Upgrade upload/download-artifact in sync across all org #3239
Labels
Comments
mihaimaruseac
added
status:triage
|
Opened slsa-framework/example-package#320 to also make sure the test repo is in the known. |
mihaimaruseac
added a commit
to mihaimaruseac/model-transparency
that referenced
this issue
Feb 6, 2024
In slsa-framework/slsa-github-generator#3239 we have that SLSA actions must match upload-artifact and download-artifact major versions: v3 and v4 are not compatible. To reach that, we spent ~1 week of debugging in SLSA. We're seeing the same here, as we upload with v4 but the SLSA actions are downloading as v3. So we need to downgrade for now. Signed-off-by: Mihai Maruseac <mihai.maruseac@gmail.com>
|
It seems this is also affecting OSS project that have updated the actions (via Dependabot, etc.) so now are using |
|
@mihaimaruseac We discussed this problem a month ago, which is still open: #3068 Indeed many releases have failed after upgrading |
|
Thank you. Closing this in favor of that one. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Because
upload-artifactanddownload-artifactare not compatible across v3-v4 major bump, we need to upgrade them across all repos at the same time, instead of when Renovate opens a PR in one repo.Probably also need to cut new releases for that.
The text was updated successfully, but these errors were encountered: