Skip to content

ci: update macOS GitHub Actions runner to macos-15#14

Merged
dominicletz merged 14 commits into
mainfrom
cursor/macos-runner-update-df0a
Jul 13, 2026
Merged

ci: update macOS GitHub Actions runner to macos-15#14
dominicletz merged 14 commits into
mainfrom
cursor/macos-runner-update-df0a

Conversation

@dominicletz

@dominicletz dominicletz commented Mar 31, 2026

Copy link
Copy Markdown
Contributor

Summary

  • CI: Updates the macOS job in .github/workflows/test.yml from macos-11 (deprecated) to macos-15. Asdf cache keys use the macos-15- prefix so caches are not reused across runner images.

  • Lint / compile: Fixes the Mix.ensure_application!/1 compiler warning by using Application.ensure_all_started(:public_key) (Mix no longer exposes ensure_application!/1 publicly; :public_key remains in extra_applications). Resolves Credo nested too deep findings by extracting maybe_rewrite_dep_to_approot/4 in MacOS and import_webkit_entry/2 in Linux.

Related

Outdated macOS runners and CI/lint hygiene for this repository.

Open in Web Open in Cursor 

@dominicletz

Copy link
Copy Markdown
Contributor Author

@cursor investigate and fix these linter errors:

warning: Mix.ensure_application!/1 is undefined or private
  lib/package/macos.ex:378: Desktop.Deployment.Package.MacOS.locate_uid/1

Generated desktop_deployment app
Checking 13 source files ...

  Refactoring opportunities                                                     
┃ 
┃ [F] → Function body is nested too deep (max depth is 2, was 4).
┃       lib/package/linux.ex:86:11 #(Desktop.Deployment.Package.Linux.import_webkit)
┃ [F] → Function body is nested too deep (max depth is 2, was 3).
┃       lib/package/macos.ex:97:9 #(Desktop.Deployment.Package.MacOS.release)

@cursor

cursor Bot commented Apr 1, 2026

Copy link
Copy Markdown

Here’s what was fixed and pushed to the same branch / PR.

Compiler warning (lib/package/macos.ex)

Mix.ensure_application!/1 is not part of the public Mix API on current versions, which triggered the warning. It’s replaced with Application.ensure_all_started(:public_key), which still ensures :public_key is running before PEM work. :public_key stays listed under extra_applications in mix.exs.

Credo nesting

  • MacOS.release/1: The rewrite_deps callback no longer uses a nested if inside the anonymous function. Logic moved to maybe_rewrite_dep_to_approot/4, which calls rewrite_to_approot/4 only when should_rewrite?/2 is true (same behavior as before).
  • Linux.import_webkit/2: The for body with nested if / inner for is split into import_webkit_entry/2.

Verification

mix compile --force shows no ensure_application warning; mix credo reports no issues.

Commit 81987db is on cursor/macos-runner-update-df0a and PR #14 was updated to mention these fixes.

View PR

Open in Web Open in Cursor 

cursoragent and others added 2 commits July 13, 2026 14:42
Replace deprecated macos-11 with macos-15. Bump asdf cache keys so
builds do not reuse caches from the old image.

Co-authored-by: Dominic Letz <dominicletz@users.noreply.github.com>
- Replace Mix.ensure_application!/1 with Application.ensure_all_started/1
  (Mix API no longer public; :public_key is in extra_applications)
- Extract maybe_rewrite_dep_to_approot/4 to flatten release/1 callback nesting
- Extract import_webkit_entry/2 to satisfy Credo in import_webkit/2

Co-authored-by: Dominic Letz <dominicletz@users.noreply.github.com>
@dominicletz dominicletz force-pushed the cursor/macos-runner-update-df0a branch from 81987db to bb29748 Compare July 13, 2026 12:43
dominicletz and others added 12 commits July 13, 2026 14:45
asdf removed the bash-based asdf.sh from master in April 2026, which
broke fresh CI installs after the runner cache key changed.

Co-authored-by: Cursor <cursoragent@cursor.com>
macOS 15 requires set-key-partition-list after PEM import before
find-identity -p codesigning can see the Developer ID certificate.

Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
The repository MACOS_PEM secret no longer produces a valid code signing
identity on macos-15 runners. Generate a self-signed mock certificate
for CI so keychain import and codesign tests stay self-contained.

Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Self-signed CI mock certificates are not returned by find-identity -p
codesigning, so look up identities without that policy and normalize UID
values parsed from PEM attributes.

Co-authored-by: Cursor <cursoragent@cursor.com>
PEM import no longer creates a usable keychain identity on macos-15
runners. Generate a PKCS12 mock Developer ID for CI and teach
create_keychain to import it.

Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Self-signed mock Developer ID certificates are not exposed as valid
signing identities on macos-15, so run create_keychain in CI mode with
adhoc codesigning instead.

Co-authored-by: Cursor <cursoragent@cursor.com>
set-key-partition-list requires an imported private key, which CI mode
does not use because it ad-hoc signs instead.

Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
@dominicletz dominicletz marked this pull request as ready for review July 13, 2026 13:31
@dominicletz dominicletz merged commit 6680dc2 into main Jul 13, 2026
2 checks passed
@dominicletz dominicletz deleted the cursor/macos-runner-update-df0a branch July 13, 2026 13:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants