From da6dec93195fc8e1b5f0b732bbd66d23dcfd4876 Mon Sep 17 00:00:00 2001
From: Viktor Szakats <commit@vsz.me>
Date: Fri, 24 Oct 2025 14:15:28 +0200
Subject: [PATCH] GHA: set concurrency, zizmor Dependabot, set cooldown

Closes #1734
---
 .github/dependabot.yml               | 9 +++++++++
 .github/workflows/ci.yml             | 2 +-
 .github/workflows/codeql.yml         | 3 ++-
 .github/workflows/openssh_server.yml | 4 ++++
 4 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index d2e4d1bb..9585c5c4 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -8,6 +8,8 @@ updates:
     directory: '/'
     schedule:
       interval: 'monthly'
+    cooldown:
+      default-days: 7
     commit-message:
       prefix: 'GHA:'
 
@@ -15,6 +17,11 @@ updates:
     directory: '/.github/workflows'
     schedule:
       interval: 'monthly'
+    cooldown:
+      default-days: 7
+      semver-major-days: 15
+      semver-minor-days: 7
+      semver-patch-days: 3
     commit-message:
       prefix: 'GHA:'
 
@@ -22,5 +29,7 @@ updates:
     directory: '/tests/openssh_server'
     schedule:
       interval: 'monthly'
+    cooldown:
+      default-days: 15
     commit-message:
       prefix: 'GHA:'
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 06ab7b62..e50c2541 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -56,7 +56,7 @@ jobs:
           GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
         run: |
           eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
-          zizmor --pedantic .github/workflows/*.yml
+          zizmor --pedantic .github/workflows/*.yml .github/dependabot.yml
 
       - name: 'shellcheck GHA'
         run: |
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index e8f0305a..6a52d9df 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -17,7 +17,8 @@ name: 'CodeQL'
     - cron: '0 0 * * 4'
 
 concurrency:
-  group: ${{ github.workflow }}
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
 
 permissions: {}
 
diff --git a/.github/workflows/openssh_server.yml b/.github/workflows/openssh_server.yml
index e8b52ae4..22ef5023 100644
--- a/.github/workflows/openssh_server.yml
+++ b/.github/workflows/openssh_server.yml
@@ -30,6 +30,10 @@ name: 'OpenSSH Server Docker Image'
   push:
     branches: [master]
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.sha }}
+  cancel-in-progress: true
+
 permissions: {}
 
 jobs: