ci: update workflows (checkout v6, recursive submodules), mbedTLS v4 compatibility, Windows fix#3529
Conversation
.github/workflows/ci.yml
Outdated
| pull_request: | ||
|
|
||
| env: | ||
| LUA_VERSION: "5.4" |
There was a problem hiding this comment.
Please remove all hardcoded Lua versions from all workflow. Let the system to choose the right version. I think it's a good feedback if we need to align that in the code (and the build system).
There was a problem hiding this comment.
Note here, we already fixed the Lua version issue in #3525.
There was a problem hiding this comment.
Should the Lua version be selected dynamically by the system going forward, or do we want to keep a fixed version (at least for certain environments like Linux)?
There was a problem hiding this comment.
I think we should let the system to choose the right version. Usually, macOS uses the recent releases, which is good, because we can get notification about that.
If we use a fixed version, then we can forget to update the code.
There was a problem hiding this comment.
macOS now follows the previous behavior (using the default system setup), while Linux has been updated to dynamically detect and use the currently available Lua version.
This should give us more flexibility on Linux while keeping macOS stable and aligned with its typical environment.
Updated CI workflow to dynamically detect and install the latest Lua development package instead of using a fixed version.
There was a problem hiding this comment.
Pull request overview
Updates the GitHub Actions CI workflows to align job structure/behavior across OSes, adjust dependency installation (notably Lua), and fetch submodules recursively.
Changes:
- Added Lua package auto-detection on Linux and adjusted dependency install lists (including Python tooling).
- Updated checkout configuration to use recursive submodules and changed the referenced
actions/checkoutmajor version. - Tweaked workflow matrices/strategy settings (e.g.,
fail-fast: false) and removed GeoIP-related CI steps.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 9 comments.
| File | Description |
|---|---|
| .github/workflows/ci_new.yml | Updates the “new” CI workflow: Linux/macOS/Windows jobs, Lua detection, dependency installs, recursive submodules, and cppcheck jobs. |
| .github/workflows/ci.yml | Aligns the primary CI workflow with the new structure: Lua detection, dependency updates, recursive submodules, and fail-fast behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -56,8 +81,9 @@ jobs: | |||
| libpcre3-dev \ | |||
There was a problem hiding this comment.
libpcre3-dev is installed on the Ubuntu 24.04 runner, but Ubuntu 24.04 no longer ships PCRE1 development packages by default (CI will fail during apt-get install). Consider dropping the --with-pcre variant on 24.04, building PCRE1 from source, or switching the matrix to PCRE2-only on 24.04.
| libpcre3-dev \ |
.github/workflows/ci_new.yml
Outdated
| bison \ | ||
| flex | ||
| flex \ | ||
| python3 |
There was a problem hiding this comment.
PR description references integrating #3524 (pin Lua to 5.4 on macOS), but this job installs whatever brew install lua currently resolves to. If Lua 5.5+ is still incompatible, please pin the formula/version explicitly (or add a setup step that selects Lua 5.4) to keep macOS CI deterministic.
.github/workflows/ci.yml
Outdated
| brew install autoconf \ | ||
| automake \ | ||
| libtool \ | ||
| cppcheck | ||
| - uses: actions/checkout@v4 | ||
| cppcheck \ | ||
| python3 |
There was a problem hiding this comment.
Homebrew generally provides the python formula (which installs the python3 binary) rather than a python3 formula. brew install python3 is likely to fail; use brew install python (or omit this if the runner image already includes a suitable Python).
.github/workflows/ci_new.yml
Outdated
| - name: Install cppcheck | ||
| run: | | ||
| brew install autoconf automake libtool cppcheck libmaxminddb yajl lua lmdb ssdeep | ||
| brew install autoconf automake libtool cppcheck libmaxminddb yajl lua lmdb ssdeep python3 |
There was a problem hiding this comment.
Homebrew generally provides the python formula (which installs the python3 binary) rather than a python3 formula. brew install python3 is likely to fail; use brew install python (or omit this if the runner image already includes a suitable Python).
| brew install autoconf automake libtool cppcheck libmaxminddb yajl lua lmdb ssdeep python3 | |
| brew install autoconf automake libtool cppcheck libmaxminddb yajl lua lmdb ssdeep python |
.github/workflows/ci_new.yml
Outdated
| bison \ | ||
| flex | ||
| flex \ | ||
| python3 |
There was a problem hiding this comment.
Homebrew generally provides the python formula (which installs the python3 binary) rather than a python3 formula. brew install python3 is likely to fail; use brew install python (or omit this if the runner image already includes a suitable Python).
| python3 | |
| python |
| CANDIDATES="$(apt-cache pkgnames | grep -E '^liblua[0-9]+\.[0-9]+-dev$' || true)" | ||
|
|
||
| if [ -z "$CANDIDATES" ]; then | ||
| echo "No libluaX.Y-dev package found" | ||
| exit 1 |
There was a problem hiding this comment.
This step selects the highest available libluaX.Y-dev at runtime, which makes CI non-reproducible across time and can silently jump to an unsupported Lua version. Consider pinning to the known-supported Lua version(s) (especially since #3524 was introduced to avoid unexpected Lua upgrades on macOS).
.github/workflows/ci.yml
Outdated
| flex | ||
| - uses: actions/checkout@v4 | ||
| flex \ | ||
| python3 |
There was a problem hiding this comment.
Homebrew generally provides the python formula (which installs the python3 binary) rather than a python3 formula. brew install python3 is likely to fail; use brew install python (or omit this if the runner image already includes a suitable Python).
| python3 | |
| python |
.github/workflows/ci.yml
Outdated
| ssdeep \ | ||
| pcre \ | ||
| bison \ | ||
| flex | ||
| - uses: actions/checkout@v4 | ||
| flex \ | ||
| python3 |
There was a problem hiding this comment.
PR description references integrating #3524 (pin Lua to 5.4 on macOS), but this job installs whatever brew install lua currently resolves to. If Lua 5.5+ is still incompatible, please pin the formula/version explicitly (or add a setup step that selects Lua 5.4) to keep macOS CI deterministic.
|
|
||
| on: | ||
| push: | ||
| pull_request: | ||
|
|
||
There was a problem hiding this comment.
PR title/description mention mbedTLS v4 compatibility changes, but this PR appears to only modify CI workflows. If mbedTLS-related build/config changes are expected, they may be missing from this PR (or the title/description should be adjusted to match the actual scope).
|
please consider to approve Copilot suggestions'. I think none of them are exactly true (especially this one: |
Removed python3 from the installation steps in the CI workflow.
Removed python3 from the installation list in CI workflow.
|
|
Thanks for the suggestion! This is not strictly required, as Python 3 is already available in the environment, so no additional installation is needed. Therefore, I have removed the installation entirely. |
what
ci_new.ymlfrom PR fix(ci): pin Lua version on 5.4 #3524ci.ymland aligned it with the new workflow structureactions/checkoutfrom v4 to v6submodules: truetorecursivewhy
ci.ymlwas not fully compatible with these updatesactions/checkout@v6is the newer and recommended versionrecursiveensures all submodules are properly fetchedreferences