Skip to content

Bump actions/upload-artifact from 5 to 6 #248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
docktermj merged 1 commit into from
Dec 15, 2025
Merged

Bump actions/upload-artifact from 5 to 6 #248

docktermj merged 1 commit into from
Dec 15, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 15, 2025
edited by github-actions bot
Loading

Bumps actions/upload-artifact from 5 to 6.

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

Commits
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • ddc45ed docs: update README to correct action name for Node.js 24 support
  • 615b319 chore: release v6.0.0 for Node.js 24 support
  • 017748b Merge pull request #744 from actions/fix-storage-blob
  • 38d4c79 chore: rebuild dist
  • 7d27270 chore: add missing license cache files for @​actions/core, @​actions/io, and mi...
  • 5f643d3 chore: update license files for @​actions/artifact@​5.0.1 dependencies
  • 1df1684 chore: update package-lock.json with @​actions/artifact@​5.0.1
  • b5b1a91 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Resolves #745
Resolves #744
Resolves actions/upload-artifact#719
Resolves actions/upload-artifact#744
Resolves actions/upload-artifact#745

@dependabot
Bump actions/upload-artifact from 5 to 6
935c799 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v5...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Dec 15, 2025
@dependabot dependabot bot requested a review from a team as a code owner December 15, 2025 04:07
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Dec 15, 2025
@github-actions
Copy link

github-actions bot commented Dec 15, 2025

🤖 Claude Code Review

Code Review Analysis

Summary

This PR updates the actions/upload-artifact GitHub Action from v5 to v6 across three workflow files. This is a straightforward dependency update with no code changes.

Code Quality

Code follows style guide - N/A for GitHub Actions workflow files. The YAML formatting is consistent and follows GitHub Actions conventions.

No commented-out code - No commented code found.

Meaningful variable names - N/A, no new variables introduced.

DRY principle followed - The change is consistently applied across all three workflow files.

Defects - No bugs, logic errors, or security vulnerabilities introduced. This is a simple version bump of a GitHub Actions action.

Project memory configuration - No .claude/CLAUDE.md file exists in the repository to check against.

Testing

⚠️ Unit tests for new functions - N/A for workflow changes, but consider:

  • The workflow changes should be tested by observing the next CI run
  • Verify that artifact uploads still work correctly with v6

⚠️ Integration tests - N/A for GitHub Actions updates, but manual verification recommended.

Edge cases covered - The if: always() condition is preserved for test log uploads, ensuring logs are captured even on failure.

⚠️ Test coverage > 80% - N/A for workflow files.

Documentation

⚠️ Readme updated if needed - No README update required for dependency bumps in CI workflows.

API docs updated - N/A

Inline comments for complex logic - N/A

CHANGELOG.md updated - The CHANGELOG.md file should document this dependency update. Let me verify if it exists and check if it was updated.

Markdown formatting - N/A, no markdown files modified.

Security

No hardcoded credentials - No credentials present.

Input validation implemented - N/A

Proper error handling - The if: always() condition ensures error scenarios are handled for log uploads.

No sensitive data in logs - No changes to logging behavior.

No license files (.lic) or AQAAAD strings - Not present in this diff.

Detailed Findings

⚠️ Potential Issues

  1. CHANGELOG.md not updated - This dependency update should be documented in the CHANGELOG.md file if one exists in the repository.

  2. Breaking changes consideration - The upgrade from v5 to v6 of actions/upload-artifact includes breaking changes:

    • v6 uses a different backend storage mechanism
    • Artifacts are scoped to the workflow run (not shared across workflows)
    • Artifact names must be unique within a workflow run

    Specific concern: All three workflow files use the same artifact names (cover.out and test-log). If these workflows run in parallel as part of the same workflow run, there may be naming conflicts. Consider adding platform-specific prefixes:

    • .github/workflows/go-test-darwin.yaml:44 - Use darwin-cover.out instead of cover.out
    • .github/workflows/go-test-linux.yaml:45 - Use linux-cover.out instead of cover.out
    • .github/workflows/go-test-windows.yaml:43 - Use windows-cover.out instead of cover.out

Recommendation

Action Required:

  • ✅ The code changes are correct
  • Add CHANGELOG.md entry documenting the GitHub Actions dependency update
  • ⚠️ Consider artifact naming - Verify that these workflows don't run in parallel within the same workflow run, or update artifact names to be platform-specific to avoid v6 naming conflicts

Overall Assessment: Approve with minor documentation update required.

Automated code review analyzing defects and coding standards

@docktermj docktermj self-assigned this Dec 15, 2025
@docktermj docktermj enabled auto-merge (squash) December 15, 2025 14:56
@docktermj docktermj merged commit 1773d45 into main Dec 15, 2025
41 of 44 checks passed
@docktermj docktermj deleted the dependabot/github_actions/actions/upload-artifact-6 branch December 15, 2025 14:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@docktermj docktermj docktermj approved these changes

Assignees

@docktermj docktermj

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@docktermj