diff --git a/.github/workflows/api-update-electron-api-types.yaml b/.github/workflows/api-update-electron-api-types.yaml index befffc6f1d6..70c1e47bea7 100644 --- a/.github/workflows/api-update-electron-api-types.yaml +++ b/.github/workflows/api-update-electron-api-types.yaml @@ -4,6 +4,14 @@ name: 'Api: Update Electron API Types' on: workflow_dispatch: +permissions: + contents: write + pull-requests: write + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: update-electron-types: runs-on: ubuntu-latest @@ -46,3 +54,4 @@ jobs: labels: | dependencies Electron + diff --git a/.github/workflows/api-update-manager-api-types.yaml b/.github/workflows/api-update-manager-api-types.yaml index 99a148fff7a..2b82cb57225 100644 --- a/.github/workflows/api-update-manager-api-types.yaml +++ b/.github/workflows/api-update-manager-api-types.yaml @@ -10,6 +10,14 @@ on: required: true default: 'main' +permissions: + contents: write + pull-requests: write + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: update-manager-types: runs-on: ubuntu-latest @@ -104,3 +112,4 @@ jobs: delete-branch: true add-paths: | src/types/generatedManagerTypes.ts + diff --git a/.github/workflows/ci-json-validation.yaml b/.github/workflows/ci-json-validation.yaml index 20a2743d192..e2fa0d42205 100644 --- a/.github/workflows/ci-json-validation.yaml +++ b/.github/workflows/ci-json-validation.yaml @@ -9,6 +9,13 @@ on: paths: - '**/*.json' +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: json-lint: runs-on: ubuntu-latest @@ -16,3 +23,4 @@ jobs: - uses: actions/checkout@v6 - name: Validate JSON syntax run: ./scripts/cicd/check-json.sh + diff --git a/.github/workflows/ci-python-validation.yaml b/.github/workflows/ci-python-validation.yaml index cf392f1bf3b..48ead553aad 100644 --- a/.github/workflows/ci-python-validation.yaml +++ b/.github/workflows/ci-python-validation.yaml @@ -10,6 +10,13 @@ on: paths: - 'tools/devtools/**' +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: syntax: runs-on: ubuntu-latest @@ -25,3 +32,4 @@ jobs: - name: Validate Python syntax run: python3 -m compileall -q tools/devtools + diff --git a/.github/workflows/ci-shell-validation.yaml b/.github/workflows/ci-shell-validation.yaml index 72ac4be230b..909b1648634 100644 --- a/.github/workflows/ci-shell-validation.yaml +++ b/.github/workflows/ci-shell-validation.yaml @@ -11,6 +11,13 @@ on: paths: - '**/*.sh' +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: shell-lint: runs-on: ubuntu-latest @@ -24,3 +31,4 @@ jobs: - name: Run shellcheck run: bash ./scripts/cicd/check-shell.sh + diff --git a/.github/workflows/ci-tests-storybook.yaml b/.github/workflows/ci-tests-storybook.yaml index f53a254cf91..651b440ac21 100644 --- a/.github/workflows/ci-tests-storybook.yaml +++ b/.github/workflows/ci-tests-storybook.yaml @@ -7,6 +7,10 @@ on: push: branches: [main] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: changes: runs-on: ubuntu-latest @@ -240,3 +244,4 @@ jobs: body: updatedBody }); } + diff --git a/.github/workflows/ci-yaml-validation.yaml b/.github/workflows/ci-yaml-validation.yaml index 876fcfc4c00..c94e0e09e84 100644 --- a/.github/workflows/ci-yaml-validation.yaml +++ b/.github/workflows/ci-yaml-validation.yaml @@ -13,6 +13,13 @@ on: - '**/*.yml' - '**/*.yaml' +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: yaml-lint: runs-on: ubuntu-latest @@ -31,3 +38,4 @@ jobs: - name: Validate YAML syntax and style run: ./scripts/cicd/check-yaml.sh + diff --git a/.github/workflows/cloud-backport-tag.yaml b/.github/workflows/cloud-backport-tag.yaml index 73b01c682bf..8628d03f5ce 100644 --- a/.github/workflows/cloud-backport-tag.yaml +++ b/.github/workflows/cloud-backport-tag.yaml @@ -6,6 +6,10 @@ on: types: ['closed'] branches: [cloud/*] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: create-tag: if: > @@ -67,3 +71,4 @@ jobs: echo "Version: ${VERSION}" echo "Commit: ${{ github.event.pull_request.merge_commit_sha }}" } >> "$GITHUB_STEP_SUMMARY" + diff --git a/.github/workflows/cloud-dispatch-cleanup.yaml b/.github/workflows/cloud-dispatch-cleanup.yaml index 764abffbd67..5105068dfc3 100644 --- a/.github/workflows/cloud-dispatch-cleanup.yaml +++ b/.github/workflows/cloud-dispatch-cleanup.yaml @@ -14,6 +14,10 @@ on: permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: dispatch: # Only dispatch when: @@ -37,3 +41,4 @@ jobs: event-type: frontend-preview-cleanup client-payload: >- {"pr_number": "${{ github.event.pull_request.number }}"} + diff --git a/.github/workflows/i18n-update-core.yaml b/.github/workflows/i18n-update-core.yaml index 5f0985b93fb..5438de0a2c5 100644 --- a/.github/workflows/i18n-update-core.yaml +++ b/.github/workflows/i18n-update-core.yaml @@ -9,6 +9,14 @@ on: branches: [main] types: [opened, synchronize, reopened] +permissions: + contents: write + pull-requests: write + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: update-locales: # Branch detection: Only run for manual dispatch or version-bump-* branches from main repo @@ -59,3 +67,4 @@ jobs: git add src/locales/ git diff --staged --quiet || git commit -m "Update locales" git push origin HEAD:${{ github.head_ref }} + diff --git a/.github/workflows/i18n-update-custom-nodes.yaml b/.github/workflows/i18n-update-custom-nodes.yaml index 225c1b3e360..87755b07918 100644 --- a/.github/workflows/i18n-update-custom-nodes.yaml +++ b/.github/workflows/i18n-update-custom-nodes.yaml @@ -17,6 +17,14 @@ on: type: string default: 'Comfy-Org' +permissions: + contents: write + pull-requests: write + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: update-locales: runs-on: ubuntu-latest @@ -134,3 +142,4 @@ jobs: gh pr create --title "Update locales for ${{ inputs.repository }}" --repo ${{ inputs.owner }}/${{ inputs.repository }} --head ${{ inputs.fork_owner }}:update-locales --body "Update locales for ${{ inputs.repository }}" env: GH_TOKEN: ${{ secrets.PR_GH_TOKEN }} + diff --git a/.github/workflows/i18n-update-nodes.yaml b/.github/workflows/i18n-update-nodes.yaml index 5a72e5b1098..1c827e1dcba 100644 --- a/.github/workflows/i18n-update-nodes.yaml +++ b/.github/workflows/i18n-update-nodes.yaml @@ -9,6 +9,14 @@ on: type: string default: 'manual' +permissions: + contents: write + pull-requests: write + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: update-locales: runs-on: ubuntu-latest @@ -52,3 +60,4 @@ jobs: branch: update-locales-node-defs-${{ github.event.inputs.trigger_type }}-${{ github.run_id }} base: main labels: dependencies + diff --git a/.github/workflows/model-page-discovery.yaml b/.github/workflows/model-page-discovery.yaml index 457c7546aaf..a97ab5dcc49 100644 --- a/.github/workflows/model-page-discovery.yaml +++ b/.github/workflows/model-page-discovery.yaml @@ -5,6 +5,13 @@ on: - cron: '0 9 * * 1' workflow_dispatch: +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: discover: runs-on: ubuntu-latest @@ -121,3 +128,4 @@ jobs: - name: No new models found if: steps.compare.outputs.new_count == '0' run: echo "No new models found — nothing to do." + diff --git a/.github/workflows/pr-request-team-review.yaml b/.github/workflows/pr-request-team-review.yaml index d580127cc44..c95ae671f19 100644 --- a/.github/workflows/pr-request-team-review.yaml +++ b/.github/workflows/pr-request-team-review.yaml @@ -8,6 +8,10 @@ on: permissions: pull-requests: write +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: request-review: if: >- @@ -22,3 +26,4 @@ jobs: gh pr edit ${{ github.event.pull_request.number }} \ --repo ${{ github.repository }} \ --add-reviewer Comfy-org/comfy_frontend_devs + diff --git a/.github/workflows/publish-desktop-ui-on-merge.yaml b/.github/workflows/publish-desktop-ui-on-merge.yaml index 7c09b30ce63..753e790d009 100644 --- a/.github/workflows/publish-desktop-ui-on-merge.yaml +++ b/.github/workflows/publish-desktop-ui-on-merge.yaml @@ -8,6 +8,10 @@ on: paths: - 'apps/desktop-ui/package.json' +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false + jobs: resolve: name: Resolve Version and Dist Tag @@ -81,3 +85,4 @@ jobs: with: issue-number: ${{ github.event.pull_request.number }} version_file: apps/desktop-ui/package.json + diff --git a/.github/workflows/release-biweekly-comfyui.yaml b/.github/workflows/release-biweekly-comfyui.yaml index 8c3f181fdbd..de4e68bdc0e 100644 --- a/.github/workflows/release-biweekly-comfyui.yaml +++ b/.github/workflows/release-biweekly-comfyui.yaml @@ -24,6 +24,10 @@ on: default: 'Comfy-Org/ComfyUI' type: string +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false + jobs: check-release-week: runs-on: ubuntu-latest @@ -456,3 +460,4 @@ jobs: echo "" >> $GITHUB_STEP_SUMMARY echo "### PR Body:" >> $GITHUB_STEP_SUMMARY cat pr-body.txt >> $GITHUB_STEP_SUMMARY + diff --git a/.github/workflows/release-branch-create.yaml b/.github/workflows/release-branch-create.yaml index 51b9f338722..af896b01c12 100644 --- a/.github/workflows/release-branch-create.yaml +++ b/.github/workflows/release-branch-create.yaml @@ -7,6 +7,10 @@ on: paths: - 'package.json' +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false + jobs: create-release-branch: runs-on: ubuntu-latest @@ -279,3 +283,4 @@ jobs: 3. Create a PR targeting that branch 4. Apply the matching \`core/x.y\` or \`cloud/x.y\` label EOF + diff --git a/.github/workflows/release-draft-create.yaml b/.github/workflows/release-draft-create.yaml index e6a442e7c39..7740c9e435c 100644 --- a/.github/workflows/release-draft-create.yaml +++ b/.github/workflows/release-draft-create.yaml @@ -8,6 +8,10 @@ on: paths: - 'package.json' +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false + jobs: build: runs-on: ubuntu-latest @@ -130,3 +134,4 @@ jobs: with: issue-number: ${{ github.event.pull_request.number }} version_file: package.json + diff --git a/.github/workflows/release-pypi-dev.yaml b/.github/workflows/release-pypi-dev.yaml index 315e7566b1f..2219b06a633 100644 --- a/.github/workflows/release-pypi-dev.yaml +++ b/.github/workflows/release-pypi-dev.yaml @@ -8,6 +8,10 @@ on: required: true type: number +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false + jobs: build: runs-on: ubuntu-latest @@ -77,3 +81,4 @@ jobs: with: password: ${{ secrets.PYPI_TOKEN }} packages-dir: comfyui_frontend_package/dist + diff --git a/.github/workflows/version-bump-desktop-ui.yaml b/.github/workflows/version-bump-desktop-ui.yaml index fc20daa8b66..8f9fa9d103a 100644 --- a/.github/workflows/version-bump-desktop-ui.yaml +++ b/.github/workflows/version-bump-desktop-ui.yaml @@ -20,6 +20,10 @@ on: default: 'main' type: string +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false + jobs: bump-version-desktop-ui: runs-on: ubuntu-latest @@ -90,3 +94,4 @@ jobs: base: ${{ github.event.inputs.branch }} labels: | Release +