8000 feat: implement new `artifact-ids` input by GrantBirki · Pull Request #401 · actions/download-artifact · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

feat: implement new artifact-ids input #401

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Apr 22, 2025
Merged

feat: implement new artifact-ids input #401

merged 8 commits into from
Apr 22, 2025

Conversation

GrantBirki
Copy link
Member
@GrantBirki GrantBirki commented Apr 17, 2025
edited
Loading

artifact-ids input

This pull request implements a new artifact-ids input which takes a comma separated list of artifact ids for this Action to download.

Why?

In v4, artifacts are immutable by default and each artifact gets a unique ID when uploaded. When an artifact with the same name is uploaded again (with or without overwrite: true), it gets a new artifact ID.

To take advantage of this immutability for security purposes (to avoid potential TOCTOU issues where an artifact might be replaced between upload and download), the new artifact-ids input allows you to download artifacts by their specific ID rather than by name:

jobs:
  upload:
    runs-on: ubuntu-latest
    steps:
      - name: Create a file
        run: echo "hello world" > my-file.txt
      - name: Upload Artifact
        id: upload
        uses: actions/upload-artifact@v4
        with:
          name: my-artifact
          path: my-file.txt
      # The upload step outputs the artifact ID
      - name: Print Artifact ID
        run: echo "Artifact ID is ${{ steps.upload.outputs.artifact-id }}"
  download:
    needs: upload
    runs-on: ubuntu-latest
    steps:
      - name: Download Artifact by ID
        uses: actions/download-artifact@v4
        with:
          # Use the artifact ID directly, not the name, to ensure you get exactly the artifact you expect
          artifact-ids: ${{ needs.upload.outputs.artifact-id }}

This approach provides stronger guarantees about which artifact version you're downloading compared to using just the artifact name.

Testing

I gave this a go in another project and it works great!

Screenshot 2025-04-16 at 9 58 24 PM

resolves: #349

@GrantBirki GrantBirki added the enhancement New feature or request label Apr 17, 2025
@Copilot Copilot AI review requested due to automatic review settings April 17, 2025 04:48
@GrantBirki GrantBirki requested a review from a team as a code owner April 17, 2025 04:48
Copilot
Copilot AI reviewed Apr 17, 2025
View reviewed changes
Copy link
@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces a new input, artifact-ids, which allows users to download artifacts by their unique IDs rather than by name to leverage artifact immutability for enhanced security.

  • Adds the artifact-ids input and associated validation logic in the download artifact code
  • Updates documentation, tests, and constants to support this new input
  • Modifies error messages and info logs to reflect the mutually exclusive usage of name and artifact-ids

Reviewed Changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
src/download-artifact.ts Added artifact-ids input with validation and branch handling for downloading by IDs
src/constants.ts Updated enumeration to include artifact-ids
docs/MIGRATION.md Documented new immutable artifacts workflow
action.yml Introduced new input definition for artifact-ids
tests/download.test.ts Updated test expectation messages to include artifact-ids
README.md Enhanced documentation with examples for downloading artifacts by ID
Comments suppressed due to low confidence (1)

src/download-artifact.ts:89

  • Ensure dedicated tests are added for the new artifact-ids branch, including scenarios for non-numeric input and cases where provided IDs are missing, to increase test coverage.
else if (isDownloadByIds) {

robherley
robherley reviewed Apr 17, 2025
View reviewed changes
robherley
robherley reviewed Apr 17, 2025
View reviewed changes
@GrantBirki
Copy link
Member Author

I'm not quite sure what the release process looks like for this project so I'll just merge and leave it at that. Thanks! 🙇

@GrantBirki GrantBirki merged commit 8ea3c2c into main Apr 22, 2025
11 checks passed
ramonpetgrave64
ramonpetgrave64 reviewed Apr 22, 2025
View reviewed changes
docs/MIGRATION.md
Comment on lines +220 to +222
upload:
runs-on: ubuntu-latest
steps:
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This example needs a small correction to add an outputs: section.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Fixing in #402

@joshmgross joshmgross mentioned this pull request Apr 23, 2025
Merged
@joshmgross joshmgross deleted the download-by-id branch April 23, 2025 14:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joshmgross joshmgross joshmgross left review comments

@ramonpetgrave64 ramonpetgrave64 ramonpetgrave64 left review comments

Copilot code review Copilot Copilot left review comments

@robherley robherley robherley approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[feat req] download by artifact-id(s)
4 participants
@GrantBirki @joshmgross @robherley @ramonpetgrave64
0