Skip to content

Bump actions/upload-artifact from 5 to 6#143

Merged
docktermj merged 4 commits into
mainfrom
dependabot/github_actions/actions/upload-artifact-6
Dec 25, 2025
Merged

Bump actions/upload-artifact from 5 to 6#143
docktermj merged 4 commits into
mainfrom
dependabot/github_actions/actions/upload-artifact-6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Dec 15, 2025

Copy link
Copy Markdown
Contributor

Bumps actions/upload-artifact from 5 to 6.

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

Commits
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • ddc45ed docs: update README to correct action name for Node.js 24 support
  • 615b319 chore: release v6.0.0 for Node.js 24 support
  • 017748b Merge pull request #744 from actions/fix-storage-blob
  • 38d4c79 chore: rebuild dist
  • 7d27270 chore: add missing license cache files for @​actions/core, @​actions/io, and mi...
  • 5f643d3 chore: update license files for @​actions/artifact@​5.0.1 dependencies
  • 1df1684 chore: update package-lock.json with @​actions/artifact@​5.0.1
  • b5b1a91 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Resolves #745
Resolves #744
Resolves actions/upload-artifact#719
Resolves actions/upload-artifact#744
Resolves actions/upload-artifact#745

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v5...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Dec 15, 2025
@dependabot dependabot Bot requested a review from a team as a code owner December 15, 2025 15:08
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Dec 15, 2025
@github-actions

Copy link
Copy Markdown

🤖 Claude Code Review

Automated Code Review

Summary

This PR updates the GitHub Actions actions/upload-artifact action from v5 to v6 across multiple workflow files. This is a straightforward dependency update.


Detailed Review

✅ Code Quality

  • Code follows style guide: The changes are minimal YAML updates that follow standard GitHub Actions syntax and formatting conventions.
  • No commented-out code: None present.
  • Meaningful variable names: N/A - no new variables introduced.
  • DRY principle followed: The same update pattern is consistently applied across all workflow files.
  • Defects: No bugs, logic errors, or security vulnerabilities identified. This is a version bump of an official GitHub action.
  • Project memory: No .claude/CLAUDE.md file found in the repository to consider.

⚠️ Testing

  • Unit tests for new functions: N/A - No functional code changes.
  • Integration tests for new endpoints: N/A - No new endpoints.
  • Edge cases covered: N/A - This is an infrastructure change.
  • ⚠️ Test coverage > 80%: Cannot verify from diff alone, but this change doesn't affect code coverage since it's a workflow update.

Note: Testing requirements don't apply to GitHub Actions workflow updates. However, it's recommended to verify that the workflows run successfully after this change, particularly ensuring upload-artifact@v6 is compatible with the existing workflow logic.

⚠️ Documentation

  • ⚠️ Readme updated if needed: The README doesn't typically document GitHub Actions versions, so no update needed.
  • API docs updated: N/A - No API changes.
  • Inline comments for complex logic: N/A - The changes are self-explanatory.
  • CHANGELOG.md updated: No CHANGELOG.md update detected in the diff. If this project maintains a changelog, this dependency update should be documented.
  • Markdown files follow CommonMark: No markdown files modified in this PR.

Recommendation: Check if CHANGELOG.md should include an entry noting the GitHub Actions dependency update.

✅ Security

  • No hardcoded credentials: None present.
  • Input validation implemented: N/A - No new inputs.
  • Proper error handling: Existing error handling unchanged.
  • No sensitive data in logs: No changes to logging behavior.
  • No license files or AQAAAD strings: None detected in the diff.

Files Changed

  1. .github/workflows/go-test-darwin.yaml - Lines 68, 74
  2. .github/workflows/go-test-linux.yaml - Lines 70, 76, 82
  3. .github/workflows/go-test-windows.yaml - Lines 64, 70
  4. .github/workflows/publish-to-pypi.yaml - Line 48

Recommendations

  1. CHANGELOG: Consider adding an entry to CHANGELOG.md documenting this infrastructure update.
  2. Breaking Changes: Review the upload-artifact v6 migration guide to ensure no breaking changes affect your workflows. Notable changes in v6 include:
    • Artifact names must be unique within a workflow run
    • Changes to artifact retention and storage
  3. Test Workflows: After merging, monitor the first workflow runs to ensure artifacts upload successfully with v6.

Overall Assessment

✅ APPROVED - This is a clean dependency update with no functional code changes. The update is consistently applied across all affected workflow files. The main recommendation is to verify CHANGELOG documentation and monitor workflow execution after deployment.

Automated code review analyzing defects and coding standards

@docktermj docktermj self-assigned this Dec 15, 2025
@docktermj docktermj added the blocked Cannot make progress label Dec 15, 2025
@docktermj docktermj enabled auto-merge (squash) December 15, 2025 16:15
@github-actions

Copy link
Copy Markdown

🤖 Claude Code Review

Code Review Analysis

Code Quality

✅ Code follows style guide

The changes are minimal dependency version bumps in GitHub Actions workflow files. No actual code changes to review against the style guide.

✅ No commented-out code

No commented-out code present in the diff.

✅ Meaningful variable names

N/A - No variable name changes in this PR.

✅ DRY principle followed

N/A - The changes are identical updates across multiple workflow files, which is appropriate for dependency version bumps.

✅ No defects identified

The upgrade from actions/upload-artifact@v5 to v6 is a straightforward version bump. However, there are breaking changes in v6 that need attention:

⚠️ Potential Issue - Artifact Name Conflicts:

In .github/workflows/go-test-linux.yaml:70-82, there are two Store coverage file steps with different artifact names:

  • First: name: cover.out (line 72)
  • Second: name: "cover-${{ matrix.senzingsdk-version }}.out" (line 78)

In actions/upload-artifact@v6, artifacts are now immutable and artifact names must be unique across the entire workflow run. With the matrix strategy, the second upload will succeed for each matrix job, but the first upload uses a static name cover.out which will cause conflicts if multiple matrix jobs run concurrently.

Recommendation: The first "Store coverage file" step at line 70 should either:

  1. Be removed (if duplicate), or
  2. Use a unique name like "cover-base-${{ matrix.senzingsdk-version }}.out"

✅ Project memory configuration

No ./.claude/CLAUDE.md file found in the repository to consider.

Testing

⚠️ Testing considerations

  • ✅ These are workflow file changes, not application code, so unit tests don't apply
  • Recommendation: These workflow changes should be tested in a non-production branch first to ensure the v6 upgrade doesn't break artifact collection, especially given the duplicate artifact name issue identified above

N/A Test coverage

Not applicable for workflow configuration files.

Documentation

✅ README update not needed

This is a dependency version bump that doesn't affect user-facing functionality.

✅ API docs not affected

No API changes.

✅ Inline comments

Workflow files are self-documenting; no complex logic requiring comments.

❌ CHANGELOG.md not updated

The PR should include a CHANGELOG.md entry documenting the upgrade to actions/upload-artifact@v6. This is a dependency update that could have breaking changes.

Recommendation: Add entry like:

### Changed
- Upgraded GitHub Actions `actions/upload-artifact` from v5 to v6 across all workflow files

N/A Markdown formatting

No markdown files modified in this PR.

Security

✅ No hardcoded credentials

No credentials present.

✅ Input validation

Not applicable for this change.

✅ Proper error handling

Workflows use if: always() appropriately for test log uploads.

✅ No sensitive data in logs

No logging changes.

✅ No license files

No .lic files or AQAAAD strings detected in the diff.


Summary

Status: ⚠️ Changes Requested

Critical Issues:

  1. .github/workflows/go-test-linux.yaml:70-82 - Duplicate artifact name cover.out will cause conflicts with upload-artifact@v6 due to immutable artifacts and required unique names across workflow runs

Minor Issues:

  1. CHANGELOG.md - Should be updated to document the dependency upgrade

Recommendations:

  1. Fix the duplicate artifact naming issue in the Linux workflow
  2. Test these workflow changes in a feature branch before merging to ensure artifact collection works correctly with v6
  3. Update CHANGELOG.md

The PR is otherwise clean - it's a straightforward dependency version bump across four workflow files with consistent application of the change.

Automated code review analyzing defects and coding standards

@github-actions

Copy link
Copy Markdown

🤖 Claude Code Review

Code Review Analysis

Code Quality

✅ Code follows style guide

The changes are minimal and consist only of version bumps in GitHub Actions workflow files. These follow the standard YAML syntax and GitHub Actions conventions.

✅ No commented-out code

No commented-out code present in the diff.

✅ Meaningful variable names

N/A - No new variables introduced. Existing workflow configuration uses clear naming conventions.

✅ DRY principle followed

N/A - Changes are repetitive by nature (version bumps across multiple workflow files), which is appropriate for this type of update.

✅ No defects identified

The changes upgrade actions/upload-artifact from v5 to v6. This is a straightforward dependency update with no logic changes. No bugs, race conditions, or security vulnerabilities introduced.

Note: According to the git status, actions/download-artifact was recently bumped from v6 to v7 (commit 5896db2). You should verify that upload-artifact@v6 is compatible with download-artifact@v7 if these artifacts are consumed in other workflows.

⚠️ Project memory configuration

No .claude/CLAUDE.md file found in the repository, so this check is not applicable.

Testing

⚠️ Unit tests for new functions

N/A - No new functions added. This is an infrastructure update only.

⚠️ Integration tests for new endpoints

N/A - No new endpoints added.

⚠️ Edge cases covered

N/A - No new logic to test.

⚠️ Test coverage > 80%

N/A - No code changes that would affect test coverage. The workflows themselves test the actual application code.

Documentation

⚠️ Readme updated if needed

Not required - This is a minor GitHub Actions dependency update that doesn't affect user-facing functionality or developer workflows.

⚠️ API docs updated

N/A - No API changes.

⚠️ Inline comments for complex logic

N/A - No complex logic added.

❌ CHANGELOG.md updated

File: CHANGELOG.md (if it exists at project root)

The CHANGELOG should be updated to document this dependency update, even though it's minor. This helps maintain a complete history of infrastructure changes.

Recommendation: Add an entry like:

### Changed
- Updated GitHub Actions `upload-artifact` from v5 to v6 across all workflow files

✅ Markdown files formatting

N/A - No markdown files modified in this PR.

Security

✅ No hardcoded credentials

No credentials present in the changes.

✅ Input validation implemented

N/A - No new inputs added.

✅ Proper error handling

N/A - No new error handling needed. The workflows maintain existing error handling with if: always() conditions.

✅ No sensitive data in logs

No sensitive data exposed in the changes.

✅ No license files (.lic) or AQAAAD strings

No license files or suspicious strings present in the diff.


Summary

Overall Assessment: ✅ APPROVED with minor recommendation

This is a clean, straightforward dependency update that upgrades the actions/upload-artifact action from v5 to v6 across four workflow files:

  • .github/workflows/go-test-darwin.yaml (2 occurrences)
  • .github/workflows/go-test-linux.yaml (3 occurrences)
  • .github/workflows/go-test-windows.yaml (2 occurrences)
  • .github/workflows/publish-to-pypi.yaml (1 occurrence)

Recommendations:

  1. Update CHANGELOG.md to document this infrastructure change
  2. Verify compatibility: Ensure upload-artifact@v6 is compatible with download-artifact@v7 (which was recently updated per commit 5896db2). Check if any workflows download these artifacts and test the integration.
  3. Consider: Review the v6 release notes for upload-artifact to understand any breaking changes or new features: https://github.com/actions/upload-artifact/releases

The code quality is excellent, and no security concerns were identified.

Automated code review analyzing defects and coding standards

@github-actions

Copy link
Copy Markdown

🤖 Claude Code Review

Code Review Analysis

✅ Code Quality

Style Guide Compliance

Code follows style guide - The changes are GitHub Actions workflow updates that follow YAML formatting conventions. The modifications are consistent and well-formatted.

No Commented-Out Code

No commented-out code - All changes are clean updates to action versions without any commented code.

Meaningful Variable Names

Meaningful variable names - Not applicable for this change; only version numbers are being updated.

DRY Principle

DRY principle followed - The same update pattern is consistently applied across all workflow files.

Defect Analysis

No defects identified - The upgrade from actions/upload-artifact@v5 to v6 is a straightforward dependency update. However, note:

  • Potential Breaking Change Warning: Actions v6 may have breaking changes. According to GitHub's documentation, v6 artifacts are not backwards compatible with v5. Artifacts uploaded with v6 cannot be downloaded by v5 actions.
  • All workflow files consistently update to v6, which is good for compatibility.
  • No logic errors, edge cases, or security vulnerabilities introduced.

Project Memory Configuration

⚠️ Unable to verify - No .claude/CLAUDE.md file found in the repository to check project-specific guidelines.


✅ Testing

Unit Tests

Not required - This is a GitHub Actions workflow infrastructure update that doesn't require new unit tests.

Integration Tests

Not required - The workflows themselves serve as integration tests and will validate the upgrade when they run.

Edge Cases

Covered - The upgrade is applied consistently across:

  • .github/workflows/go-test-darwin.yaml:68, 73
  • .github/workflows/go-test-linux.yaml:70, 76, 82
  • .github/workflows/go-test-windows.yaml:64, 69
  • .github/workflows/publish-to-pypi.yaml:48

Test Coverage

Not applicable - Infrastructure change doesn't affect code coverage metrics.


⚠️ Documentation

Readme Updated

Not needed - This internal workflow change doesn't require README updates.

API Docs

Not applicable - No API changes in this PR.

Inline Comments

Not needed - The changes are self-explanatory version updates.

CHANGELOG.md

CHANGELOG.md not updated - This dependency update should be documented in the CHANGELOG. The change upgrades a critical GitHub Actions dependency and should be noted for transparency and troubleshooting purposes.

Recommendation: Add an entry like:

## [Unreleased]
### Changed
- Updated GitHub Actions `actions/upload-artifact` from v5 to v6 across all workflows

Markdown Formatting

Not applicable - No markdown files were modified in this PR.


✅ Security

No Hardcoded Credentials

Clean - No credentials present in the changes.

Input Validation

Not applicable - No user input handling in these changes.

Error Handling

Proper error handling maintained - The if: always() condition on upload test log steps is preserved (lines 73, 82, 69 in respective files).

Sensitive Data in Logs

No issues - No sensitive data logging introduced.

License Files

No license files - No .lic files or AQAAAD strings detected in the diff.


Summary

Overall Assessment: ✅ APPROVED with minor documentation recommendation

This is a clean, straightforward infrastructure upgrade that updates GitHub Actions dependencies consistently across all workflow files. The only improvement needed is adding a CHANGELOG entry to document this dependency update.

Required Actions:

  • Must: None (code is ready to merge)

Recommended Actions:

  • Should: Add CHANGELOG.md entry documenting the actions/upload-artifact upgrade from v5 to v6

Notes:

  • The upgrade to v6 is appropriate and maintains consistency across all workflows
  • Be aware that artifacts uploaded with v6 cannot be downloaded by v5 actions (breaking change)
  • All test and coverage artifact uploads are consistently updated

Automated code review analyzing defects and coding standards

@docktermj docktermj merged commit ab9092b into main Dec 25, 2025
61 checks passed
@docktermj docktermj deleted the dependabot/github_actions/actions/upload-artifact-6 branch December 25, 2025 14:01
@docktermj docktermj removed the blocked Cannot make progress label Dec 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants