Bump actions/upload-artifact from 5 to 6

[dependabot]

Bumps actions/upload-artifact from 5 to 6.

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Upload Artifact Node 24 support by @​salmanmkc in actions/upload-artifact#719
• fix: update @​actions/artifact for Node.js 24 punycode deprecation by @​salmanmkc in actions/upload-artifact#744
• prepare release v6.0.0 for Node.js 24 support by @​salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

Commits

• b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
• e516bc8 docs: correct description of Node.js 24 support in README
• ddc45ed docs: update README to correct action name for Node.js 24 support
• 615b319 chore: release v6.0.0 for Node.js 24 support
• 017748b Merge pull request #744 from actions/fix-storage-blob
• 38d4c79 chore: rebuild dist
• 7d27270 chore: add missing license cache files for @​actions/core, @​actions/io, and mi...
• 5f643d3 chore: update license files for @​actions/artifact@​5.0.1 dependencies
• 1df1684 chore: update package-lock.json with @​actions/artifact@​5.0.1
• b5b1a91 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Resolves #745
Resolves #744
Resolves actions/upload-artifact#719
Resolves actions/upload-artifact#744
Resolves actions/upload-artifact#745

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Summary

This PR updates GitHub Actions upload-artifact action from v5 to v6 across three workflow files. This is a straightforward dependency update.

---

Code Quality

✅ Code follows style guide

The changes are to YAML workflow files, which follow standard GitHub Actions syntax. No code style issues identified.

✅ No commented-out code

No commented-out code present in the diff.

✅ Meaningful variable names

N/A - This PR only updates version numbers in workflow files.

✅ DRY principle followed

N/A - The changes are version updates. The three workflow files (darwin, linux, windows) appropriately have separate files for platform-specific testing.

✅ No defects identified

The version bump from v5 to v6 is straightforward. The action usage patterns remain identical:

• .github/workflows/go-test-darwin.yaml:78,84
• .github/workflows/go-test-linux.yaml:76,82
• .github/workflows/go-test-windows.yaml:74,80

Note: Be aware that upload-artifact@v6 introduces breaking changes:

• Artifacts are immutable (cannot upload to same name multiple times)
• The current workflow uses name: "cover-${{ matrix.senzingsdk-version }}.out" which includes the matrix version, so should be unique per run
• Verify that the matrix strategy doesn't create name collisions

✅ Project memory configuration

No .claude/CLAUDE.md file found in the repository, so no project-specific requirements to verify.

---

Testing

⚠️ Unit tests for new functions

N/A - No new functions added. This is an infrastructure update.

⚠️ Integration tests for new endpoints

N/A - No new endpoints added.

⚠️ Edge cases covered

N/A - Version bump only.

⚠️ Test coverage > 80%

N/A - No code changes affecting coverage.

Recommendation: The workflow changes themselves should be tested by verifying the GitHub Actions run successfully after merge.

---

Documentation

✅ Readme updated if needed

No README update needed for a GitHub Actions version bump.

✅ API docs updated

N/A - No API changes.

✅ Inline comments for complex logic

N/A - No complex logic added.

❌ CHANGELOG.md updated

No CHANGELOG.md update detected in the diff. If this project maintains a changelog, this dependency update should be documented.

Files to check:

• ./CHANGELOG.md (if it exists)

✅ Markdown files follow CommonMark

N/A - No markdown files modified.

---

Security

✅ No hardcoded credentials

No credentials present in the changes.

✅ Input validation implemented

N/A - Infrastructure change only.

✅ Proper error handling

The workflows already include if: always() conditions for test log uploads, which is appropriate.

✅ No sensitive data in logs

No sensitive data introduced.

✅ No license files checked in

No .lic files or AQAAAD strings detected in the diff.

---

Overall Assessment

Status: ✅ APPROVED with minor recommendation

This is a clean dependency update with no functional code changes. The PR is safe to merge.

Recommendations:

1. Optional: Update CHANGELOG.md to document the GitHub Actions dependency update
2. Verify after merge: Ensure the GitHub Actions workflows complete successfully with v6, particularly checking that artifact uploads work correctly with the matrix strategy

Files Modified:

• .github/workflows/go-test-darwin.yaml:78,84
• .github/workflows/go-test-linux.yaml:76,82
• .github/workflows/go-test-windows.yaml:74,80

---

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Code Quality

✅ Code follows style guide

The changes are minimal YAML workflow updates that align with GitHub Actions conventions. The modifications maintain consistent formatting and structure.

✅ No commented-out code

No commented-out code present in the diff.

✅ Meaningful variable names

All variable names and action references are clear and descriptive (e.g., upload-artifact, cover-*.out, test-log-*).

✅ DRY principle followed

The changes consistently update the same action version across all three workflow files, maintaining uniformity.

✅ Identify Defects

No bugs, logic errors, or security vulnerabilities identified. The upgrade from actions/upload-artifact@v5 to @v6 is a standard dependency update. All usage patterns remain identical:

• .github/workflows/go-test-darwin.yaml:78, 83
• .github/workflows/go-test-linux.yaml:76, 81
• .github/workflows/go-test-windows.yaml:74, 79

Note: Verify that actions/upload-artifact@v6 is compatible with your GitHub Actions runner versions and that there are no breaking changes in the v6 API compared to v5.

✅ Project memory configuration

No .claude/CLAUDE.md file found in the repository, so this check is not applicable.

Testing

⚠️ Unit tests for new functions

N/A - No new functions added. This is a dependency version bump only.

⚠️ Integration tests for new endpoints

N/A - No new endpoints added.

⚠️ Edge cases covered

N/A - No new logic to test.

⚠️ Test coverage > 80%

N/A - No code changes affecting test coverage. The workflows themselves test the application code.

Documentation

✅ README updated if needed

No README update needed - this is an internal CI/CD dependency update that doesn't affect user-facing functionality.

✅ API docs updated

Not applicable - no API changes.

✅ Inline comments for complex logic

Not applicable - YAML workflow files don't require comments for this simple version bump.

❌ CHANGELOG.md updated

The CHANGELOG.md should be updated to document this infrastructure change. While it's a minor update, it's good practice to track CI/CD dependency updates.

Recommendation: Add an entry like:

## [Unreleased]
### Changed
- Updated GitHub Actions `upload-artifact` from v5 to v6 in all test workflows

✅ Markdown formatting

The changed files are YAML, not Markdown. No markdown formatting issues to address.

Security

✅ No hardcoded credentials

No credentials present in the diff.

✅ Input validation implemented

Not applicable - these are workflow configuration files with no user input processing.

✅ Proper error handling

The workflows maintain the if: always() condition on test log uploads (lines 81 in darwin/linux, 79 in windows), ensuring logs are captured even on failure.

✅ No sensitive data in logs

No sensitive data exposure in the changes.

✅ No license files flagged

No .lic files or AQAAAD strings in the diff.

---

Summary

Overall Assessment: ✅ APPROVED with minor recommendation

This is a clean, straightforward dependency update that upgrades the actions/upload-artifact action from v5 to v6 across three test workflow files. The changes are:

• Consistent across all affected files
• Maintain existing functionality
• Follow GitHub Actions best practices

Action Items:

1. Optional but recommended: Update CHANGELOG.md to document this infrastructure change
2. Verify: Confirm actions/upload-artifact@v6 has no breaking changes affecting your artifact naming or retrieval strategy (the v6 release notably changed artifact isolation between jobs)

Files Modified:

• .github/workflows/go-test-darwin.yaml:78, 83
• .github/workflows/go-test-linux.yaml:76, 81
• .github/workflows/go-test-windows.yaml:74, 79

---

Automated code review analyzing defects and coding standards