pull_request] +on: + push: + branches: [main, master] + pull_request: + +# Estate guardrail: scope push to default branches (PR fires once, not +# push+PR) and cancel superseded runs. Safe — read-only PR check. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true permissions: contents: read jobs: From 4f7f4f3c9f014c454aef78a6a76b4960e944386f Mon Sep 17 00:00:00 2001 From: "Jonathan D.A. Jewell" <6759885+hyperpolymath@users.noreply.github.com> Date: Fri, 19 Jun 2026 09:21:49 +0000 Subject: [PATCH 2/6] ci: cut Actions burn in .github/workflows/makefile-blocker.yml (scope push + concurrency-cancel) --- .github/workflows/makefile-blocker.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/makefile-blocker.yml b/.github/workflows/makefile-blocker.yml index d6f0e1b..b9fd347 100644 --- a/.github/workflows/makefile-blocker.yml +++ b/.github/workflows/makefile-blocker.yml @@ -1,6 +1,15 @@ # SPDX-License-Identifier: MPL-2.0-or-later name: Makefile Blocker -on: [push, pull_request] +on: + push: + branches: [main, master] + pull_request: + +# Estate guardrail: scope push to default branches (PR fires once, not +# push+PR) and cancel superseded runs. Safe — read-only PR check. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true permissions: contents: read jobs: From b67465bfa045a43f1dc7ea6977f0712a69c75735 Mon Sep 17 00:00:00 2001 From: "Jonathan D.A. Jewell" <6759885+hyperpolymath@users.noreply.github.com> Date: Fri, 19 Jun 2026 09:21:50 +0000 Subject: [PATCH 3/6] ci: cut Actions burn in .github/workflows/npm-bun-blocker.yml (scope push + concurrency-cancel) --- .github/workflows/npm-bun-blocker.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/npm-bun-blocker.yml b/.github/workflows/npm-bun-blocker.yml index 2fd984f..03be33e 100644 --- a/.github/workflows/npm-bun-blocker.yml +++ b/.github/workflows/npm-bun-blocker.yml @@ -1,6 +1,15 @@ # SPDX-License-Identifier: MPL-2.0 name: NPM/Bun Blocker -on: [push, pull_request] +on: + push: + branches: [main, master] + pull_request: + +# Estate guardrail: scope push to default branches (PR fires once, not +# push+PR) and cancel superseded runs. Safe — read-only PR check. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true permissions: contents: read From 91ac4855d459fe7ff670aa4b16c1c0e4c6db3e08 Mon Sep 17 00:00:00 2001 From: "Jonathan D.A. Jewell" <6759885+hyperpolymath@users.noreply.github.com> Date: Fri, 19 Jun 2026 09:21:51 +0000 Subject: [PATCH 4/6] ci: cut Actions burn in .github/workflows/quality.yml (scope push + concurrency-cancel) --- .github/workflows/quality.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml index f6f7ab5..9ffe078 100644 --- a/.github/workflows/quality.yml +++ b/.github/workflows/quality.yml @@ -1,6 +1,15 @@ # SPDX-License-Identifier: MPL-2.0-or-later name: Code Quality -on: [push, pull_request] +on: + push: + branches: [main, master] + pull_request: + +# Estate guardrail: scope push to default branches (PR fires once, not +# push+PR) and cancel superseded runs. Safe — read-only PR check. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true permissions: contents: read From e340c0bd0d5308a724198d973095f6efa77864a2 Mon Sep 17 00:00:00 2001 From: "Jonathan D.A. Jewell" <6759885+hyperpolymath@users.noreply.github.com> Date: Fri, 19 Jun 2026 09:21:52 +0000 Subject: [PATCH 5/6] ci: cut Actions burn in .github/workflows/security-policy.yml (scope push + concurrency-cancel) --- .github/workflows/security-policy.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/security-policy.yml b/.github/workflows/security-policy.yml index 193933c..aa44af0 100644 --- a/.github/workflows/security-policy.yml +++ b/.github/workflows/security-policy.yml @@ -1,6 +1,15 @@ # SPDX-License-Identifier: MPL-2.0-or-later name: Security Policy -on: [push, pull_request] +on: + push: + branches: [main, master] + pull_request: + +# Estate guardrail: scope push to default branches (PR fires once, not +# push+PR) and cancel superseded runs. Safe — read-only PR check. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true permissions: contents: read jobs: From 36ac8c6b24b4d84577c917470c65ccbbcacd0ad7 Mon Sep 17 00:00:00 2001 From: "Jonathan D.A. Jewell" <6759885+hyperpolymath@users.noreply.github.com> Date: Fri, 19 Jun 2026 09:21:52 +0000 Subject: [PATCH 6/6] ci: cut Actions burn in .github/workflows/ts-blocker.yml (scope push + concurrency-cancel) --- .github/workflows/ts-blocker.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ts-blocker.yml b/.github/workflows/ts-blocker.yml index 6453445..e92d2d9 100644 --- a/.github/workflows/ts-blocker.yml +++ b/.github/workflows/ts-blocker.yml @@ -1,6 +1,15 @@ # SPDX-License-Identifier: MPL-2.0 name: TypeScript/JavaScript Blocker -on: [push, pull_request] +on: + push: + branches: [main, master] + pull_request: + +# Estate guardrail: scope push to default branches (PR fires once, not +# push+PR) and cancel superseded runs. Safe — read-only PR check. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true permissions: contents: read