Skip to content

chore(deps): update actions/upload-artifact action to v4.6.2 #230

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update actions/upload-artifact action to v4.6.2 #230

wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Nov 2, 2025

This PR contains the following updates:

Package Type Update Change
actions/upload-artifact action patch v4.6.1 -> v4.6.2

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

actions/upload-artifact (actions/upload-artifact)

v4.6.2

Compare Source

What's Changed

  • Update to use artifact 2.3.2 package & prepare for new upload-artifact release by @​salmanmkc in #​685

New Contributors

Full Changelog: actions/upload-artifact@v4...v4.6.2

Configuration

📅 Schedule: Branch creation - "before 2am every weekday" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added bot Automated pull requests or issues dependencies Pull requests that update a dependency file renovate Pull requests from Renovate skip:test:long_running Skip long-running tests (≥5min) labels Nov 2, 2025
@renovate renovate bot force-pushed the renovate/actions-upload-artifact-4.x branch from ee08e4a to 7b03ff1 Compare November 10, 2025 23:50
@github-actions
Copy link
Contributor

github-actions bot commented Nov 10, 2025
edited
Loading

Claude finished @renovate[bot]'s task —— View job

Review: Renovate PR - Update actions/upload-artifact v4.6.1 → v4.6.2

Summary

APPROVED - This is a straightforward dependency update with no breaking changes.

What Changed

This PR updates the actions/upload-artifact GitHub Action from v4.6.1 to v4.6.2 across 7 workflow files:

File Line Old SHA New SHA
_audit.yml 40 4cec3d8 ea165f8
_build-native-only.yml 64 4cec3d8 ea165f8
_package-publish.yml 88, 119 4cec3d8 ea165f8
_scheduled-audit.yml 90 4cec3d8 ea165f8
_scheduled-test-daily.yml 178 4cec3d8 ea165f8
_scheduled-test-hourly.yml 166 4cec3d8 ea165f8
_test.yml 202 4cec3d8 ea165f8

Version Tags:

  • Old: v4.6.1 (SHA: 4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1)
  • New: v4.6.2 (SHA: ea165f8d65b6e75b540449e92b4886f43607fa02)

Release Notes Analysis

From actions/upload-artifact v4.6.2:

Changes:

  • Update to artifact package 2.3.2
  • Patch release focused on internal improvements

Risk Assessment:LOW RISK

  • Patch version bump (semantic versioning)
  • No breaking changes mentioned
  • No API changes to workflow usage
  • Internal package update only

Verification Results

✅ Version Consistency
All 7 files updated to the same version SHA (ea165f8)

✅ No Breaking Changes

  • Action interface unchanged (still uses, with, if parameters)
  • All artifact uploads continue to work identically
  • Retention policies preserved
  • Path patterns unchanged

✅ CI/CD Pipeline Compatibility
All workflows remain functional:

  • Audit artifact uploads (SBOM, licenses, vulnerabilities)
  • Native build artifacts (7z archives)
  • Test result uploads (coverage, JUnit XML)
  • Scheduled job artifacts

✅ Compliance with CLAUDE.md Standards

  • This is a dependency update (no code changes)
  • No test marker requirements (workflow-only change)
  • No coverage impact
  • Conventional commit: ✅ chore(deps): ... (correct type)

Security Considerations

✅ Supply Chain Security

  • Official GitHub Action maintained by actions organization
  • SHA pinning used (not just tag) - best practice ✅
  • Renovate bot performs automated security scanning

✅ Artifact Integrity
No changes to:

  • Upload paths
  • Retention policies (1-30 days depending on workflow)
  • Permissions (attestations, id-token, packages)

Recommendations

1. Merge Strategy
Safe to merge immediately - this is a low-risk patch update

2. Testing

  • ⚠️ Note: Since this PR modifies workflow files, I cannot modify them due to GitHub App permissions
  • The CI pipeline will test artifact uploads automatically
  • If upload failures occur, they will be visible in the CI run

3. Monitoring

  • Watch the first few CI runs after merge to ensure artifact uploads succeed
  • Check artifact retention is working correctly
  • Verify BetterStack heartbeats still function

Final Verdict

✅ APPROVED - Safe to merge

Rationale:

  1. ✅ Patch version update (low risk)
  2. ✅ No breaking changes in release notes
  3. ✅ Consistent version across all files
  4. ✅ SHA pinning maintained (security best practice)
  5. ✅ Conventional commit message
  6. ✅ No code changes (workflow-only)
  7. ✅ Official GitHub Action from trusted source

Action Items:

  • ✅ No changes required
  • ✅ Safe to merge when CI passes
  • ✅ Monitor first post-merge CI run for artifact uploads

Note on Permissions: I cannot modify workflow files in .github/workflows/ due to GitHub App permissions. This is by design for security. Since no changes are needed, this is not a blocker.

@codecov
Copy link

codecov bot commented Nov 11, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

❌ Your project check has failed because the head coverage (62.93%) is below the target coverage (70.00%). You can increase the head coverage or adjust the target coverage.

❗ There is a different number of reports uploaded between BASE (3eddfe4) and HEAD (7b03ff1). Click for more details.

HEAD has 6 uploads less than BASE
Flag BASE (3eddfe4) HEAD (7b03ff1)
7 1

see 22 files with indirect coverage changes

@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 11, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@helmut-hoffer-von-ankershoffen helmut-hoffer-von-ankershoffen Awaiting requested review from helmut-hoffer-von-ankershoffen helmut-hoffer-von-ankershoffen is a code owner

Assignees

No one assigned

Labels

bot Automated pull requests or issues dependencies Pull requests that update a dependency file renovate Pull requests from Renovate skip:test:long_running Skip long-running tests (≥5min)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant