From b40260d13866371685d2625bdf5f5fbcd271b492 Mon Sep 17 00:00:00 2001 From: Cedoor Date: Mon, 16 Mar 2026 16:19:31 +0100 Subject: [PATCH 1/2] ci: cancel workflow on lint/compile failures to save CI spend --- .github/workflows/ci.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4f0a5a34fc..e9a0c37d18 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,6 +25,7 @@ env: RUST_BACKTRACE: 1 permissions: + actions: write contents: read packages: write @@ -162,6 +163,12 @@ jobs: - name: Run Unit Tests run: 'cargo test --lib && cargo test --doc' + - name: Cancel workflow on failure + if: failure() + run: gh run cancel ${{ github.run_id }} + env: + GH_TOKEN: ${{ github.token }} + rust_integration_tests: needs: [detect_changes] if: needs.detect_changes.outputs.rust_integration_tests == 'true' @@ -370,6 +377,12 @@ jobs: echo "## Test results" >> $GITHUB_STEP_SUMMARY echo "✅ Passed" >> $GITHUB_STEP_SUMMARY + - name: Cancel workflow on failure + if: failure() + run: gh run cancel ${{ github.run_id }} + env: + GH_TOKEN: ${{ github.token }} + test_net: needs: [detect_changes] if: needs.detect_changes.outputs.net == 'true' From d67783145bc8ef7f887f7cf62152ac9349c97d92 Mon Sep 17 00:00:00 2001 From: Cedoor Date: Mon, 16 Mar 2026 16:49:54 +0100 Subject: [PATCH 2/2] ci: add specific workflow permissions --- .github/workflows/ci.yml | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e9a0c37d18..c648364898 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,7 +25,6 @@ env: RUST_BACKTRACE: 1 permissions: - actions: write contents: read packages: write @@ -123,6 +122,9 @@ jobs: if: needs.detect_changes.outputs.rust_unit_tests == 'true' timeout-minutes: 20 runs-on: 'ubuntu-latest' + permissions: + contents: read + actions: write steps: - uses: actions/checkout@v6 @@ -344,6 +346,9 @@ jobs: if: needs.detect_changes.outputs.contracts == 'true' timeout-minutes: 15 runs-on: 'ubuntu-latest' + permissions: + contents: read + actions: write steps: - name: 'Check out the repo' uses: 'actions/checkout@v6' @@ -533,6 +538,9 @@ jobs: if: needs.detect_changes.outputs.build_enclave_cli == 'true' timeout-minutes: 20 runs-on: 'ubuntu-latest' + permissions: + contents: read + actions: write steps: - uses: actions/checkout@v6 with: @@ -562,6 +570,12 @@ jobs: path: ~/.cargo/bin/enclave retention-days: 1 + - name: Cancel workflow on failure + if: failure() + run: gh run cancel ${{ github.run_id }} + env: + GH_TOKEN: ${{ github.token }} + crisp_unit: needs: [detect_changes, build_crisp_sdk] if: needs.detect_changes.outputs.crisp == 'true' @@ -757,6 +771,9 @@ jobs: if: needs.detect_changes.outputs.build_circuits == 'true' timeout-minutes: 30 runs-on: 'ubuntu-latest' + permissions: + contents: read + actions: write steps: - uses: actions/checkout@v6 with: @@ -821,6 +838,12 @@ jobs: retention-days: 1 if-no-files-found: error + - name: Cancel workflow on failure + if: failure() + run: gh run cancel ${{ github.run_id }} + env: + GH_TOKEN: ${{ github.token }} + zk_prover_e2e: needs: [detect_changes, build_circuits] if: needs.detect_changes.outputs.zk == 'true'