starred/act

Fork 0

mirror of https://github.com/nektos/act.git synced 2026-04-26 09:25:54 +03:00

[GH-ISSUE #2351] upload-artifact@v4 uploads corrupted archive #1082

New issue

Closed

opened 2026-03-01 21:48:46 +03:00 by kerem · 4 comments

kerem commented

2026-03-01 21:48:46 +03:00

Owner

Originally created by @higaski on GitHub (Jun 4, 2024).
Original GitHub issue: https://github.com/nektos/act/issues/2351

Bug report info

act version:            0.2.63
GOOS:                   linux
GOARCH:                 amd64
NumCPU:                 16
Docker host:            DOCKER_HOST environment variable is not set
Sockets found:
        /var/run/docker.sock
Config files:           
        /home/vinci/.config/act/actrc:
                -P ubuntu-latest=catthehacker/ubuntu:full-latest
                -P ubuntu-24.04=catthehacker/ubuntu:full-24.04
                -P ubuntu-22.04=catthehacker/ubuntu:full-22.04
                -P ubuntu-20.04=catthehacker/ubuntu:full-20.04
                -P ubuntu-18.04=catthehacker/ubuntu:full-18.04
Build info:
        Go version:            go1.22.3
        Module path:           github.com/nektos/act
        Main version:          (devel)
        Main path:             github.com/nektos/act
        Main checksum:         
        Build settings:
                -buildmode:           pie
                -compiler:            gc
                -trimpath:            true
                DefaultGODEBUG:       httplaxcontentlength=1,httpmuxgo121=1,tls10server=1,tlsrsakex=1,tlsunsafeekm=1
                CGO_ENABLED:          1
                GOARCH:               amd64
                GOOS:                 linux
                GOAMD64:              v1
Docker Engine:
        Engine version:        26.1.3
        Engine runtime:        runc
        Cgroup version:        2
        Cgroup driver:         systemd
        Storage driver:        overlay2
        Registry URI:          https://index.docker.io/v1/
        OS:                    Garuda Linux
        OS type:               linux
        OS version:            
        OS arch:               x86_64
        OS kernel:             6.9.3-zen1-1-zen
        OS CPU:                16
        OS memory:             31240 MB
        Security options:
                name=seccomp,profile=builtin
                name=cgroupns

Command used with act

act -v --artifact-server-path build -j x86_64-linux-gnu-gcc

Describe issue

upload-artifact@v4 does produce corrupted archives in some cases. I have no idea why because the log does not hint any issue at all:

[build/x86_64-linux-gnu-gcc]   💬  ::debug::File:/home/vinci/Develop/VSCode/act_upload_artifact_v4/build.tar was found using the provided searchPath
| With the provided path, there will be 1 file uploaded
[build/x86_64-linux-gnu-gcc]   💬  ::debug::Root artifact directory is /home/vinci/Develop/VSCode/act_upload_artifact_v4
| Artifact name is valid!
| Root directory input is valid!

I've attached the archive produced from act and the original one from GitHub:
corrupted.zip
original.zip

The very same workflow works for me when using the older upload-artifact@v3.

I've also created a small test example where this is easily reproducible.

Link to GitHub repository

https://github.com/higaski/act_upload_artifact_v4

Workflow content

name: build

on:
  workflow_call:

jobs:
  x86_64-linux-gnu-gcc:
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4.1.6
        with:
          fetch-depth: 0
      - run: cmake -Bbuild -DCMAKE_BUILD_TYPE=Release
      - run: cmake --build build --parallel
      - run: tar -cvf build.tar build
      - uses: actions/upload-artifact@v4.3.3
        with:
          name: build.tar
          path: build.tar

Originally created by @higaski on GitHub (Jun 4, 2024). Original GitHub issue: https://github.com/nektos/act/issues/2351 ### Bug report info ```plain text act version: 0.2.63 GOOS: linux GOARCH: amd64 NumCPU: 16 Docker host: DOCKER_HOST environment variable is not set Sockets found: /var/run/docker.sock Config files: /home/vinci/.config/act/actrc: -P ubuntu-latest=catthehacker/ubuntu:full-latest -P ubuntu-24.04=catthehacker/ubuntu:full-24.04 -P ubuntu-22.04=catthehacker/ubuntu:full-22.04 -P ubuntu-20.04=catthehacker/ubuntu:full-20.04 -P ubuntu-18.04=catthehacker/ubuntu:full-18.04 Build info: Go version: go1.22.3 Module path: github.com/nektos/act Main version: (devel) Main path: github.com/nektos/act Main checksum: Build settings: -buildmode: pie -compiler: gc -trimpath: true DefaultGODEBUG: httplaxcontentlength=1,httpmuxgo121=1,tls10server=1,tlsrsakex=1,tlsunsafeekm=1 CGO_ENABLED: 1 GOARCH: amd64 GOOS: linux GOAMD64: v1 Docker Engine: Engine version: 26.1.3 Engine runtime: runc Cgroup version: 2 Cgroup driver: systemd Storage driver: overlay2 Registry URI: https://index.docker.io/v1/ OS: Garuda Linux OS type: linux OS version: OS arch: x86_64 OS kernel: 6.9.3-zen1-1-zen OS CPU: 16 OS memory: 31240 MB Security options: name=seccomp,profile=builtin name=cgroupns ``` ### Command used with act ```sh act -v --artifact-server-path build -j x86_64-linux-gnu-gcc ``` ### Describe issue upload-artifact@v4 does produce corrupted archives in some cases. I have no idea why because the log does not hint any issue at all: ```sh [build/x86_64-linux-gnu-gcc] 💬 ::debug::File:/home/vinci/Develop/VSCode/act_upload_artifact_v4/build.tar was found using the provided searchPath | With the provided path, there will be 1 file uploaded [build/x86_64-linux-gnu-gcc] 💬 ::debug::Root artifact directory is /home/vinci/Develop/VSCode/act_upload_artifact_v4 | Artifact name is valid! | Root directory input is valid! ``` I've attached the archive produced from act and the original one from GitHub: [corrupted.zip](https://github.com/user-attachments/files/15551228/corrupted.zip) [original.zip](https://github.com/user-attachments/files/15551234/original.zip) The very same workflow works for me when using the older upload-artifact@v3. I've also created a small test example where this is easily reproducible. ### Link to GitHub repository https://github.com/higaski/act_upload_artifact_v4 ### Workflow content ```yml name: build on: workflow_call: jobs: x86_64-linux-gnu-gcc: runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4.1.6 with: fetch-depth: 0 - run: cmake -Bbuild -DCMAKE_BUILD_TYPE=Release - run: cmake --build build --parallel - run: tar -cvf build.tar build - uses: actions/upload-artifact@v4.3.3 with: name: build.tar path: build.tar ```

kerem

2026-03-01 21:48:46 +03:00

closed this issue
added the
kind/bug
label

kerem commented

2026-03-01 21:48:47 +03:00

Author

Owner

@tim-janik commented on GitHub (Jun 25, 2024):

I am seeing the same issue, with act version 0.2.63-9-g935e4c3. The asset corruption seems to be size dependent:

Things work fine at 4M:

    - run: dd if=/dev/urandom bs=1024 count=4096 of=urandom4M.bin                                                                                                                                                      
    - uses: actions/upload-artifact@v4
      with: { name: assets, path: 'urandom4M.bin' }

$ unzip /tmp/artifacts/1/assets/assets.zip 
Archive:  /tmp/artifacts/1/assets/assets.zip
  inflating: urandom4M.bin

Things are broken at 8M:

    - run: dd if=/dev/urandom bs=1024 count=8192 of=urandom8M.bin                                                                                                                                                      
    - uses: actions/upload-artifact@v4
      with: { name: assets, path: 'urandom8M.bin' }

$ unzip /tmp/artifacts/1/assets/assets.zip 
Archive:  /tmp/artifacts/1/assets/assets.zip
error [/tmp/artifacts/1/assets/assets.zip]:  missing 8388608 bytes in zipfile
  (attempting to process anyway)
error: invalid zip file with overlapped components (possible zip bomb)
$ ls -al /tmp/artifacts/1/assets/assets.zip
-rw-r--r-- 1 timj timj 2705 Jun 25 18:19 /tmp/artifacts/1/assets/assets.zip

The 8M asset file is obviously too small. Both results are repeatable reliably.

@tim-janik commented on GitHub (Jun 25, 2024): I am seeing the same issue, with `act version 0.2.63-9-g935e4c3`. The asset corruption seems to be size dependent: Things work fine at 4M: ```yml - run: dd if=/dev/urandom bs=1024 count=4096 of=urandom4M.bin - uses: actions/upload-artifact@v4 with: { name: assets, path: 'urandom4M.bin' } ``` ```sh $ unzip /tmp/artifacts/1/assets/assets.zip Archive: /tmp/artifacts/1/assets/assets.zip inflating: urandom4M.bin ``` Things are broken at 8M: ```yml - run: dd if=/dev/urandom bs=1024 count=8192 of=urandom8M.bin - uses: actions/upload-artifact@v4 with: { name: assets, path: 'urandom8M.bin' } ``` ```sh $ unzip /tmp/artifacts/1/assets/assets.zip Archive: /tmp/artifacts/1/assets/assets.zip error [/tmp/artifacts/1/assets/assets.zip]: missing 8388608 bytes in zipfile (attempting to process anyway) error: invalid zip file with overlapped components (possible zip bomb) $ ls -al /tmp/artifacts/1/assets/assets.zip -rw-r--r-- 1 timj timj 2705 Jun 25 18:19 /tmp/artifacts/1/assets/assets.zip ``` The 8M asset file is obviously too small. Both results are repeatable reliably.

kerem commented

2026-03-01 21:48:47 +03:00

Author

Owner

@VAllens commented on GitHub (Aug 9, 2024):

Any progress?

@VAllens commented on GitHub (Aug 9, 2024): Any progress?

kerem commented

2026-03-01 21:48:47 +03:00

Author

Owner

@ChristopherHX commented on GitHub (Aug 9, 2024):

Ahm you post these messages in both gitea and nektos.

So which project are you searching for a solution, without giving feedback what works and what not after the proposed patches.

Any progress?

No, case closed and I have deallocated my resources for this problem.

Yes I have written code to solve this problem, but I left alone and no further review appeared

To clarify I'm using act in github-act-runner, that doesn't make use of artifacts of act. This means low priority for me, but most maintainers are no longer active of today

@ChristopherHX commented on GitHub (Aug 9, 2024): Ahm you post these messages in both gitea and nektos. So which project are you searching for a solution, without giving feedback what works and what not after the proposed patches. > Any progress? No, case closed and I have deallocated my resources for this problem. Yes I have written code to solve this problem, but I left alone and no further review appeared _To clarify I'm using act in github-act-runner, that doesn't make use of artifacts of act. This means low priority for me, but most maintainers are no longer active of today_

kerem commented

2026-03-01 21:48:47 +03:00

Author

Owner

@VAllens commented on GitHub (Aug 12, 2024):

Ahm you post these messages in both gitea and nektos.

So which project are you searching for a solution, without giving feedback what works and what not after the proposed patches.

Any progress?

No, case closed and I have deallocated my resources for this problem.

Yes I have written code to solve this problem, but I left alone and no further review appeared

To clarify I'm using act in github-act-runner, that doesn't make use of artifacts of act. This means low priority for me, but most maintainers are no longer active of today

@ChristopherHX
I'm happy to receive your response.
I don't think I have anything to add.
The problems I'm having have already been stated by the guys.
For example this issue: https://github.com/go-gitea/gitea/issues/31354#issue-2350645196

It must appear when the size of the uploaded artifact exceeds 8MB.
Also, I use it to upload artifacts: https://github.com/ChristopherHX/gitea-upload-artifact

@VAllens commented on GitHub (Aug 12, 2024): > Ahm you post these messages in both gitea and nektos. > > So which project are you searching for a solution, without giving feedback what works and what not after the proposed patches. > > > Any progress? > > No, case closed and I have deallocated my resources for this problem. > > Yes I have written code to solve this problem, but I left alone and no further review appeared > > _To clarify I'm using act in github-act-runner, that doesn't make use of artifacts of act. This means low priority for me, but most maintainers are no longer active of today_ @ChristopherHX I'm happy to receive your response. I don't think I have anything to add. The problems I'm having have already been stated by the guys. For example this issue: https://github.com/go-gitea/gitea/issues/31354#issue-2350645196 It must appear when the size of the uploaded artifact exceeds 8MB. Also, I use it to upload artifacts: https://github.com/ChristopherHX/gitea-upload-artifact

kerem referenced this issue

2026-03-01 21:52:35 +03:00

[PR #1082] [MERGED] build(deps): bump actions/cache from 2 to 3 #1764

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/act#1082

No description provided.

Rows
Columns