ci: use ubuntu-latest for coverage checks

[rami3l]

Similar to moonbitlang/core#1549, this should help mitigate our CI bottleneck caused by the shortage of macOS runners.

[peter-jerry-ye-code-review]

‼️ This code review is generated by a bot. Please verify the content before trusting it.

⚠️ [Potential Missing LLVM Dependencies on Ubuntu Runner]

• Category: Correctness
• Code Snippet: cargo tarpaulin -j 3 --ignore-tests --engine llvm --out Xml
• Recommendation: Ensure LLVM dependencies (like llvm-tools-preview Rust component) are installed in the workflow before running tarpaulin.
• Reasoning: The --engine llvm flag requires LLVM tools to be available. Ubuntu runners may not have these pre-installed, unlike macOS runners. Add a step like rustup component add llvm-tools-preview to prevent failures.

💡 [Suboptimal Parallel Job Count]

• Category: Performance
• Code Snippet: -j 3 in tarpaulin command
• Recommendation: Use -j 2 instead to match common GitHub runner core count
• Reasoning: GitHub-hosted Ubuntu runners typically have 2 vCPUs. Using 3 parallel jobs may cause resource contention and suboptimal scheduling compared to matching available cores.

ℹ️ [Explicit Tool Version Specification]

• Category: Maintainability
• Code Snippet: CARGO_TARPAULIN_VERSION environment variable usage
• Recommendation: Consider pinning to a specific version hash for security
• Reasoning: While the version variable is good practice, adding a checksum verification step when downloading binaries would improve supply chain security and prevent potential MITM attacks.

[rami3l]

@lynzrand Can you reproduce this locally on Linux x64?

[lynzrand]

@lynzrand Can you reproduce this locally on Linux x64?

Can confirm the 8% coverage regress locally on x64-linux. Rerunning with LLVM...

[rami3l]

It seems that cargo-tarpaulin will exit with an OOM error on our free CI runners. This is a known issue: xd009642/tarpaulin#1639.