Skip to content

chore(deps): bump actions/upload-artifact from 3.1.3 to 4.3.1 #3714

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Feb 6, 2024
Merged

chore(deps): bump actions/upload-artifact from 3.1.3 to 4.3.1 #3714

merged 6 commits into from
Feb 6, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 5, 2024

Bumps actions/upload-artifact from 3.1.3 to 4.3.1.

Release notes

Sourced from actions/upload-artifact's releases.

v4.3.1

v4.3.0

What's Changed

Full Changelog: actions/upload-artifact@v4...v4.3.0

v4.2.0

What's Changed

Full Changelog: actions/upload-artifact@v4...v4.2.0

v4.1.0

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v4...v4.1.0

v4.0.0

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads must use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows.

For more information, please see:

  1. The changelog post.
  2. The README.
  3. The migration documentation.
  4. As well as the underlying npm package, @​actions/artifact documentation.

New Contributors

Full Changelog: actions/upload-artifact@v3...v4.0.0

Commits
  • 5d5d22a Merge pull request #515 from actions/eggyhead/update-artifact-v2.1.1
  • f1e993d update artifact license
  • 4881bfd updating dist:
  • a30777e @​eggyhead
  • 3a80482 Merge pull request #511 from actions/robherley/migration-docs-typo
  • 9d63e3f Merge branch 'main' into robherley/migration-docs-typo
  • dfa1ab2 fix typo with v3 artifact downloads in migration guide
  • d00351b Merge pull request #509 from markmssd/patch-1
  • 707f5a7 Update limitation of 10 artifacts upload to 500
  • 26f96df Merge pull request #505 from actions/robherley/merge-artifacts
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump actions/upload-artifact from 3.1.3 to 4.3.1
3b78f89 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.3 to 4.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@a8a3f3a...5d5d22a)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from a team February 5, 2024 22:14
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Feb 5, 2024
@dependabot dependabot bot mentioned this pull request Feb 5, 2024
Closed
@boring-cyborg boring-cyborg bot added the github-actions Pull requests that update Github_actions code label Feb 5, 2024
@pull-request-size pull-request-size bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Feb 5, 2024
@pull-request-size pull-request-size bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Feb 5, 2024
@leandrodamascena
Copy link
Contributor

@heitorlessa or @sthulb, I need your review here, pls!

heitorlessa
heitorlessa reviewed Feb 6, 2024
View reviewed changes
Copy link
Contributor

@heitorlessa heitorlessa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you <3 Waiting for Andrea to confirm whether overwrite was indeed all we needed before we merge.

heitorlessa
heitorlessa previously approved these changes Feb 6, 2024
View reviewed changes
Copy link
Contributor

@heitorlessa heitorlessa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

preemptive approval on Andrea's confirmation

dreamorosi
dreamorosi reviewed Feb 6, 2024
View reviewed changes
Copy link
Contributor

@dreamorosi dreamorosi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall, the fact that v4 of this action considers artifacts immutable means that it'll raise an exception whenever a given workflow tries to mutate (aka overwrite) an artifact with the same key.

If a workflow generates a single artifact or multiple artifacts with unique keys then it'll continue working. In both these cases the overwrite key is not needed and I'd be inclined to use the default behavior (aka treat artifacts as immutable).

It's important to note that an artifact is already considered unique in the context of a workflow run. This means that a workflow A that generates an artifact called foo.zip, when run twice, the two foo.zip are considered unique. This is because they were created in the context of two separate runs.

On the other hand, a workflow B, that has two steps that both write to an artifact called bar.zip, is considered to be mutating the same artifact because it writes twice to the same key within the same run.

With this in mind, I think the only workflow that needs the overwrite: true setting to be enabled is the layers one. The other 3 are only uploading an artifact as a terminal state of a run.

@leandrodamascena
Copy link
Contributor

Thanks for the clear explanation @dreamorosi! I am applying your suggestions.

@pull-request-size pull-request-size bot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Feb 6, 2024
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Feb 6, 2024

Quality Gate Passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@heitorlessa
Copy link
Contributor

great call out on "v4 artifacts are now unique per job run"! Let me know when the changes are in and we can merge @leandrodamascena

dreamorosi
dreamorosi approved these changes Feb 6, 2024
View reviewed changes
Copy link
Contributor

@dreamorosi dreamorosi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for working on this!

heitorlessa
heitorlessa approved these changes Feb 6, 2024
View reviewed changes
Copy link
Contributor

@heitorlessa heitorlessa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you Le for the changes!!

@heitorlessa heitorlessa merged commit b63a69c into develop Feb 6, 2024
@heitorlessa heitorlessa deleted the dependabot/github_actions/actions/upload-artifact-4.3.1 branch February 6, 2024 13:26
heitorlessa added a commit to heitorlessa/aws-lambda-powertools-python that referenced this pull request Feb 7, 2024
@heitorlessa
Merge branch 'develop' into chore/revert-cdk-dep
322ceb1 
* develop: (21 commits)
  chore: cleanup, add test for single and nested
  fix(parameters): make cache aware of single vs multiple calls
  docs: Add nathan hanks post community (aws-powertools#3727)
  chore(deps-dev): bump isort from 5.11.5 to 5.13.2 (aws-powertools#3723)
  chore(deps-dev): bump cfn-lint from 0.83.8 to 0.85.0 (aws-powertools#3724)
  chore(deps): bump actions/download-artifact from 4.1.1 to 4.1.2 (aws-powertools#3725)
  chore(deps-dev): bump types-python-dateutil from 2.8.19.14 to 2.8.19.20240106 (aws-powertools#3720)
  chore(ci): enable Redis e2e tests (aws-powertools#3718)
  chore(deps-dev): bump pytest from 7.4.4 to 8.0.0 (aws-powertools#3711)
  chore(deps): bump actions/upload-artifact from 3.1.3 to 4.3.1 (aws-powertools#3714)
  chore(ci): changelog rebuild (aws-powertools#3715)
  chore(deps-dev): bump mypy from 1.4.1 to 1.8.0 (aws-powertools#3710)
  chore(deps-dev): bump httpx from 0.24.1 to 0.26.0 (aws-powertools#3712)
  chore(deps): bump actions/download-artifact from 3.0.2 to 4.1.1 (aws-powertools#3612)
  chore(deps): bump codecov/codecov-action from 3.1.6 to 4.0.1 (aws-powertools#3700)
  chore(deps-dev): bump coverage from 7.2.7 to 7.4.1 (aws-powertools#3713)
  chore(deps-dev): bump the boto-typing group with 7 updates (aws-powertools#3709)
  chore(deps): bump squidfunk/mkdocs-material from `a4a2029` to `e0d6c67` in /docs (aws-powertools#3708)
  chore(deps): bump release-drafter/release-drafter from 5.25.0 to 6.0.0 (aws-powertools#3699)
  chore(ci): drop support for Python 3.7 (aws-powertools#3638)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@heitorlessa heitorlessa heitorlessa approved these changes

@dreamorosi dreamorosi dreamorosi approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code github-actions Pull requests that update Github_actions code size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@leandrodamascena @heitorlessa @dreamorosi