ci: age upstream release (6h) and pin per-slice macOS deployment targets (arm64 14.0, x64 13.3)

[danielhanchen]

Two pre-go-live refinements to the daily macOS prebuilt producer.

1. Age upstream releases before building (supply-chain delay)

Build only the newest ggml-org/llama.cpp release that has been public for at least UNSLOTH_LLAMA_MIN_RELEASE_AGE_HOURS (default 6h), instead of the absolute latest release.

A deliberate aging window is a supply-chain defense: if upstream publishes a compromised or broken release, the delay gives the community time to detect and yank it before we compile from that source and ship binaries to Studio users. We already build from upstream source (not their binaries) and pin our own deployment target, so this only changes which commit we pick, not how we build.

The resolve job selects the newest non-draft, non-prerelease release whose published_at is at least the window old:

CUTOFF=$(date -u -d "-${AGE_H} hours" +%s)
gh api 'repos/ggml-org/llama.cpp/releases?per_page=100' \
  --jq "[.[] | select(.draft==false and .prerelease==false) | select((.published_at|fromdateiso8601) <= ${CUTOFF})] | first | .tag_name"

• Default window: 6h (UNSLOTH_LLAMA_MIN_RELEASE_AGE_HOURS, set at the workflow level).
• Per-run override: the min_age_hours dispatch input.
• An explicit upstream_tag dispatch input still bypasses the filter for manual rebuilds.

2. Pin the macOS deployment target explicitly, per slice

Declare an explicit -DCMAKE_OSX_DEPLOYMENT_TARGET for each slice instead of inheriting the runner OS. The missing pin is exactly what let upstream's arm64 floor silently drift to minos=26 when their runner moved macos-14 to macos-26 (ggml-org#23878), breaking every arm64 release on macOS < 26.

The floors match upstream's own pre-ggml-org#23878 per-slice values:

Slice	Runner	Deployment target	Why
arm64	macos-14	14.0	Floor of upstream's last good arm64 release (b9415 = minos 14.0.0). No Apple Silicon Mac (M1, late 2020) is capped below 14, so this costs zero users and is the oldest Apple-security-supported macOS.
x64	macos-15-intel	13.3	Identical to upstream's own Intel leg. macOS 14 dropped the 2017 Kaby Lake Intel Macs, for which Ventura 13 is the last supported OS; 13.3 keeps them covered at no cost (a 13.3 binary still runs on 14/15/26).

Net effect: our binaries are floor-identical to pre-ggml-org#23878 upstream on both slices, with the one hardening that arm64's 14 is now declared rather than inherited. The load gate (assert_macho_minos.sh, called with each slice's target) fails any Mach-O whose minos exceeds its floor, so a future runner or SDK bump is caught before publish instead of shipping a broken binary.

Validation

• Aging: against live releases (checked 2026-05-31 11:47Z) the 6h window selects b9437 (published 2026-05-30 20:56Z), versus the absolute latest b9442 (2026-05-31 11:07Z).
• Floors: measured real upstream binaries -- b9415 arm64 = minos 14.0.0, x64 = minos 13.3.0; the broken b9442 arm64 = minos 26.0.0. Our targets reproduce the two good floors exactly.
• Gate: ver_key cap comparison re-checked per slice. cap=14.0 passes 13.3/14.0 and rejects 15.0/26.0; cap=13.3 passes 13.3 and rejects 14.0/15.0/26.0. YAML and bash syntax verified.