Skip to content

ci: bump upload/download-artifact to Node 24 majors#36088

Open
wezell wants to merge 1 commit into
mainfrom
issue-36087-node24-artifact-actions
Open

ci: bump upload/download-artifact to Node 24 majors#36088
wezell wants to merge 1 commit into
mainfrom
issue-36087-node24-artifact-actions

Conversation

@wezell

@wezell wezell commented Jun 9, 2026

Copy link
Copy Markdown
Member

What

Bump the artifact actions to their first Node-24 majors, repo-wide.

Fixes #36087

Action From To
actions/upload-artifact v4 v6
actions/download-artifact v4 v7

Split out from #36086 because these are multi-major jumps (the artifact actions have breaking-API history), so they got a dedicated review.

Why this is safe (reviewed)

  • Inputs are identical across the bump — confirmed from each action.yml. The pipeline's name, path, pattern, merge-multiple, retention-days, if-no-files-found all still exist and behave the same.
  • download-artifact's only behavioral break (v5) changes output paths for downloads by artifact-ids. Every download-artifact usage in this repo is by name or pattern/merge-multiplenone uses artifact-ids — so the upstream migration guide's "✅ no action needed" applies. Pinned to v7 (not v8, whose "no longer unzips" change would matter).
  • Runner requirement: v6/v7 need Actions Runner ≥ 2.327.1, satisfied by the hosted ubuntu-24.04 runners.
  • The FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 smoke-test already proved the existing v4 artifact actions run on Node 24, so this isn't a cutover risk — it just clears the deprecation warning.

Relationship to #36086

#36086 bumps the clean first-party actions (checkout/setup-node/setup-python/github-script/cache). Together with this PR, all first-party actions are on Node-24 majors. The two PRs touch different @vN lines and can merge in either order.

@wezell @claude
ci: bump upload/download-artifact to Node 24 majors #36087
67e21c5 
Follow-up to #36085. Bumps the artifact actions to their first Node-24
majors:

  actions/upload-artifact    v4 -> v6
  actions/download-artifact  v4 -> v7

Reviewed for breaking changes (this is why they were split out):
- Inputs are identical across the bump (name, path, pattern,
  merge-multiple, retention-days, if-no-files-found, etc.).
- download-artifact v5's only behavioral break affects downloads by
  `artifact-ids`; every usage here is by `name` or `pattern`/`merge-multiple`,
  so the migration guide's "no action needed" applies. Pinned to v7
  (not v8, whose no-unzip change does not apply).
- v6/v7 require Actions Runner >= 2.327.1, satisfied by hosted ubuntu-24.04.

A FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 smoke-test already proved the v4
actions run on Node 24, so this only clears the deprecation warning.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@wezell wezell requested a review from a team as a code owner June 9, 2026 19:32
@github-actions github-actions Bot mentioned this pull request Jun 9, 2026
Open
@github-actions github-actions Bot added the Area : CI/CD PR changes GitHub Actions/workflows label Jun 9, 2026
@claude

claude Bot commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Claude finished @wezell's task in 1m 36s —— View job

PR Review: ci: bump upload/download-artifact to Node 24 majors

  • Gather context and analyze changed files
  • Review changes for correctness and risks

Clean. No issues.

The PR description's safety analysis is accurate and complete. Confirming:

  1. No missed instances — a repo-wide search confirms every upload-artifact@v4 and download-artifact@v4 reference is gone; all 24 call sites are consistently on v6/v7.

  2. Cross-workflow run-id downloads (maven-job/action.yml lines 222–227, 244–249) use name-based lookup, not artifact-ids. The v5 output-path change only affects artifact-ids downloads. These are safe.

  3. v8 skip is correctdownload-artifact@v8 stopped unzipping by default, which would silently break .tar/.zip artifact consumers. Pinning to v7 is the right call.

  4. upload v6 / download v7 asymmetry is intentional and matches GitHub's own release cadence. Not a problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

AI: Safe To Rollback Area : CI/CD PR changes GitHub Actions/workflows

Projects

dotCMS - Product Planning
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CI: bump upload-artifact (v4->v6) and download-artifact (v4->v7) to Node 24

1 participant

@wezell