ruby.git/.github/workflows/tarball-macos.yml, branch master The Ruby Programming Language Pass only the required secrets to tarball reusable workflows 2026-05-29T02:30:03+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2026-05-29T00:51:16+00:00 daea48078cd029b16ef5a4a31fe7fedf72bb00f0 Replace secrets: inherit with explicit Slack webhook secrets, which are the only secrets the ubuntu/macos/windows builds use. tarball-non-development uses no secrets, so drop inherit there entirely. 
Replace secrets: inherit with explicit Slack webhook secrets, which are
the only secrets the ubuntu/macos/windows builds use. tarball-non-development
uses no secrets, so drop inherit there entirely.
Restrict GITHUB_TOKEN permissions in tarball reusable workflows 2026-05-29T02:30:03+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2026-05-29T00:47:58+00:00 28c8bef6d78f4fc50e7e14afd5dd7c121e2639e6 These reusable workflows only check out, download artifacts, build, and test, so contents: read is sufficient. 
These reusable workflows only check out, download artifacts, build, and
test, so contents: read is sufficient.
Run macOS CI on macos-26 by default 2026-05-29T00:29:07+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2026-05-28T23:39:37+00:00 5c762e786bb14ec46a15e1073e1d806fa9a39a1c Make macos-26 the default runner across the macOS workflows and keep macos-15, macos-15-intel, and macos-14 as regression coverage on the key check jobs and on the tarball build verification. 
Make macos-26 the default runner across the macOS workflows and keep
macos-15, macos-15-intel, and macos-14 as regression coverage on the
key check jobs and on the tarball build verification.
Bump the github-actions group across 1 directory with 5 updates 2026-05-22T03:25:38+00:00 dependabot[bot] 49699333+dependabot[bot]@users.noreply.github.com 2026-05-22T02:15:06+00:00 d90401d2dabf957e9341a777788d8f60cda76177 Bumps the github-actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [ruby/setup-ruby](https://github.com/ruby/setup-ruby) | `1.307.0` | `1.310.0` | | [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.5.3` | `0.5.6` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.35.4` | `4.35.5` | | [ruby/action-slack](https://github.com/ruby/action-slack) | `3.2.2` | `4.0.0` | | [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.78.0` | `2.79.4` | Updates `ruby/setup-ruby` from 1.307.0 to 1.310.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/6aaa311d81eba98ae12eaffbcb63296ace0efcde...afeafc3d1ab54a631816aba4c914a0081c12ff2f) Updates `zizmorcore/zizmor-action` from 0.5.3 to 0.5.6 - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](https://github.com/zizmorcore/zizmor-action/compare/b1d7e1fb5de872772f31590499237e7cce841e8e...5f14fd08f7cf1cb1609c1e344975f152c7ee938d) Updates `github/codeql-action` from 4.35.4 to 4.35.5 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...9e0d7b8d25671d64c341c19c0152d693099fb5ba) Updates `ruby/action-slack` from 3.2.2 to 4.0.0 - [Release notes](https://github.com/ruby/action-slack/releases) - [Commits](https://github.com/ruby/action-slack/compare/54175162371f1f7c8eb94d7c8644ee2479fcd375...d260b61aa817726d5bedd22dd6cc305787fa4cdd) Updates `taiki-e/install-action` from 2.78.0 to 2.79.4 - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/taiki-e/install-action/compare/e1c4cd42111751368541a7cb5db3522bd1f846a4...e0eafa9a0d485c37f97c0f7beb930a58a2facbac) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-version: 1.310.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: zizmorcore/zizmor-action dependency-version: 0.5.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.35.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: ruby/action-slack dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: taiki-e/install-action dependency-version: 2.79.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> 
Bumps the github-actions group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [ruby/setup-ruby](https://github.com/ruby/setup-ruby) | `1.307.0` | `1.310.0` |
| [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.5.3` | `0.5.6` |
| [github/codeql-action](https://github.com/github/codeql-action) | `4.35.4` | `4.35.5` |
| [ruby/action-slack](https://github.com/ruby/action-slack) | `3.2.2` | `4.0.0` |
| [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.78.0` | `2.79.4` |



Updates `ruby/setup-ruby` from 1.307.0 to 1.310.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/6aaa311d81eba98ae12eaffbcb63296ace0efcde...afeafc3d1ab54a631816aba4c914a0081c12ff2f)

Updates `zizmorcore/zizmor-action` from 0.5.3 to 0.5.6
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](https://github.com/zizmorcore/zizmor-action/compare/b1d7e1fb5de872772f31590499237e7cce841e8e...5f14fd08f7cf1cb1609c1e344975f152c7ee938d)

Updates `github/codeql-action` from 4.35.4 to 4.35.5
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...9e0d7b8d25671d64c341c19c0152d693099fb5ba)

Updates `ruby/action-slack` from 3.2.2 to 4.0.0
- [Release notes](https://github.com/ruby/action-slack/releases)
- [Commits](https://github.com/ruby/action-slack/compare/54175162371f1f7c8eb94d7c8644ee2479fcd375...d260b61aa817726d5bedd22dd6cc305787fa4cdd)

Updates `taiki-e/install-action` from 2.78.0 to 2.79.4
- [Release notes](https://github.com/taiki-e/install-action/releases)
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/taiki-e/install-action/compare/e1c4cd42111751368541a7cb5db3522bd1f846a4...e0eafa9a0d485c37f97c0f7beb930a58a2facbac)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.310.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.5.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: 4.35.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: ruby/action-slack
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: taiki-e/install-action
  dependency-version: 2.79.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 Use default openssl on macOS tarball-test 2026-05-22T01:31:11+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2026-05-22T00:27:42+00:00 dfe5caec5b06691a4f917c7a136978a53cbdc13a Pin to brew's default openssl (currently openssl@3) instead of forcing openssl@1.1 so the tarball CI tracks the version we actually ship and support, and stops relying on a long-EOL formula. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 
Pin to brew's default openssl (currently openssl@3) instead of forcing
openssl@1.1 so the tarball CI tracks the version we actually ship and
support, and stops relying on a long-EOL formula.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Drop readline and curses from tarball-test dependency install 2026-05-22T01:31:11+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2026-05-22T00:24:46+00:00 1a5cf207a206eb05f259d524678a68923eb3a2e4 ext/readline and ext/curses are no longer shipped from ruby/ruby, so libreadline / libncurses are unused at build and run time. Remove them from apt / brew / vcpkg lists, drop the matching --with-readline-dir configure flag on macOS, and simplify the Windows DLL symlink loop that was carved out to skip readline.dll. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 
ext/readline and ext/curses are no longer shipped from ruby/ruby, so
libreadline / libncurses are unused at build and run time. Remove them
from apt / brew / vcpkg lists, drop the matching --with-readline-dir
configure flag on macOS, and simplify the Windows DLL symlink loop that
was carved out to skip readline.dll.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Use archname as Slack link label for tarball-test failures 2026-05-22T01:31:11+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2026-05-22T00:21:31+00:00 93fc48add9ce2d4d4d164eaa0fd41282a8ee0047 Before the workflows were unified into the tarball-test reusable, the github.workflow value itself encoded the branch (snapshot-master / snapshot-ruby_3_4 etc.) and made schedule notifications self-describing. The unified workflow collapsed that to "tarball-test", so put inputs.archname back into the link label to restore the prior signal. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 
Before the workflows were unified into the tarball-test reusable, the
github.workflow value itself encoded the branch (snapshot-master /
snapshot-ruby_3_4 etc.) and made schedule notifications self-describing.
The unified workflow collapsed that to "tarball-test", so put
inputs.archname back into the link label to restore the prior signal.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Disable credential persistence in tarball-test slack checkout 2026-05-22T01:31:11+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2026-05-21T21:45:04+00:00 229288e42548df7ffdf419cd25262e7b262e1842 The sparse checkout used to expose .github/actions/slack on failure inherits the default persist-credentials: true, which leaves the GITHUB_TOKEN in the workspace git config. Match the convention used by mingw.yml / wasm.yml / parse_y.yml and silence the zizmor credential persistence warning. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 
The sparse checkout used to expose .github/actions/slack on failure
inherits the default persist-credentials: true, which leaves the
GITHUB_TOKEN in the workspace git config. Match the convention used by
mingw.yml / wasm.yml / parse_y.yml and silence the zizmor credential
persistence warning.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Route tarball-test failure Slack through the shared composite 2026-05-22T01:31:11+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2026-05-21T21:22:38+00:00 76e2c73d65a3e119e6d3e6aa2b06c28aaacc843a Direct ruby/action-slack calls fired on every failure() including fork PRs, where secrets.SIMPLER_ALERTS_URL is empty and the action crashed with 'Cannot read properties of null'. Switch the SIMPLER_ALERTS_URL step to ./.github/actions/slack so the existing push-only and ruby/* repository guards apply, matching the 21 other workflows that already go through this composite. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 
Direct ruby/action-slack calls fired on every failure() including fork
PRs, where secrets.SIMPLER_ALERTS_URL is empty and the action crashed
with 'Cannot read properties of null'. Switch the SIMPLER_ALERTS_URL
step to ./.github/actions/slack so the existing push-only and
ruby/* repository guards apply, matching the 21 other workflows that
already go through this composite.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Route tarball-test failure notifications to two Slack channels 2026-05-21T04:39:15+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2026-05-21T02:14:08+00:00 187a056e78dcea0dd69645955b0994485e05d0fc SIMPLER_ALERTS_URL always fires on failure so developer-facing CI (PR, push, merge_group, manual dispatch) surfaces breakage in the ruby-core channel. notify-release-channel additionally routes to SNAPSHOT_SLACK_WEBHOOK_URL for the daily snapshot dispatcher and future draft-release callers, with the same payload schema as before except commit now comes from github.sha. 
SIMPLER_ALERTS_URL always fires on failure so developer-facing CI
(PR, push, merge_group, manual dispatch) surfaces breakage in the
ruby-core channel. notify-release-channel additionally routes to
SNAPSHOT_SLACK_WEBHOOK_URL for the daily snapshot dispatcher and
future draft-release callers, with the same payload schema as before
except commit now comes from github.sha.