actions/upload-artifact will exclude hidden files by default

[anqqa]

If the destination isn't set, the default .extracted-* will be excluded by default if trying to run actions/upload-artifact since actions/upload-artifact#598.

Workarounds:

• set destination to something not starting with . (dot) in this action
• or set include_hidden_files: true with actions/upload-artifact

[shrink]

Yikes, that's an unfortunate breaking change for GitHub to release outside of a major version. Thank you for letting me know @anqqa.

I think I regret the initial design for this action, which uses a random destination path on each run. I don't know why I thought that was useful, I think it was based on the expectation that someone might want to run the action multiple times as part of a single Workflow. Since then, the (very useful) option to specify a destination path was added as a contribution from @EliasVal in #20 which I think made this action much more usable and negates the need for random paths.

For the next major version, I'll update this action to use a stable default destination (e.g: actions-docker-extract-output) without a . so that addresses the breaking change from actions/upload-artifacts.

Regarding the actual impact of the breaking change in the context of this action, I took a look through some of the action's dependents to see which are using the dest option.

Repositories using the dest options so no risk:

• https://github.com/TykTechnologies/tyk
• https://github.com/3MFConsortium/lib3mf
• https://github.com/scikit-hep/awkward

Repositories not using dest but not using actions/upload-artifact:

• https://github.com/SPARQL-Anything/sparql.anything
• https://github.com/RedisGears/RedisGears
• https://github.com/windmill-labs/windmill
• https://github.com/googleapis/google-cloud-php

Repositories not using dest and using actions/upload-artifact:

• https://github.com/bytedance/Elkeid/

If this is a representative sample, it seems as though only a small number of the repositories using this action will be experiencing unexpected behaviour now that v3 of actions/upload-artifact is ignoring dot-files. I think that justifies releasing a patch to the current version of this action that removes the . from the random destination path (e.g: .extracted-1598717412 becomes extracted-1598717412). The fact that the destination path is random means changing it (probably) does not constitute a breaking change but I think removing the . means it might as theoretically a consumer could be relying on the default destination path starting with .?

Any thoughts on the above plan? Your feedback would be much appreciated! Thank you.

[anqqa]

Sounds good! You're right that removing the . in a patch release might cause an issue in some rare cases, although none comes to my mind where one would expect the dot to be there in a job run, but you never know 😅

So I would wager that removing it would solve more problems than cause?

[shrink]

@anqqa I've released v3.0.1 so that everyone using v3 will automatically get the fix. I explained my rationale for breaking semver in the release notes, hopefully this turns out to be the right decision 🤞 Thanks again for flagging this, much appreciated, I would not have seen it otherwise.