ci(workflow): Update runner images#3357
Conversation
1b096d1 to
e85c426
Compare
Bump pinned GitHub-hosted runner labels to the newest GA images from actions/runner-images. Use the x86_64 Homebrew command under Rosetta to fetch the Tahoe OpenSSL bottle for the macOS 26 jobs. Ref #3356
e85c426 to
9114bc6
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Want reviews to match your repository better? Bugbot Learning can learn team-specific rules from PR activity. A team admin can enable Learning in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 9114bc6. Configure here.
| if: matrix.arch == 'x86_64' && steps.cache-openssl-x86.outputs.cache-hit != 'true' | ||
| run: | | ||
| brew fetch --bottle-tag=sonoma openssl@3 | ||
| arch -x86_64 brew fetch --bottle-tag=tahoe openssl@3 |
There was a problem hiding this comment.
Stale OpenSSL cache after tag
Medium Severity
The x86_64 OpenSSL download now uses arch -x86_64 and --bottle-tag=tahoe, but the actions/cache key is still openssl-x86_64-${{ runner.os }}-${{ steps.cache-date.outputs.month }}. A cache hit skips the new fetch and restores libraries from the old sonoma/native brew path, which can be the wrong architecture or macOS bottle for macos-26 cross-compiles.
Additional Locations (2)
Reviewed by Cursor Bugbot for commit 9114bc6. Configure here.
There was a problem hiding this comment.
There is no cache hit on this PR, so I don't think this is relevant


Bump pinned GitHub-hosted runner labels to the newest GA images from actions/runner-images.
This updates Windows jobs to windows-2025 and macOS jobs to macos-26 while keeping Ubuntu on 24.04, which is still the newest GA Ubuntu label.
Ref #3356