Skip to main content

no-invalid-concurrency-context

Rule catalog ID: R042

Targeted pattern scopeโ€‹

GitHub Actions workflow YAML files that define workflow-level concurrency or jobs.<job_id>.concurrency expressions.

What this rule reportsโ€‹

This rule reports concurrency expressions that reference contexts GitHub does not allow at that location.

  • Top-level concurrency may only reference github, inputs, and vars
  • Job-level concurrency may only reference github, needs, strategy, matrix, inputs, and vars

Why this rule existsโ€‹

Concurrency is evaluated before steps run, so step-only and runner-time contexts such as steps, secrets, env, job, or runner are not available there. Using unsupported contexts makes concurrency groups invalid and can break workflow scheduling behavior.

โŒ Incorrectโ€‹

concurrency:
  group: deploy-${{ secrets.ENVIRONMENT }}
  cancel-in-progress: true

jobs:
  deploy:
    runs-on: ubuntu-latest
    concurrency:
      group: deploy-${{ steps.meta.outputs.lock }}
    steps:
      - id: meta
        run: echo "lock=prod" >> "$GITHUB_OUTPUT"

โœ… Correctโ€‹

on:
  workflow_dispatch:
    inputs:
      environment:
        description: Deployment target
        required: true
        type: string

concurrency:
  group: deploy-${{ github.workflow }}-${{ inputs.environment }}
  cancel-in-progress: true

jobs:
  build:
    runs-on: ubuntu-latest
    outputs:
      lock: ${{ steps.meta.outputs.lock }}
    steps:
      - id: meta
        run: echo "lock=prod" >> "$GITHUB_OUTPUT"

  deploy:
    needs: build
    runs-on: ubuntu-latest
    concurrency:
      group: deploy-${{ needs.build.outputs.lock }}
      cancel-in-progress: ${{ inputs.environment == 'prod' }}
    steps:
      - run: echo "Deploying"

Additional examplesโ€‹

For larger repositories, this rule is often enabled together with one of the published presets so violations are caught in pull requests before workflow changes are merged.

ESLint flat config exampleโ€‹

import githubActions from "eslint-plugin-github-actions-2";

export default [
  {
    files: ["**/*.{yml,yaml}"],
    plugins: {
      "github-actions": githubActions,
    },
    rules: {
      "github-actions/no-invalid-concurrency-context": "error",
    },
  },
];

When not to use itโ€‹

You can disable this rule when its policy does not match your repository standards, or when equivalent enforcement is already handled by another policy tool.

Further readingโ€‹