Skip to content

Commit 3a884df

Browse files
ci: set xcode sdk version when building dylib (#16466)
The Coder Desktop app might not be able to load the dylib because the hardened runtime version is different. Right now, without manually selecting an XCode version, the dylib is built with hardened runtime version `14.5`. The macOS app is built with XCode 16 SDK, which uses version `15.0`. Even if this isn't an issue, I think it's preferable to select a specific xcode version here to avoid things breaking from under us.
1 parent f45277a commit 3a884df

File tree

2 files changed

+12
-10
lines changed

2 files changed

+12
-10
lines changed

.github/workflows/ci.yaml

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -940,11 +940,7 @@ jobs:
940940
if: needs.changes.outputs.go == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
941941
runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest' }}
942942
steps:
943-
- name: Harden Runner
944-
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
945-
with:
946-
egress-policy: audit
947-
943+
# Harden Runner doesn't work on macOS
948944
- name: Checkout
949945
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
950946
with:
@@ -957,6 +953,11 @@ jobs:
957953
echo "$(brew --prefix gnu-getopt)/bin" >> $GITHUB_PATH
958954
echo "$(brew --prefix make)/libexec/gnubin" >> $GITHUB_PATH
959955
956+
- name: Switch XCode Version
957+
uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
958+
with:
959+
xcode-version: "16.0.0"
960+
960961
- name: Setup Go
961962
uses: ./.github/actions/setup-go
962963

.github/workflows/release.yaml

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -36,11 +36,7 @@ jobs:
3636
build-dylib:
3737
runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest' }}
3838
steps:
39-
- name: Harden Runner
40-
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
41-
with:
42-
egress-policy: audit
43-
39+
# Harden Runner doesn't work on macOS.
4440
- name: Checkout
4541
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
4642
with:
@@ -61,6 +57,11 @@ jobs:
6157
echo "$(brew --prefix gnu-getopt)/bin" >> $GITHUB_PATH
6258
echo "$(brew --prefix make)/libexec/gnubin" >> $GITHUB_PATH
6359
60+
- name: Switch XCode Version
61+
uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
62+
with:
63+
xcode-version: "16.0.0"
64+
6465
- name: Setup Go
6566
uses: ./.github/actions/setup-go
6667

0 commit comments

Comments
 (0)