ci(aur): bump deploy-aur action v4.1.1 -> v4.1.3 (fix bash --command crash)

[BANANASJIM]

Summary

Fix-forward: the AUR Publish workflow failed on the v0.5.5 tag (run 26001352704, job Publish rdc-cli (stable)) with bash: --command: invalid option, before any AUR git operation.

Root cause is in the pinned action itself, not our config: KSXGitHub/github-actions-deploy-aur at v4.1.1 (2ac5a4c…) ends its entrypoint.sh with exec runuser builder --command 'bash -l -c /build.sh'. With the util-linux runuser in the current archlinux:base image this uses the su(1)-compatible form, so --command … is passed to bash as a flag — bash has no --command, it crashes before /build.sh runs. The post_process: git checkout -B master input is never reached and is innocent. The workflow was green on earlier tags; a recent Arch base image surfaced this latent action bug (present v3.0.1–v4.1.1; upstream fixed it in v4.1.2/v4.1.3).

Change

Bump both pins in .github/workflows/aur.yml (jobs aur-git, aur-stable) from 2ac5a4c… # v4.1.1 to da03e160361ce01bf087e790b6ffd196d7dccff7 # v4.1.3. force_push: true and post_process: git checkout -B master unchanged.

gh api compare/v4.1.1...v4.1.3 confirms only README.md + entrypoint.sh changed between the two tags — build.sh is byte-identical, so the #183 (detached-HEAD → post_process) and #184 (force_push) fixes are fully preserved; only the entrypoint crash is fixed.

Residual risk (inherent, monitor): the action is using: docker FROM archlinux:base with no digest pin, so a future Arch base change could break it again regardless of action tag.

After merge

v0.5.5 PyPI + GitHub Release already shipped; only the AUR package is outstanding. Once merged, the v0.5.5 AUR rdc-cli package is backfilled by running AUR Publish via workflow_dispatch with version=0.5.5.

OpenSpec: openspec/changes/2026-05-17-fix-aur-deploy-action-v413/.

Summary by CodeRabbit

• Chores

  • Updated the AUR package publishing workflow to resolve prior deployment failures.

• Documentation

  • Added specification proposal, task checklist, and test plan for the workflow update.

[qodo-code-review]

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

[greptile-apps]

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR updates the AUR publish workflow to use KSXGitHub/github-actions-deploy-aur v4.1.3, fixing a bash invocation incompatibility with newer Docker images. It includes root-cause analysis, test procedures, and operational verification steps.

Changes

AUR Deploy Action Pin Upgrade

Layer / File(s)	Summary
Root cause analysis and workflow pin update openspec/changes/2026-05-17-fix-aur-deploy-action-v413/proposal.md, .github/workflows/aur.yml	Proposal document explains the bash: --command: invalid option crash on v0.5.5, traces it to the pinned action's runuser invocation pattern incompatible with newer archlinux:base, and specifies the pin bump to v4.1.3. Both aur-git and aur-stable job pins are updated from v4.1.1 (commit 2ac5a4c1...) to v4.1.3 (commit da03e160...).
Test plan and operational checklist openspec/changes/2026-05-17-fix-aur-deploy-action-v413/test-plan.md, openspec/changes/2026-05-17-fix-aur-deploy-action-v413/tasks.md	Test plan includes static pre-merge verification (SHA pin count, YAML syntax) and post-merge live checks (workflow execution, AUR package version). Tasks checklist documents PR workflow, version 0.5.5 backfill dispatch, and success acceptance criteria.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• BANANASJIM/rdc-cli#178: Prior upgrade of KSXGitHub/github-actions-deploy-aur action version in the same aur-git/aur-stable jobs, setting the context for this v4.1.3 bump.
• BANANASJIM/rdc-cli#200: Related modification to .github/workflows/aur.yml AUR deploy action configuration, adding force_push: true flag.

Poem

🐰 A bunny pins the Docker dance just right,
\
No more bash complaints in the night—
\
v4.1.3 runs smooth and clean,
\
The archive now breathes and is seen! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and specifically summarizes the main change: bumping the deploy-aur action version with the concrete versions and the key issue (bash --command crash) being fixed.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/aur-deploy-action-v413

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

openspec/changes/2026-05-17-fix-aur-deploy-action-v413/proposal.md (1)

10-12: 💤 Low value

Add language identifier to fenced code block.

Specify the language for better rendering and accessibility.

📝 Proposed fix

-```
+```text
 bash: --command: invalid option

</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @openspec/changes/2026-05-17-fix-aur-deploy-action-v413/proposal.md around
lines 10 - 12, The fenced code block in proposal.md lacks a language identifier;
update the triple-backtick fence that contains "bash: --command: invalid option"
to include a language tag (e.g., text or bash) so the snippet renders
correctly and improves accessibility—locate the fenced block in the file and add
the chosen language after the opening backticks.

</details>

</blockquote></details>

</blockquote></details>

<details>
<summary>🤖 Prompt for all review comments with AI agents</summary>

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @openspec/changes/2026-05-17-fix-aur-deploy-action-v413/proposal.md:

• Around line 10-12: The fenced code block in proposal.md lacks a language
  identifier; update the triple-backtick fence that contains "bash: --command:
  invalid option" to include a language tag (e.g., text or bash) so the
  snippet renders correctly and improves accessibility—locate the fenced block in
  the file and add the chosen language after the opening backticks.

</details>

---

<details>
<summary>ℹ️ Review info</summary>

<details>
<summary>⚙️ Run configuration</summary>

**Configuration used**: defaults

**Review profile**: CHILL

**Plan**: Pro

**Run ID**: `cdfa384a-d8e8-42f5-b91f-aeeb191c8aaa`

</details>

<details>
<summary>📥 Commits</summary>

Reviewing files that changed from the base of the PR and between 1c37444d9c9cbbfcb89cdc85946eb485f8d16d7b and 7b6802badbc1858c43edf19b4dbae5f75b52ee37.

</details>

<details>
<summary>📒 Files selected for processing (4)</summary>

* `.github/workflows/aur.yml`
* `openspec/changes/2026-05-17-fix-aur-deploy-action-v413/proposal.md`
* `openspec/changes/2026-05-17-fix-aur-deploy-action-v413/tasks.md`
* `openspec/changes/2026-05-17-fix-aur-deploy-action-v413/test-plan.md`

</details>

</details>

<!-- This is an auto-generated comment by CodeRabbit for review status -->