From 201aa007b35feb12e93e1067ac37c4ef6db8f64e Mon Sep 17 00:00:00 2001
From: Ivan Shumkov <ivan@shumkov.ru>
Date: Mon, 11 Nov 2024 18:21:30 +0700
Subject: [PATCH 1/2] ci: fix run cancellation of closed PRs

---
 .github/workflows/manage-runs.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/manage-runs.yml b/.github/workflows/manage-runs.yml
index 29bc43aa535..99fba8cbf9f 100644
--- a/.github/workflows/manage-runs.yml
+++ b/.github/workflows/manage-runs.yml
@@ -16,12 +16,13 @@ jobs:
           owner: dashpay
           repo: platform
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ github.token }}
 
       - name: Extract running workflow ids
         id: extract_workflow_ids
         run: |
-          current_branch=${GITHUB_HEAD_REF}
+          current_branch="${{ github.event.pull_request.head.ref }}"
+          echo "Current branch: $current_branch"
 
           # loop thru the workflows found & filter out ones that are not on PRs pointing to this branch
           workflow_ids=$(echo '${{ steps.get_active_workflows.outputs.data }}' | \
@@ -42,6 +43,6 @@ jobs:
             curl \
               -X POST \
               -H "Accept: application/vnd.github+json" \
-              -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+              -H "Authorization: Bearer ${{ github.token }}" \
               https://api.github.com/repos/${{ github.repository }}/actions/runs/$id/cancel
           done

From 119d5a41812c39e03263c365b82fbe45ab3538a2 Mon Sep 17 00:00:00 2001
From: ivanshumkov <ivanshumkov@gmail.com>
Date: Wed, 4 Dec 2024 13:57:38 +0700
Subject: [PATCH 2/2] ci: add timeouts

---
 .github/workflows/cached.yml                 | 23 ----------
 .github/workflows/manage-runs.yml            | 48 --------------------
 .github/workflows/prebuild-devcontainers.yml |  2 +-
 .github/workflows/tests-build-image.yml      |  1 +
 .github/workflows/tests-build-js.yml         |  1 +
 .github/workflows/tests-codeql.yml           |  1 +
 .github/workflows/tests-js-package.yml       |  2 +
 .github/workflows/tests-rs-package.yml       |  1 +
 8 files changed, 7 insertions(+), 72 deletions(-)
 delete mode 100644 .github/workflows/cached.yml
 delete mode 100644 .github/workflows/manage-runs.yml

diff --git a/.github/workflows/cached.yml b/.github/workflows/cached.yml
deleted file mode 100644
index 12eed8dd3e8..00000000000
--- a/.github/workflows/cached.yml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-name: Rebuild cached dependencies
-
-on:
-  workflow_dispatch:
-jobs:
-  build-rust-deps:
-    name: Prebuild and cache some Rust dependencies
-    runs-on: ubuntu-24.04
-    env:
-      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-      AWS_REGION: ${{ secrets.AWS_REGION }}
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-      - name: Precompile librocksdb
-        uses: ./.github/actions/librocksdb
-        with:
-          force: true
diff --git a/.github/workflows/manage-runs.yml b/.github/workflows/manage-runs.yml
deleted file mode 100644
index 99fba8cbf9f..00000000000
--- a/.github/workflows/manage-runs.yml
+++ /dev/null
@@ -1,48 +0,0 @@
-name: Manage runs
-on:
-  pull_request:
-    types:
-      - closed
-
-jobs:
-  cancel-merged-or-closed-pr-runs:
-    name: Cancel runs for merged or closed PRs
-    runs-on: ubuntu-24.04
-    steps:
-      - uses: octokit/request-action@v2.x
-        id: get_active_workflows
-        with:
-          route: GET /repos/{owner}/{repo}/actions/runs?status=in_progress&event=pull_request
-          owner: dashpay
-          repo: platform
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-
-      - name: Extract running workflow ids
-        id: extract_workflow_ids
-        run: |
-          current_branch="${{ github.event.pull_request.head.ref }}"
-          echo "Current branch: $current_branch"
-
-          # loop thru the workflows found & filter out ones that are not on PRs pointing to this branch
-          workflow_ids=$(echo '${{ steps.get_active_workflows.outputs.data }}' | \
-            jq '.workflow_runs | map({id, head_branch})' | \
-            jq 'map(select(.head_branch == "'$current_branch'")) | map(.id)' | \
-            jq 'join(",")')
-
-          # strip the wrapping quote marks before passing to next step
-          echo 'WORKFLOW_IDS='$(echo $workflow_ids | tr -d '"') >> $GITHUB_ENV
-
-      - name: Cancel active workflow runs
-        run: |
-          for id in ${WORKFLOW_IDS//,/ }
-          do
-            echo "Cancelling workflow with id: $id"
-
-            # use curl here as I have no idea how to use a github action in a loop
-            curl \
-              -X POST \
-              -H "Accept: application/vnd.github+json" \
-              -H "Authorization: Bearer ${{ github.token }}" \
-              https://api.github.com/repos/${{ github.repository }}/actions/runs/$id/cancel
-          done
diff --git a/.github/workflows/prebuild-devcontainers.yml b/.github/workflows/prebuild-devcontainers.yml
index c7d4ee28f04..38a1ecd4031 100644
--- a/.github/workflows/prebuild-devcontainers.yml
+++ b/.github/workflows/prebuild-devcontainers.yml
@@ -19,7 +19,7 @@ jobs:
   build:
     name: Build and push devcontainer
     runs-on: ubuntu-24.04
-    timeout-minutes: 60
+    timeout-minutes: 240
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4
diff --git a/.github/workflows/tests-build-image.yml b/.github/workflows/tests-build-image.yml
index 328a6ce2d4c..09e9c5f0382 100644
--- a/.github/workflows/tests-build-image.yml
+++ b/.github/workflows/tests-build-image.yml
@@ -18,6 +18,7 @@ jobs:
   build-image:
     name: Build ${{ inputs.name }} image
     runs-on: ubuntu-24.04
+    timeout-minutes: 30
     steps:
       - name: Check out repo
         uses: actions/checkout@v4
diff --git a/.github/workflows/tests-build-js.yml b/.github/workflows/tests-build-js.yml
index bc67850ad99..965c8c473ad 100644
--- a/.github/workflows/tests-build-js.yml
+++ b/.github/workflows/tests-build-js.yml
@@ -5,6 +5,7 @@ jobs:
   build-js:
     name: Build JS
     runs-on: ubuntu-24.04
+    timeout-minutes: 10
     steps:
       - name: Configure AWS credentials and bucket region
         uses: aws-actions/configure-aws-credentials@v4
diff --git a/.github/workflows/tests-codeql.yml b/.github/workflows/tests-codeql.yml
index 78a3f53aeb7..73d8db467ff 100644
--- a/.github/workflows/tests-codeql.yml
+++ b/.github/workflows/tests-codeql.yml
@@ -5,6 +5,7 @@ jobs:
   codeql:
     name: Run Code QL
     runs-on: ubuntu-24.04
+    timeout-minutes: 15
     permissions:
       actions: read
       contents: read
diff --git a/.github/workflows/tests-js-package.yml b/.github/workflows/tests-js-package.yml
index bdffc8cd41f..9b6fe04f5ba 100644
--- a/.github/workflows/tests-js-package.yml
+++ b/.github/workflows/tests-js-package.yml
@@ -18,6 +18,7 @@ jobs:
   lint:
     name: Linting
     runs-on: ubuntu-24.04
+    timeout-minutes: 5
     permissions:
       id-token: write
       contents: read
@@ -52,6 +53,7 @@ jobs:
   test:
     name: Tests
     runs-on: ubuntu-24.04
+    timeout-minutes: 15
     permissions:
       id-token: write
       contents: read
diff --git a/.github/workflows/tests-rs-package.yml b/.github/workflows/tests-rs-package.yml
index a05e68ee6ce..42aa4e747a0 100644
--- a/.github/workflows/tests-rs-package.yml
+++ b/.github/workflows/tests-rs-package.yml
@@ -124,6 +124,7 @@ jobs:
 
   detect_structure_changes:
     name: Detect immutable structure changes
+    timeout-minutes: 10
     runs-on: ubuntu-24.04
     # FIXME: as we use `gh pr view` below, this check can only
     # run on pull requests. We should find a way to run it