-
Notifications
You must be signed in to change notification settings - Fork 128
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: upload-artifact and download-artifact v4 (#3312)
# Summary - Fixes #3068 to use upload-artifact and download-artifact v4 - following up in slsa-framework/example-package#336 ## Testing Process This change is tested with our existing PR Check workflows that use both directly and indirectly call upload-artifact and download-artifact. - One test for `secure-upload-folder` should fail in this PR because it will use `secure-upload-artifact@main`. There's no workaround to dynamically use the PR's ref instead of `@main`, but after merging this PR, the test should start passing. ## Checklist - [x] Review the contributing [guidelines](./../CONTRIBUTING.md) - [x] Add a reference to related issues in the PR description. - [x] Update documentation if applicable. - [x] Add unit tests if applicable. - [x] Add changes to the [CHANGELOG](./../CHANGELOG.md) if applicable. --------- Signed-off-by: Ramon Petgrave <[email protected]> Signed-off-by: laurentsimon <[email protected]> Co-authored-by: laurentsimon <[email protected]>
- Loading branch information
1 parent
e64a212
commit b595e06
Showing
14 changed files
with
41 additions
and
33 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -193,12 +193,12 @@ jobs: | |
if: startsWith(github.ref, 'refs/tags/') | ||
steps: | ||
- name: Download artifact1 | ||
uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v2.1.0 | ||
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 | ||
with: | ||
name: artifact1 | ||
- name: Download artifact2 | ||
uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v2.1.0 | ||
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 | ||
with: | ||
name: artifact2 | ||
|
@@ -1483,7 +1483,7 @@ jobs: | |
# Do the build to create release_artifact_${{ runner.os }} | ||
- run: ... | ||
- uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 | ||
- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | ||
with: | ||
path: release_artifact_${{ runner.os }} | ||
name: release_artifact_${{ runner.os }} | ||
|
@@ -1538,7 +1538,7 @@ jobs: | |
# Do the build to create release_artifact_${{ runner.os }} | ||
- run: ... | ||
- uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 | ||
- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | ||
with: | ||
path: release_artifact_${{ runner.os }} | ||
name: release_artifact_${{ runner.os }} | ||
|
@@ -1639,9 +1639,12 @@ uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_s | |
|
||
### Compatibility with `actions/download-artifact` | ||
|
||
To download provenance (e.g., if you don't use `upload-assets`) you have to | ||
use [`actions/download-artifact@v3`](https://github.com/actions/download-artifact). | ||
The workflow uses [`actions/upload-artifact@3`](https://github.com/actions/upload-artifact) | ||
which is | ||
[not compatible](https://github.com/actions/download-artifact?tab=readme-ov-file#breaking-changes) | ||
with `actions/download-artifact@v4`. | ||
`[email protected]` and prior use [`actions/upload-artifact@v3`](https://github.com/actions/upload-artifact) and [`actions/download-artifact@v3`](https://github.com/actions/download-artifact) which are not backwards compatible the `@v4`s used in current versions of `slsa-github-generator`. | ||
The interface remains the same, however. If your own workflows want to download artifacts produced by our workflows, they must begin using `actions/download-artifact@v4`. For your other dependent workflows, you may find that you need to upgrade all of your uses of both of the actions to `@v4` to maintain compatibility. | ||
|
||
See more migration guidance | ||
|
||
- https://github.com/actions/upload-artifact/blob/main/docs/MIGRATION.md | ||
- https://github.com/actions/download-artifact/blob/main/docs/MIGRATION.md | ||
|
||
This is part of our effort to upgrade from the now-deprecated node16 that the `@v3`s used. `@v4s` use node20. |