Skip to content

[ci] Use macos-latest instead of macos-13 in Rust workflow#16803

Merged
bonigarcia merged 1 commit intotrunkfrom
ci_rust_macos_latest
Dec 28, 2025
Merged

[ci] Use macos-latest instead of macos-13 in Rust workflow#16803
bonigarcia merged 1 commit intotrunkfrom
ci_rust_macos_latest

Conversation

@bonigarcia
Copy link
Member

@bonigarcia bonigarcia commented Dec 28, 2025
edited by qodo-code-review bot
Loading

User description

🔗 Related Issues

The macOS-13 based runner images are now retired. As a result, the rust workflow is not working, e.g.:

https://github.com/SeleniumHQ/selenium/actions/runs/20556482131

💥 What does this PR do?

This PR changes macos-13 by macos-latest in the Rust workflow.

🔧 Implementation Notes

💡 Additional Considerations

🔄 Types of changes

  • Bug fix (backwards compatible)

PR Type

Bug fix

Description

  • Update macOS runner from retired macos-13 to macos-latest

  • Add x86_64-apple-darwin target to Rust toolchain setup

  • Fix CI workflow failures due to deprecated runner image

Diagram Walkthrough

flowchart LR
  A["macos-13 runner<br/>deprecated"] -->|"replace with"| B["macos-latest runner"]
  C["Rust toolchain setup"] -->|"add target"| D["x86_64-apple-darwin"]
  D -->|"alongside"| E["aarch64-apple-darwin"]
Loading

File Walkthrough
Relevant files
Bug fix
ci-rust.yml
Update macOS runner and add x86_64 Rust target                     

.github/workflows/ci-rust.yml

  • Replace deprecated macos-13 runner with macos-latest in two jobs
    (macos-stable and macos-debug)
  • Add rustup target add x86_64-apple-darwin command to Rust toolchain
    setup in both jobs
  • Ensures compatibility with current macOS runner images and supports
    both Intel and Apple Silicon architectures
 +4/-2     

@selenium-ci selenium-ci added the B-build Includes scripting, bazel and CI integrations label Dec 28, 2025
@qodo-code-review
Copy link
Contributor

qodo-code-review bot commented Dec 28, 2025

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
CI supply-chain drift

Description: Using floating runner/toolchain selections (runs-on: macos-latest and rustup update) makes
CI builds non-reproducible and can unexpectedly pick up new images/toolchains that
introduce compromised dependencies or altered build outputs (supply-chain hardening
typically prefers pinning to a specific runner image and Rust toolchain version).
ci-rust.yml [169-216]

Referred Code 
runs-on: macos-latest
needs: tests
if: github.event_name != 'schedule'
env:
  RUSTFLAGS: '-Ctarget-feature=+crt-static'
steps:
  - name: "Checkout project"
    uses: actions/checkout@v4
    with:
      ref: ${{ inputs.branch }}
  - name: "Update Rust"
    run: |
      rustup update
      rustup target add x86_64-apple-darwin
      rustup target add aarch64-apple-darwin
      rustc -vV
  - name: "Build release binary"
    run: |
      cargo build --target x86_64-apple-darwin --release
      cargo build --target aarch64-apple-darwin --release
      lipo -create -output target/selenium-manager-macos \


 ... (clipped 27 lines)
Ticket Compliance
🎫 No ticket provided
  • Create ticket/issue
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
🟢
Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules
Compliance status legend 🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

@qodo-code-review
Copy link
Contributor

qodo-code-review bot commented Dec 28, 2025
edited
Loading

PR Code Suggestions ✨

Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
Possible issue
Set SDKROOT for cross-compilation robustness

Explicitly set the SDKROOT environment variable before the build step to ensure
the linker can find the correct SDK when cross-compiling from ARM to x86_64 on
macOS.

.github/workflows/ci-rust.yml [185-192]

 - name: "Build release binary"
   run: |
+    export SDKROOT=$(xcrun --sdk macosx --show-sdk-path)
     cargo build --target x86_64-apple-darwin --release
     cargo build --target aarch64-apple-darwin --release
     lipo -create -output target/selenium-manager-macos \
       target/aarch64-apple-darwin/release/selenium-manager \
       target/x86_64-apple-darwin/release/selenium-manager
   working-directory: rust

[Suggestion processed]

Suggestion importance[1-10]: 9

__

Why: This suggestion correctly identifies a potential cross-compilation issue on ARM-based macos-latest runners and provides a robust solution by explicitly setting SDKROOT, which is critical for preventing build failures.

High
General
Cache cargo dependencies

Add caching steps for the Cargo registry and Git index after checkout to speed
up subsequent builds by reusing downloaded dependencies.

.github/workflows/ci-rust.yml [175-178]

 - name: "Checkout project"
   uses: actions/checkout@v4
   with:
     ref: ${{ inputs.branch }}
+- name: "Cache Cargo registry"
+  uses: actions/cache@v3
+  with:
+    path: ~/.cargo/registry
+    key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
+- name: "Cache Cargo Git index"
+  uses: actions/cache@v3
+  with:
+    path: ~/.cargo/git
+    key: ${{ runner.os }}-cargo-git-${{ hashFiles('**/Cargo.lock') }}

[To ensure code accuracy, apply this suggestion manually]

Suggestion importance[1-10]: 7

__

Why: This suggestion introduces caching for Cargo dependencies, which is a standard and effective optimization for Rust CI workflows that can significantly reduce build times.

Medium
Enforce locked builds

Add the --locked flag to all cargo build commands to ensure that builds are
reproducible by respecting the Cargo.lock file.

.github/workflows/ci-rust.yml [185-188]

 - name: "Build release binary"
   run: |
-    cargo build --target x86_64-apple-darwin --release
-    cargo build --target aarch64-apple-darwin --release
+    cargo build --locked --target x86_64-apple-darwin --release
+    cargo build --locked --target aarch64-apple-darwin --release
  • Apply / Chat
Suggestion importance[1-10]: 7

__

Why: This suggestion improves build reproducibility by adding the --locked flag, ensuring that the exact dependencies from Cargo.lock are used, which is a best practice for CI environments.

Medium
Use official Rust setup action

Replace the manual rustup commands with the official actions/setup-rust GitHub
Action to simplify toolchain and target management.

.github/workflows/ci-rust.yml [179-184]

-- name: "Update Rust"
-  run: |
-    rustup update
-    rustup target add x86_64-apple-darwin
-    rustup target add aarch64-apple-darwin
-    rustc -vV
+- name: "Setup Rust toolchain"
+  uses: actions/setup-rust@v1
+  with:
+    rust-version: stable
+    components: clippy, rustfmt
+    targets: |
+      x86_64-apple-darwin
+      aarch64-apple-darwin
  • Apply / Chat
Suggestion importance[1-10]: 6

__

Why: This is a good practice suggestion that improves the workflow's maintainability and readability by using the official actions/setup-rust action instead of manual rustup commands.

Low
  • More

@bonigarcia bonigarcia merged commit 59ef15e into trunk Dec 28, 2025
32 checks passed
@bonigarcia bonigarcia deleted the ci_rust_macos_latest branch December 28, 2025 17:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

B-build Includes scripting, bazel and CI integrations Review effort 2/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bonigarcia @selenium-ci