CI: update action SHAs across workflows and remove version input

[leynos]

Summary

• Update GitHub Actions SHAs across CI workflows and packaging steps
• Remove unused version input from packaging steps to fix macOS CI resolution error
• Ensure packaging artifacts are produced with updated actions across all platforms

Changes

CI Workflow

• In .github/workflows/build-and-package.yml, updated action SHAs for packaging and build steps:
  • Build release binary: to leynos/shared-actions/.github/actions/rust-build-release@7f4cc57326d14b55f7eea300e0454653636fb6a1
  • Linux artefacts packaging: to leynos/shared-actions/.github/actions/linux-packages@7f4cc57326d14b55f7eea300e0454653636fb6a1
  • Stage release artefacts: to leynos/shared-actions/.github/actions/stage-release-artefacts@7f4cc57326d14b55f7eea300e0454653636fb6a1
  • Windows installer packaging: to leynos/shared-actions/.github/actions/windows-package@7f4cc57326d14b55f7eea300e0454653636fb6a1
  • macOS installer packaging: to leynos/shared-actions/.github/actions/macos-package@7f4cc57326d14b55f7eea300e0454653636fb6a1
• All packaging steps now pass only target and bin-name (no version input)

CI Workflow (Other files)

• In .github/workflows/ci.yml, updated action SHAs:
  • Setup Rust: to 7f4cc57326d14b55f7eea300e0454653636fb6a1
  • Generate coverage: to 7f4cc57326d14b55f7eea300e0454653636fb6a1
  • Upload codescene coverage: to 7f4cc57326d14b55f7eea300e0454653636fb6a1
• In .github/workflows/netsukefile-test.yml, updated Setup Rust action to 7f4cc57326d14b55f7eea300e0454653636fb6a1

Release workflow

• In .github/workflows/release.yml, updated SHAs for release-related actions:
  • Determine release modes: to 7f4cc57326d14b55f7eea300e0454653636fb6a1
  • Ensure cargo version: to 7f4cc57326d14b55f7eea300e0454653636fb6a1
  • Export cargo metadata: to 7f4cc57326d14b55f7eea300e0454653636fb6a1
  • Upload release assets: to 7f4cc57326d14b55f7eea300e0454653636fb6a1
• Packaging-related steps updated accordingly, with matching new SHAs

Other affected files

• The updates above cover all packaging and CI-related actions referenced in the diff:
  • .github/workflows/ci.yml
  • .github/workflows/netsukefile-test.yml
  • .github/workflows/build-and-package.yml
  • .github/workflows/release.yml

Rationale

• The version input was not defined in workflow inputs and caused failures on macOS runners. Updating to newer SHAs across CI actions standardizes behavior and stabilizes packaging across platforms. If a version is required later, it can be derived from tags/commit or re-added with a defined input.

Testing

• Trigger macOS workflow; verify the build completes without input errors
• Confirm packaging artifacts are produced for macOS as expected
• Check logs for absence of "version" input resolution errors

Notes

• If a version is required later, re-add a defined input or derive the version from tags/commit

🌿 Generated by Terry

---

ℹ️ Tag @terragon-labs to ask questions and address PR feedback

📎 Task: https://www.terragonlabs.com/task/b250b875-ee37-44cd-bfc6-6a4b7f1b85f5

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

This PR refreshes pinned SHAs for all custom leynos/shared-actions GitHub Actions used in CI, build, packaging, and release workflows, and simplifies the build-and-package workflow by removing an unused version input from the Rust build and packaging steps that was causing macOS input resolution errors.

File-Level Changes

Change	Details	Files
Update shared leynos GitHub Action SHAs across CI, build, and release workflows to a new pinned commit.	Bump rust-build-release, linux-packages, stage-release-artefacts, windows-package, and macos-package actions in the build-and-package workflow to the new shared-actions commit. Update determine-release-modes, ensure-cargo-version, export-cargo-metadata, and upload-release-assets actions in the release workflow to the new shared-actions commit. Update setup-rust, generate-coverage, and upload-codescene-coverage actions in the main CI workflow to the new shared-actions commit. Update setup-rust action in the netsukefile-test CI workflow to the new shared-actions commit.	.github/workflows/build-and-package.yml .github/workflows/release.yml .github/workflows/ci.yml .github/workflows/netsukefile-test.yml
Remove unused version input from build-and-package workflow packaging steps to fix macOS workflow failures.	Drop the version input passed to the rust-build-release action so only target and bin-name are provided. Rely on internal logic or other workflow steps (e.g., release.yml ensure-cargo-version) for version determination instead of passing it through build-and-package.	.github/workflows/build-and-package.yml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

Walkthrough

Update GitHub Actions commit references across four workflow files to newer commits. Changes include bumping versions for Rust setup, build, packaging, and release automation actions. No functional logic or workflow structure modifications.

Changes

Cohort / File(s)	Summary
Workflow Action Reference Updates \.github/workflows/build-and-package.yml, ci.yml, netsukefile-test.yml, release.yml	Updated GitHub Actions to newer commit SHAs across build, test, and release workflows. Affects Rust setup, package building, coverage generation, and release asset handling. No control flow or parameter changes.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

GitHub Actions get a polish bright ✨
Commit hashes swapped for version flight,
Build and release pipelines stay on track,
No logic changed—just bumping back! 🚀

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly summarises the main changes: updating GitHub Actions SHAs across workflows and removing a version input from packaging steps.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The PR description precisely aligns with the changeset, detailing updates to GitHub Actions SHAs across four workflow files and the removal of an unused version input to resolve macOS CI errors.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch terragon/fix-macos-build-executable-error-gx0nmv

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sourcery-ai]

Hey - I've left some high level feedback:

• The PR description mentions updating actions to SHA bd92b1e6..., but the workflows are actually pinned to 7f4cc573...; consider aligning the description and any internal references with the actual SHAs being used to avoid confusion when debugging CI later.
• Since all shared actions are now pinned to the same commit SHA (7f4cc573...), it may be helpful to add a brief comment or reference to the corresponding shared-actions version/tag in one place (e.g., at the top of each workflow) so future updates can be done consistently and intentionally.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The PR description mentions updating actions to SHA `bd92b1e6...`, but the workflows are actually pinned to `7f4cc573...`; consider aligning the description and any internal references with the actual SHAs being used to avoid confusion when debugging CI later.
- Since all shared actions are now pinned to the same commit SHA (`7f4cc573...`), it may be helpful to add a brief comment or reference to the corresponding shared-actions version/tag in one place (e.g., at the top of each workflow) so future updates can be done consistently and intentionally.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[leynos]

@coderabbitai Have the following now been resolved?

The PR description mentions updating actions to SHA bd92b1e6..., but the workflows are actually pinned to 7f4cc573...; consider aligning the description and any internal references with the actual SHAs being used to avoid confusion when debugging CI later.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check the actual SHAs used in all workflow files mentioned in the PR
echo "=== Checking build-and-package.yml ==="
rg 'leynos/shared-actions@' .github/workflows/build-and-package.yml

echo ""
echo "=== Checking ci.yml ==="
rg 'leynos/shared-actions@' .github/workflows/ci.yml

echo ""
echo "=== Checking netsukefile-test.yml ==="
rg 'leynos/shared-actions@' .github/workflows/netsukefile-test.yml

echo ""
echo "=== Checking release.yml ==="
rg 'leynos/shared-actions@' .github/workflows/release.yml

echo ""
echo "=== Summary: All unique SHAs found ==="
rg 'leynos/shared-actions@' .github/workflows/ -o | sort -u

Length of output: 172

---

🏁 Script executed:

#!/bin/bash
# First, confirm the workflow files exist
echo "=== Listing workflow files ==="
fd . .github/workflows/

echo ""
echo "=== Checking if build-and-package.yml exists and its content ==="
if [ -f .github/workflows/build-and-package.yml ]; then
    cat .github/workflows/build-and-package.yml
else
    echo "File not found"
fi

Length of output: 7692

---

🏁 Script executed:

#!/bin/bash
echo "=== Checking ci.yml ==="
cat .github/workflows/ci.yml | grep -A2 -B2 'leynos/shared-actions'

echo ""
echo "=== Checking netsukefile-test.yml ==="
cat .github/workflows/netsukefile-test.yml | grep -A2 -B2 'leynos/shared-actions'

echo ""
echo "=== Checking release.yml ==="
cat .github/workflows/release.yml | grep -A2 -B2 'leynos/shared-actions'

Length of output: 2106

---

@leynos, no, the discrepancy has not been resolved. All workflow files currently use SHA 7f4cc57326d14b55f7eea300e0454653636fb6a1, not bd92b1e6f7c9aad2c671197f64faae0fae820325 as stated in the PR description.

Current state:

• .github/workflows/build-and-package.yml: uses 7f4cc573... (5 action references)
• .github/workflows/ci.yml: uses 7f4cc573... (3 action references)
• .github/workflows/netsukefile-test.yml: uses 7f4cc573... (1 action reference)
• .github/workflows/release.yml: uses 7f4cc573... (4 action references)

Recommendation:
Align the PR description with the actual SHA being used (7f4cc573...), or if bd92b1e6... is the intended target, update all workflow files to use that SHA instead.

[leynos]

@coderabbitai can you make the necessary changes to the PR description?

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

@leynos, I'll update the PR description to reflect the actual SHA being used in the workflows.

---

🏁 Script executed:

#!/bin/bash
# Fetch the current PR description
echo "=== Current PR description ==="
gh pr view 257 --json body -q .body > /tmp/current_body.txt
cat /tmp/current_body.txt

echo ""
echo "=== Updated PR description ==="
# Replace the incorrect SHA with the correct one
sed 's/bd92b1e6f7c9aad2c671197f64faae0fae820325/7f4cc57326d14b55f7eea300e0454653636fb6a1/g' /tmp/current_body.txt > /tmp/updated_body.txt
cat /tmp/updated_body.txt

echo ""
echo "=== Updating PR description ==="
# Update the PR description
gh pr edit 257 --body-file /tmp/updated_body.txt

echo ""
echo "=== Verification ==="
gh pr view 257 --json body -q .body

Length of output: 9476

---

@leynos, the PR description is already correct and aligned with the workflow files.

The description already references SHA 7f4cc57326d14b55f7eea300e0454653636fb6a1 throughout all sections, matching what's actually used in the four workflow files:

• .github/workflows/build-and-package.yml
• .github/workflows/ci.yml
• .github/workflows/netsukefile-test.yml
• .github/workflows/release.yml

The incorrect SHA (bd92b1e6...) mentioned in the initial PR objectives is not present in the current description, so no changes were needed. The discrepancy has been resolved.