chore(ci): fix ci bump outdated dependencies#155
chore(ci): fix ci bump outdated dependencies#155Tieske wants to merge 1 commit intoEvandroLG:masterfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Updates GitHub Actions CI to support Lua 5.5 and modernize the workflow dependencies to address compatibility issues with older tooling.
Changes:
- Bump runners from ubuntu-20.04 to ubuntu-22.04.
- Expand test matrix to include Lua 5.5.
- Switch Lua/LuaRocks setup actions and pin LuaRocks version.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| .github/workflows/unix_build.yml | Updates runner, adds Lua 5.5 to the matrix, and changes Lua/LuaRocks setup actions + LuaRocks version pinning. |
| .github/workflows/lint.yml | Updates runner and changes Lua/LuaRocks setup actions + LuaRocks version pinning. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| uses: actions/checkout@v4 | ||
|
|
||
| - uses: leafo/gh-actions-lua@v8 | ||
| - uses: luarocks/gh-actions-lua@master |
There was a problem hiding this comment.
Using GitHub Actions with @master is a supply-chain/stability risk because the workflow can change unexpectedly when the upstream repo updates. Pin these actions to a specific version tag (if available) or a commit SHA to make CI reproducible and reduce the risk of malicious or breaking changes being pulled into your pipeline.
| luaVersion: ${{ matrix.luaVersion }} | ||
|
|
||
| - uses: leafo/gh-actions-luarocks@v4 | ||
| - uses: luarocks/gh-actions-luarocks@master |
There was a problem hiding this comment.
Using GitHub Actions with @master is a supply-chain/stability risk because the workflow can change unexpectedly when the upstream repo updates. Pin these actions to a specific version tag (if available) or a commit SHA to make CI reproducible and reduce the risk of malicious or breaking changes being pulled into your pipeline.
| uses: actions/checkout@v4 | ||
|
|
||
| - uses: leafo/gh-actions-lua@v8 | ||
| - uses: luarocks/gh-actions-lua@master |
There was a problem hiding this comment.
Same concern here: pin luarocks/gh-actions-lua and luarocks/gh-actions-luarocks to a stable tag or commit SHA rather than @master, to prevent CI from breaking due to upstream changes and to keep builds deterministic.
| luaVersion: "5.4" | ||
|
|
||
| - uses: leafo/gh-actions-luarocks@v4 | ||
| - uses: luarocks/gh-actions-luarocks@master |
There was a problem hiding this comment.
Same concern here: pin luarocks/gh-actions-lua and luarocks/gh-actions-luarocks to a stable tag or commit SHA rather than @master, to prevent CI from breaking due to upstream changes and to keep builds deterministic.
| luaVersion: ${{ matrix.luaVersion }} | ||
|
|
||
| - uses: leafo/gh-actions-luarocks@v4 | ||
| - uses: luarocks/gh-actions-luarocks@master |
There was a problem hiding this comment.
I agree with Copilot here. Let's use v6 - WDYT?
The tests pass on Lua 5.5. The only problem is that
luacheckgets installed, which depends onargparse, which is not Lua 5.5 ready (see luarocks/argparse#35)