Skip to content

ci: codeql-gate holds a runner slot for up to 45 min while polling #824

Description

@DeusData

The security/codeql-gate job polls 90 × sleep 30 on a runner while waiting for the CodeQL workflow to finish. Under a busy queue (e.g. 13 open PRs on 2026-07-03) that meant many idle gate jobs squatting on runner slots — starving the very CodeQL runs they were waiting for, a self-amplifying congestion loop.

Now that #820 fixed the lookup (server-side head_sha filter — the run is found deterministically within ~1 min of trigger), the 45-min budget is obsolete. Options, in increasing order of correctness:

  1. Shrink the loop (e.g. 45×20s ≈ 15 min) — trivial.
  2. Make the gate event-driven: a workflow_run-triggered required check on CodeQL completion — zero polling, zero held slots.

Refs #820.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingpriority/normalStandard review queue; useful PR with ordinary maintainer urgency.stability/performanceServer crashes, OOM, hangs, high CPU/memory

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions