diff --git a/.github/workflows/scenario-ai-contact-centre.yml b/.github/workflows/scenario-ai-contact-centre.yml index 7dad8e28..41e2f109 100644 --- a/.github/workflows/scenario-ai-contact-centre.yml +++ b/.github/workflows/scenario-ai-contact-centre.yml @@ -11,8 +11,11 @@ on: workflow_dispatch: concurrency: - group: scenario-ai-contact-centre-${{ github.ref }} - cancel-in-progress: true + # Repo-wide group across ALL scenario callers because ISB caps ci-bot + # at 1 active lease at a time (maxLeasesPerUser). Concurrent dispatches + # would 409. Serialise here so each scenario gets a turn. + group: scenario-ci-pool + cancel-in-progress: false permissions: id-token: write diff --git a/.github/workflows/scenario-bops-planning.yml b/.github/workflows/scenario-bops-planning.yml index f97412b5..786d937e 100644 --- a/.github/workflows/scenario-bops-planning.yml +++ b/.github/workflows/scenario-bops-planning.yml @@ -11,8 +11,11 @@ on: workflow_dispatch: concurrency: - group: scenario-bops-planning-${{ github.ref }} - cancel-in-progress: true + # Repo-wide group across ALL scenario callers because ISB caps ci-bot + # at 1 active lease at a time (maxLeasesPerUser). Concurrent dispatches + # would 409. Serialise here so each scenario gets a turn. + group: scenario-ci-pool + cancel-in-progress: false permissions: id-token: write diff --git a/.github/workflows/scenario-council-chatbot.yml b/.github/workflows/scenario-council-chatbot.yml index d1037219..5f5b2ad1 100644 --- a/.github/workflows/scenario-council-chatbot.yml +++ b/.github/workflows/scenario-council-chatbot.yml @@ -14,11 +14,11 @@ on: workflow_dispatch: concurrency: - # One run per branch; cancel a superseded run in flight (the new commit - # will get a fresh lease — releasing the old lease happens on the - # cancelled run's if: always() release step, or eventually by the janitor). - group: scenario-council-chatbot-${{ github.ref }} - cancel-in-progress: true + # Repo-wide group across ALL scenario callers because ISB caps ci-bot + # at 1 active lease at a time (maxLeasesPerUser). Concurrent dispatches + # would 409. Serialise here so each scenario gets a turn. + group: scenario-ci-pool + cancel-in-progress: false permissions: id-token: write diff --git a/.github/workflows/scenario-digital-planning-register.yml b/.github/workflows/scenario-digital-planning-register.yml index 2d990664..4438c66e 100644 --- a/.github/workflows/scenario-digital-planning-register.yml +++ b/.github/workflows/scenario-digital-planning-register.yml @@ -11,8 +11,11 @@ on: workflow_dispatch: concurrency: - group: scenario-digital-planning-register-${{ github.ref }} - cancel-in-progress: true + # Repo-wide group across ALL scenario callers because ISB caps ci-bot + # at 1 active lease at a time (maxLeasesPerUser). Concurrent dispatches + # would 409. Serialise here so each scenario gets a turn. + group: scenario-ci-pool + cancel-in-progress: false permissions: id-token: write diff --git a/.github/workflows/scenario-fixmystreet.yml b/.github/workflows/scenario-fixmystreet.yml index be450d25..2ff0f608 100644 --- a/.github/workflows/scenario-fixmystreet.yml +++ b/.github/workflows/scenario-fixmystreet.yml @@ -11,8 +11,11 @@ on: workflow_dispatch: concurrency: - group: scenario-fixmystreet-${{ github.ref }} - cancel-in-progress: true + # Repo-wide group across ALL scenario callers because ISB caps ci-bot + # at 1 active lease at a time (maxLeasesPerUser). Concurrent dispatches + # would 409. Serialise here so each scenario gets a turn. + group: scenario-ci-pool + cancel-in-progress: false permissions: id-token: write diff --git a/.github/workflows/scenario-foi-redaction.yml b/.github/workflows/scenario-foi-redaction.yml index 1320605b..9b6c3fe4 100644 --- a/.github/workflows/scenario-foi-redaction.yml +++ b/.github/workflows/scenario-foi-redaction.yml @@ -11,8 +11,11 @@ on: workflow_dispatch: concurrency: - group: scenario-foi-redaction-${{ github.ref }} - cancel-in-progress: true + # Repo-wide group across ALL scenario callers because ISB caps ci-bot + # at 1 active lease at a time (maxLeasesPerUser). Concurrent dispatches + # would 409. Serialise here so each scenario gets a turn. + group: scenario-ci-pool + cancel-in-progress: false permissions: id-token: write diff --git a/.github/workflows/scenario-localgov-drupal.yml b/.github/workflows/scenario-localgov-drupal.yml index 4ff15877..9b86f4f8 100644 --- a/.github/workflows/scenario-localgov-drupal.yml +++ b/.github/workflows/scenario-localgov-drupal.yml @@ -11,8 +11,11 @@ on: workflow_dispatch: concurrency: - group: scenario-localgov-drupal-${{ github.ref }} - cancel-in-progress: true + # Repo-wide group across ALL scenario callers because ISB caps ci-bot + # at 1 active lease at a time (maxLeasesPerUser). Concurrent dispatches + # would 409. Serialise here so each scenario gets a turn. + group: scenario-ci-pool + cancel-in-progress: false permissions: id-token: write diff --git a/.github/workflows/scenario-localgov-ims.yml b/.github/workflows/scenario-localgov-ims.yml index 81f90146..9b2e633e 100644 --- a/.github/workflows/scenario-localgov-ims.yml +++ b/.github/workflows/scenario-localgov-ims.yml @@ -11,8 +11,11 @@ on: workflow_dispatch: concurrency: - group: scenario-localgov-ims-${{ github.ref }} - cancel-in-progress: true + # Repo-wide group across ALL scenario callers because ISB caps ci-bot + # at 1 active lease at a time (maxLeasesPerUser). Concurrent dispatches + # would 409. Serialise here so each scenario gets a turn. + group: scenario-ci-pool + cancel-in-progress: false permissions: id-token: write diff --git a/.github/workflows/scenario-minute.yml b/.github/workflows/scenario-minute.yml index e769ee56..d8d66066 100644 --- a/.github/workflows/scenario-minute.yml +++ b/.github/workflows/scenario-minute.yml @@ -11,8 +11,11 @@ on: workflow_dispatch: concurrency: - group: scenario-minute-${{ github.ref }} - cancel-in-progress: true + # Repo-wide group across ALL scenario callers because ISB caps ci-bot + # at 1 active lease at a time (maxLeasesPerUser). Concurrent dispatches + # would 409. Serialise here so each scenario gets a turn. + group: scenario-ci-pool + cancel-in-progress: false permissions: id-token: write diff --git a/.github/workflows/scenario-paperless-ngx.yml b/.github/workflows/scenario-paperless-ngx.yml index de963912..c70e9b99 100644 --- a/.github/workflows/scenario-paperless-ngx.yml +++ b/.github/workflows/scenario-paperless-ngx.yml @@ -11,8 +11,11 @@ on: workflow_dispatch: concurrency: - group: scenario-paperless-ngx-${{ github.ref }} - cancel-in-progress: true + # Repo-wide group across ALL scenario callers because ISB caps ci-bot + # at 1 active lease at a time (maxLeasesPerUser). Concurrent dispatches + # would 409. Serialise here so each scenario gets a turn. + group: scenario-ci-pool + cancel-in-progress: false permissions: id-token: write diff --git a/.github/workflows/scenario-planning-ai.yml b/.github/workflows/scenario-planning-ai.yml index d7e16b26..39c63e8d 100644 --- a/.github/workflows/scenario-planning-ai.yml +++ b/.github/workflows/scenario-planning-ai.yml @@ -11,8 +11,11 @@ on: workflow_dispatch: concurrency: - group: scenario-planning-ai-${{ github.ref }} - cancel-in-progress: true + # Repo-wide group across ALL scenario callers because ISB caps ci-bot + # at 1 active lease at a time (maxLeasesPerUser). Concurrent dispatches + # would 409. Serialise here so each scenario gets a turn. + group: scenario-ci-pool + cancel-in-progress: false permissions: id-token: write diff --git a/.github/workflows/scenario-planx.yml b/.github/workflows/scenario-planx.yml index 9fb85be9..20ecb702 100644 --- a/.github/workflows/scenario-planx.yml +++ b/.github/workflows/scenario-planx.yml @@ -11,8 +11,11 @@ on: workflow_dispatch: concurrency: - group: scenario-planx-${{ github.ref }} - cancel-in-progress: true + # Repo-wide group across ALL scenario callers because ISB caps ci-bot + # at 1 active lease at a time (maxLeasesPerUser). Concurrent dispatches + # would 409. Serialise here so each scenario gets a turn. + group: scenario-ci-pool + cancel-in-progress: false permissions: id-token: write diff --git a/.github/workflows/scenario-quicksight-dashboard.yml b/.github/workflows/scenario-quicksight-dashboard.yml index e2b7f03f..f2217c77 100644 --- a/.github/workflows/scenario-quicksight-dashboard.yml +++ b/.github/workflows/scenario-quicksight-dashboard.yml @@ -11,8 +11,11 @@ on: workflow_dispatch: concurrency: - group: scenario-quicksight-dashboard-${{ github.ref }} - cancel-in-progress: true + # Repo-wide group across ALL scenario callers because ISB caps ci-bot + # at 1 active lease at a time (maxLeasesPerUser). Concurrent dispatches + # would 409. Serialise here so each scenario gets a turn. + group: scenario-ci-pool + cancel-in-progress: false permissions: id-token: write diff --git a/.github/workflows/scenario-simply-readable.yml b/.github/workflows/scenario-simply-readable.yml index 36b4004b..7d3fb839 100644 --- a/.github/workflows/scenario-simply-readable.yml +++ b/.github/workflows/scenario-simply-readable.yml @@ -11,8 +11,11 @@ on: workflow_dispatch: concurrency: - group: scenario-simply-readable-${{ github.ref }} - cancel-in-progress: true + # Repo-wide group across ALL scenario callers because ISB caps ci-bot + # at 1 active lease at a time (maxLeasesPerUser). Concurrent dispatches + # would 409. Serialise here so each scenario gets a turn. + group: scenario-ci-pool + cancel-in-progress: false permissions: id-token: write diff --git a/.github/workflows/scenario-smart-car-park.yml b/.github/workflows/scenario-smart-car-park.yml index b9f38f3c..b2c67fff 100644 --- a/.github/workflows/scenario-smart-car-park.yml +++ b/.github/workflows/scenario-smart-car-park.yml @@ -11,8 +11,11 @@ on: workflow_dispatch: concurrency: - group: scenario-smart-car-park-${{ github.ref }} - cancel-in-progress: true + # Repo-wide group across ALL scenario callers because ISB caps ci-bot + # at 1 active lease at a time (maxLeasesPerUser). Concurrent dispatches + # would 409. Serialise here so each scenario gets a turn. + group: scenario-ci-pool + cancel-in-progress: false permissions: id-token: write diff --git a/.github/workflows/scenario-text-to-speech.yml b/.github/workflows/scenario-text-to-speech.yml index 2136f269..67001a8a 100644 --- a/.github/workflows/scenario-text-to-speech.yml +++ b/.github/workflows/scenario-text-to-speech.yml @@ -11,8 +11,11 @@ on: workflow_dispatch: concurrency: - group: scenario-text-to-speech-${{ github.ref }} - cancel-in-progress: true + # Repo-wide group across ALL scenario callers because ISB caps ci-bot + # at 1 active lease at a time (maxLeasesPerUser). Concurrent dispatches + # would 409. Serialise here so each scenario gets a turn. + group: scenario-ci-pool + cancel-in-progress: false permissions: id-token: write diff --git a/cloudformation/isb-hub-orgmgmt/ci-deploy-role-stackset/template.yaml b/cloudformation/isb-hub-orgmgmt/ci-deploy-role-stackset/template.yaml index f1eb9253..eeb463db 100644 --- a/cloudformation/isb-hub-orgmgmt/ci-deploy-role-stackset/template.yaml +++ b/cloudformation/isb-hub-orgmgmt/ci-deploy-role-stackset/template.yaml @@ -189,6 +189,7 @@ Resources: Action: - 's3:*' - 's3vectors:*' + - 'servicecatalog:*' - 'lambda:*' - 'apigateway:*' - 'dynamodb:*'