starred/hardening

Fork 0

mirror of https://github.com/konstruktoid/hardening.git synced 2026-04-25 16:55:53 +03:00

[PR #644] [CLOSED] chore(deps): update actions/download-artifact action to v5 - autoclosed #645

New issue

Closed

opened 2026-03-03 14:32:07 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 14:32:07 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/konstruktoid/hardening/pull/644
Author: @renovate[bot]
Created: 8/6/2025
Status: ❌ Closed

Base: master ← Head: renovate/major-github-artifact-actions

📝 Commits (1)

82c775d chore(deps): update actions/download-artifact action to v5

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 .github/workflows/slsa.yml (+1 -1)

📄 Description

This PR contains the following updates:

Package	Type	Update	Change
actions/download-artifact	action	major	`v4.3.0` -> `v5.0.0`

Release Notes

actions/download-artifact (actions/download-artifact)

`v5.0.0`

Compare Source

What's Changed

Update README.md by @nebuk89 in https://github.com/actions/download-artifact/pull/407
BREAKING fix: inconsistent path behavior for single artifact downloads by ID by @GrantBirki in https://github.com/actions/download-artifact/pull/416

v5.0.0

🚨 Breaking Change

This release fixes an inconsistency in path behavior for single artifact downloads by ID. If you're downloading single artifacts by ID, the output path may change.

What Changed

Previously, single artifact downloads behaved differently depending on how you specified the artifact:

By name: name: my-artifact → extracted to path/ (direct)
By ID: artifact-ids: 12345 → extracted to path/my-artifact/ (nested)

Now both methods are consistent:

By name: name: my-artifact → extracted to path/ (unchanged)
By ID: artifact-ids: 12345 → extracted to path/ (fixed - now direct)

Migration Guide

✅ No Action Needed If:

You download artifacts by name
You download multiple artifacts by ID
You already use merge-multiple: true as a workaround

⚠️ Action Required If:

You download single artifacts by ID and your workflows expect the nested directory structure.

Before v5 (nested structure):

- uses: actions/download-artifact@v4
  with:
    artifact-ids: 12345
    path: dist

### Files were in: dist/my-artifact/

Where my-artifact is the name of the artifact you previously uploaded

To maintain old behavior (if needed):

- uses: actions/download-artifact@v5
  with:
    artifact-ids: 12345
    path: dist/my-artifact  # Explicitly specify the nested path

New Contributors

@nebuk89 made their first contribution in https://github.com/actions/download-artifact/pull/407

Full Changelog: https://github.com/actions/download-artifact/compare/v4...v5.0.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/konstruktoid/hardening/pull/644 **Author:** [@renovate[bot]](https://github.com/apps/renovate) **Created:** 8/6/2025 **Status:** ❌ Closed **Base:** `master` ← **Head:** `renovate/major-github-artifact-actions` --- ### 📝 Commits (1) - [`82c775d`](https://github.com/konstruktoid/hardening/commit/82c775d61992d1413662d4d486d6dc5fbff8708f) chore(deps): update actions/download-artifact action to v5 ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/slsa.yml` (+1 -1) </details> ### 📄 Description This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/download-artifact](https://redirect.github.com/actions/download-artifact) | action | major | `v4.3.0` -> `v5.0.0` | --- ### Release Notes <details> <summary>actions/download-artifact (actions/download-artifact)</summary> ### [`v5.0.0`](https://redirect.github.com/actions/download-artifact/releases/tag/v5.0.0) [Compare Source](https://redirect.github.com/actions/download-artifact/compare/v4.3.0...v5.0.0) #### What's Changed - Update README.md by [@nebuk89](https://redirect.github.com/nebuk89) in [https://github.com/actions/download-artifact/pull/407](https://redirect.github.com/actions/download-artifact/pull/407) - BREAKING fix: inconsistent path behavior for single artifact downloads by ID by [@GrantBirki](https://redirect.github.com/GrantBirki) in [https://github.com/actions/download-artifact/pull/416](https://redirect.github.com/actions/download-artifact/pull/416) #### v5.0.0 ##### 🚨 Breaking Change This release fixes an inconsistency in path behavior for single artifact downloads by ID. **If you're downloading single artifacts by ID, the output path may change.** ##### What Changed Previously, **single artifact downloads** behaved differently depending on how you specified the artifact: - **By name**: `name: my-artifact` → extracted to `path/` (direct) - **By ID**: `artifact-ids: 12345` → extracted to `path/my-artifact/` (nested) Now both methods are consistent: - **By name**: `name: my-artifact` → extracted to `path/` (unchanged) - **By ID**: `artifact-ids: 12345` → extracted to `path/` (fixed - now direct) ##### Migration Guide ##### ✅ No Action Needed If: - You download artifacts by **name** - You download **multiple** artifacts by ID - You already use `merge-multiple: true` as a workaround ##### ⚠️ Action Required If: You download **single artifacts by ID** and your workflows expect the nested directory structure. **Before v5 (nested structure):** ```yaml - uses: actions/download-artifact@v4 with: artifact-ids: 12345 path: dist ### Files were in: dist/my-artifact/ ``` > Where `my-artifact` is the name of the artifact you previously uploaded **To maintain old behavior (if needed):** ```yaml - uses: actions/download-artifact@v5 with: artifact-ids: 12345 path: dist/my-artifact # Explicitly specify the nested path ``` #### New Contributors - [@nebuk89](https://redirect.github.com/nebuk89) made their first contribution in [https://github.com/actions/download-artifact/pull/407](https://redirect.github.com/actions/download-artifact/pull/407) **Full Changelog**: https://github.com/actions/download-artifact/compare/v4...v5.0.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/konstruktoid/hardening).  --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>