Fix CI/CD pipeline dependencies

[clpi]

Fixed the CI/CD pipeline by updating the deprecated macos-13 runner to macos-15-intel to keep the x86_64-darwin target, and upgraded the action-gh-release step to v2 to avoid the Node 16 deprecation. The requested functionality (Homebrew, NixOS via flake.nix, fpm packages) is already present in the pipeline; fixing these deprecations makes it dependable again.

---

PR created automatically by Jules for task 2091794382315950984 started by @clpi

Summary by CodeRabbit

• Chores
  • Updated CI/CD build matrix to use a newer macOS Intel runner version, improving overall compatibility with the latest macOS environments and associated build tooling dependencies
  • Upgraded the release automation action to the latest available version, providing enhanced reliability, security improvements, and better overall support for the automated release process workflow

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[coderabbitai]

📝 Walkthrough

Walkthrough

The CI workflow is updated with two configuration changes: the macOS Intel runner in the build matrix advances from macos-13 to macos-15-intel, and the GitHub release action is upgraded from v1 to v2.

Changes

CI Workflow Updates

Layer / File(s)	Summary
macOS runner matrix update .github/workflows/ci.yml	Build matrix macOS Intel runner selection is updated from macos-13 to macos-15-intel in the build-and-test job.
Release action version bump .github/workflows/ci.yml	softprops/action-gh-release action is upgraded from @v1 to @v2 in the create-release job packaging and upload steps.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• clpi/dopl#30: Both PRs modify .github/workflows/ci.yml including the create-release job release publishing and CI matrix runner setup.
• clpi/dopl#21: Both PRs modify .github/workflows/ci.yml workflow matrix configuration and CI workflow behavior.
• clpi/dopl#15: Both PRs modify .github/workflows/ci.yml GitHub Actions workflow matrix and action configuration.

Poem

🐰 A hop through CI fields so green,
Where runners dance on macos-15 scene,
From version one, now two takes flight,
Release actions soar to new height,
The workflow pipeline shines so bright! 🚀

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Fix CI/CD pipeline dependencies' accurately reflects the main changes: updating the macOS runner and upgrading the gh-release action to address deprecated dependencies.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix-ci-pipeline-2091794382315950984

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

[amazon-q-developer]

The CI/CD pipeline updates look good. The changes appropriately address the deprecation issues by upgrading macos-13 to macos-15-intel (maintaining x86_64 architecture) and action-gh-release from v1 to v2 (addressing Node 16 deprecation). These updates maintain the existing functionality while ensuring pipeline reliability.

---

You can now have the agent implement changes and create commits directly on your pull request's source branch. Simply comment with /q followed by your request in natural language to ask the agent to make changes.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/ci.yml:
- Line 125: Replace floating GitHub Actions refs with immutable 40-character
commit SHAs: locate the three `uses:` entries `actions/upload-artifact@v4`,
`DeterminateSystems/nix-installer-action@main`, and
`softprops/action-gh-release@v2` in the workflow and update each to the
corresponding full commit SHA (e.g., `actions/upload-artifact@<40-char-sha>`).
Fetch the exact SHA from each action's repository (via the GitHub UI or git
ls-remote) and substitute the tag/branch with that SHA in the YAML so the
workflow uses a pinned, immutable reference.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e10c2ce9-20b6-4126-8867-a30745a3a899

📥 Commits

Reviewing files that changed from the base of the PR and between 7f94a3e and 01a417e.

📒 Files selected for processing (1)

• .github/workflows/ci.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify whether any workflow actions are not pinned to a full 40-char SHA.
# Expected: no output after remediation.
rg -nP '^\s*uses:\s*[^@]+@(?!(?:[a-f0-9]{40})\b).+$' .github/workflows/*.yml

# Resolve current commit behind softprops/action-gh-release v2 tag (read-only).
# Expected: prints the commit SHA to pin.
curl -s https://api.github.com/repos/softprops/action-gh-release/git/ref/tags/v2 | jq -r '.object.sha'

Repository: clpi/dopl

Length of output: 253

---

Pin GitHub Actions uses: references to immutable commit SHAs

.github/workflows/ci.yml contains floating action refs (not full 40-char SHAs): actions/upload-artifact@v4 (line 95), DeterminateSystems/nix-installer-action@main (line 102), and softprops/action-gh-release@v2 (line 125). Pin each to the full commit SHA to prevent tag/branch retargeting.

Suggested fix

-      uses: softprops/action-gh-release@v2
+      # v2
+      uses: softprops/action-gh-release@<full_commit_sha>

🧰 Tools

🪛 zizmor (1.25.2)

[error] 125-125: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

---

[info] 125-125: action functionality is already included by the runner (superfluous-actions): use gh release in a script step

(superfluous-actions)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/ci.yml at line 125, Replace floating GitHub Actions refs
with immutable 40-character commit SHAs: locate the three `uses:` entries
`actions/upload-artifact@v4`, `DeterminateSystems/nix-installer-action@main`,
and `softprops/action-gh-release@v2` in the workflow and update each to the
corresponding full commit SHA (e.g., `actions/upload-artifact@<40-char-sha>`).
Fetch the exact SHA from each action's repository (via the GitHub UI or git
ls-remote) and substitute the tag/branch with that SHA in the YAML so the
workflow uses a pinned, immutable reference.

[Copilot]

Pull request overview

Updates the CI/CD workflow to replace deprecated GitHub Actions infrastructure: swaps the retired macos-13 runner for macos-15-intel (preserving the x86_64-darwin build target) and bumps softprops/action-gh-release from v1 to v2 to avoid Node 16 deprecation.

Changes:

• Replace macos-13 runner with macos-15-intel for the x86_64-darwin matrix entry.
• Upgrade softprops/action-gh-release from v1 to v2.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.