diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 0c87ad9855f2e..7e1d811e08185 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -940,11 +940,7 @@ jobs: if: needs.changes.outputs.go == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main' runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest' }} steps: - - name: Harden Runner - uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 - with: - egress-policy: audit - + # Harden Runner doesn't work on macOS - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: @@ -957,6 +953,11 @@ jobs: echo "$(brew --prefix gnu-getopt)/bin" >> $GITHUB_PATH echo "$(brew --prefix make)/libexec/gnubin" >> $GITHUB_PATH + - name: Switch XCode Version + uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0 + with: + xcode-version: "16.0.0" + - name: Setup Go uses: ./.github/actions/setup-go diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2a6a14ded522d..3a32b58f62361 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -36,11 +36,7 @@ jobs: build-dylib: runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest' }} steps: - - name: Harden Runner - uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 - with: - egress-policy: audit - + # Harden Runner doesn't work on macOS. - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: @@ -61,6 +57,11 @@ jobs: echo "$(brew --prefix gnu-getopt)/bin" >> $GITHUB_PATH echo "$(brew --prefix make)/libexec/gnubin" >> $GITHUB_PATH + - name: Switch XCode Version + uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0 + with: + xcode-version: "16.0.0" + - name: Setup Go uses: ./.github/actions/setup-go