You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
chore: update CI runners and dependencies for macOS and Windows (#505)
BEGIN_COMMIT_OVERRIDE
chore: Update CI runners and dependencies for macOS and Windows
chore: Add arm64 mac builds.
END_COMMIT_OVERRIDE
## Summary
Updates CI infrastructure to fix broken macOS and Windows builds, and
adds dual-architecture macOS release artifacts:
1. **macOS runners**: Replaced deprecated `macos-13` with `macos-15`
across all 8 CI/test workflow files. `macos-13` has been fully removed
from GitHub Actions and was causing all Mac jobs to be cancelled.
2. **Windows OpenSSL**: Updated the chocolatey OpenSSL package from
`3.5.4` to `3.6.1`. The `3.5.4` installer was removed from
slproweb.com's download server (returning 404), causing all Windows CI
jobs to fail.
3. **macOS Boost pin**: Pinned Homebrew Boost to `boost@1.85` on macOS.
The default Boost (1.90) on `macos-15` is incompatible with the vendored
`foxy` library — Boost 1.90 removed several `boost::beast::http::field`
members (`proxy_authentication_info`, `proxy_features`,
`proxy_instruction`) that `foxy` references. A follow-up PR will update
the vendored foxy code and remove the pin.
4. **Dual-architecture macOS release artifacts**: Release workflows
(`release-please.yml`, `manual-sdk-release-artifacts.yml`) now produce
**both x64 and arm64** macOS binaries:
- **x64** artifacts (`mac-clang-x64-*.zip`) built on `macos-15-large`
(Intel)
- **arm64** artifacts (`mac-clang-arm64-*.zip`) built on `macos-15`
(Apple Silicon)
- The `sdk-release` composite action accepts a new `mac_artifact_arch`
input (default: `x64`) to parameterize artifact filenames
- Separate SLSA provenance jobs are included for each architecture (e.g.
`macos-arm64-client-multiple-provenance.intoto.jsonl`)
All 37 CI checks pass (Linux, Windows, macOS).
## Review & Testing Checklist for Human
- [ ] **`macos-15-large` runner availability**: Release workflows now
use `macos-15-large` for x64 macOS builds. This is a paid larger runner
— verify your GitHub org has this runner label configured. **This cannot
be validated by PR CI** since release workflows only trigger on actual
releases.
- [ ] **Release workflow output wiring**: The new arm64 jobs output
`hashes-macos-arm64` which feeds into corresponding provenance jobs.
Verify the output names match between the release and provenance jobs in
both `release-please.yml` and `manual-sdk-release-artifacts.yml` — these
paths are only exercised during real releases.
- [ ] **Boost pin expiration**: `boost@1.85` is marked deprecated in
Homebrew and will be disabled on **2026-04-05**. A follow-up PR to
update the vendored `foxy` library and unpin Boost must be completed
before that date.
**Suggested test plan**: After merging, trigger a manual release
artifact build via `manual-sdk-release-artifacts.yml` to validate that
both `macos-15-large` (x64) and `macos-15` (arm64) jobs succeed and
produce correctly-named artifacts with provenance.
### Notes
- Requested by: @kinyoklion
- [Link to Devin
Session](https://app.devin.ai/sessions/20776de6453c4e8baa2e4486dfe9aaba)
- Follow-up needed: update vendored `foxy` for Boost 1.90 compatibility
and remove the `boost@1.85` pin before 2026-04-05.
- OpenSSL 3.6.1 compatibility verified: SDK uses only stable OpenSSL
APIs (SHA256/SHA1, Boost.Asio SSL, curl TLS options) with guaranteed ABI
compatibility across OpenSSL 3.x minor versions. All Windows CI jobs
pass.
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> CI-only changes, but switching macOS runners (and thus
architecture/toolchain) and pinning core crypto/build dependencies can
affect build outputs and release artifacts.
>
> **Overview**
> Updates GitHub Actions CI/release workflows to run on `macos-15`
instead of the removed `macos-13`, including smoketests and release
artifact builds.
>
> Adjusts dependency installation to keep builds green on the new
runners: pins macOS Homebrew Boost to `boost@1.85` and bumps the Windows
Chocolatey OpenSSL package from `3.5.4` to `3.6.1`.
>
> Adds dual-architecture macOS release artifact support: x64 builds on
`macos-15-large` and arm64 builds on `macos-15`.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
d0b80a8. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
---------
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
0 commit comments